Opened 7 weeks ago
Closed 7 weeks ago
#70915 closed defect (worksforme)
Python 3.12 could not verify certificate from https://storage.googleapis.com
| Reported by: | cavoirom (Cavoi Rom) | Owned by: | |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | ports | Version: | 2.10.1 |
| Keywords: | Cc: | ||
| Port: | python312 |
Description
I'm facing issue when running Python script that connect to https://storage.googleapis.com. It seems Python could not verify the certificate.
This issue is only happen when I use macports on an alternative prefix, the default macports installation is running fine.
System Information
- macOS 15.0.
- Architecture: amd64.
- macports 2.10.1.
- Macports prefix:
/Users/<redacted>/workspace/macports/prefix/
Command to reproduce:
python3.12 -c 'import urllib.request; urllib.request.urlopen("https://storage.googleapis.com/kubernetes-release/release/stable.txt")
Error:
python3.12 -c 'import urllib.request; urllib.request.urlopen("https://storage.googleapis.com/kubernetes-release/release/stable.txt")' | pbcopy
Traceback (most recent call last):
File "/Users/<redacted>/workspace/macports/prefix/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/urllib/request.py", line 1344, in do_open
h.request(req.get_method(), req.selector, req.data, headers,
File "/Users/<redacted>/workspace/macports/prefix/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/http/client.py", line 1336, in request
self._send_request(method, url, body, headers, encode_chunked)
File "/Users/<redacted>/workspace/macports/prefix/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/http/client.py", line 1382, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File "/Users/<redacted>/workspace/macports/prefix/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/http/client.py", line 1331, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "/Users/<redacted>/workspace/macports/prefix/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/http/client.py", line 1091, in _send_output
self.send(msg)
File "/Users/<redacted>/workspace/macports/prefix/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/http/client.py", line 1035, in send
self.connect()
File "/Users/<redacted>/workspace/macports/prefix/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/http/client.py", line 1477, in connect
self.sock = self._context.wrap_socket(self.sock,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/Users/<redacted>/workspace/macports/prefix/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/ssl.py", line 455, in wrap_socket
return self.sslsocket_class._create(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/Users/<redacted>/workspace/macports/prefix/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/ssl.py", line 1041, in _create
self.do_handshake()
File "/Users/<redacted>/workspace/macports/prefix/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/ssl.py", line 1319, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/Users/<redacted>/workspace/macports/prefix/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/urllib/request.py", line 215, in urlopen
return opener.open(url, data, timeout)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/Users/<redacted>/workspace/macports/prefix/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/urllib/request.py", line 515, in open
response = self._open(req, data)
^^^^^^^^^^^^^^^^^^^^^
File "/Users/<redacted>/workspace/macports/prefix/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/urllib/request.py", line 532, in _open
result = self._call_chain(self.handle_open, protocol, protocol +
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/Users/<redacted>/workspace/macports/prefix/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/urllib/request.py", line 492, in _call_chain
result = func(*args)
^^^^^^^^^^^
File "/Users/<redacted>/workspace/macports/prefix/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/urllib/request.py", line 1392, in https_open
return self.do_open(http.client.HTTPSConnection, req,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/Users/<redacted>/workspace/macports/prefix/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/urllib/request.py", line 1347, in do_open
raise URLError(err)
urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)>
Change History (3)
comment:1 Changed 7 weeks ago by jmroot (Joshua Root)
comment:2 Changed 7 weeks ago by cavoirom (Cavoi Rom)
I'm using venv for installing Python modules, I can confirm the certifi is installed on the working venv. The curl-ca-bundle is not installed on the problematic prefix.
Attempt to install curl-ca-bundle on the prefix resolved the problem.
comment:3 Changed 7 weeks ago by jmroot (Joshua Root)
| Resolution: | → worksforme |
|---|---|
| Status: | new → closed |
Note: See
TracTickets for help on using
tickets.
Python itself doesn't come with a certificate bundle. Normally you would use something like certifi or curl-ca-bundle; is one of those installed in one prefix but not the other?