1

I have a simple code running good using http (not secure) but then I update it to https a get an error about ssl.SSLCertVerificationError

I'm using a heroku server with a valid ssl of course, python 3.7.3 on a mac, ssl.OPENSSL_VERSION= 1.1.0, certifi=2019.3.9, Flask=1.0.2, Flask-SocketIO=3.3.2

Here is the code:

import socketio

sio = socketio.Client()

@sio.on('connect')
def on_connect():
    print('Connected ...')

@sio.on('message')
def on_message(data):
    print('I received a message!')
    print(data)

if __name__ == '__main__':
    sio.connect('https://heroku.server.url')

And this is what I get using https:

Traceback (most recent call last):
  File "/Users/calavraian/Devel/Projects/FlaskTesting/Client.py", line 21, in <module>
    sio.connect('https://heroku.server.url')
  File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/socketio/client.py", line 208, in connect
    engineio_path=socketio_path)
  File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/engineio/client.py", line 166, in connect
    url, headers, engineio_path)
  File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/engineio/client.py", line 303, in _connect_polling
    if self._connect_websocket(url, headers, engineio_path):
  File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/engineio/client.py", line 341, in _connect_websocket
    cookie=cookies)
  File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/websocket/_core.py", line 514, in create_connection
    websock.connect(url, **options)
  File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/websocket/_core.py", line 223, in connect
    options.pop('socket', None))
  File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/websocket/_http.py", line 126, in connect
    sock = _ssl_socket(sock, options.sslopt, hostname)
  File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/websocket/_http.py", line 260, in _ssl_socket
    sock = _wrap_sni_socket(sock, sslopt, hostname, check_hostname)
  File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/websocket/_http.py", line 239, in _wrap_sni_socket
    server_hostname=hostname,
  File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/ssl.py", line 412, in wrap_socket
    session=session
  File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/ssl.py", line 853, in _create
    self.do_handshake()
  File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/ssl.py", line 1117, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)

Any ideas ?

Calavraian
  • 11
  • 3
  • Can you share the complete stack trace of the error please? – Miguel Grinberg May 03 '19 at 03:00
  • Of Course, I just updated the post with the complete stack trace, thanks! – Calavraian May 03 '19 at 08:02
  • 1. If you think you should not provide the url then delete the tracebar url (it seems you noticed). 2. I just tested your code and it works correctly in Linux with python-socketio-4.0.1 – eyllanesc May 03 '19 at 08:17
  • Thanks for the advice @eyllanesc, The server url is not a problem in this case, because the server is just for testing this, I just updated to ```python-socketio-4.0.1``` but I get the same error an a mac with macOS Mojave (10.14.4) ... I'll try to test on a Linux. On the other hand, I have tried to access the same URL from a terminal (from the same machine) using the command curl and the verification of the ssl certificate works well. – Calavraian May 03 '19 at 17:16
  • I cannot reproduce this problem I can connect to Heroku apps just fine. – Miguel Grinberg May 03 '19 at 23:19

1 Answers1

0

Finally I made it work, I tried the same code on another Mac computer with the same software condition and it works fine, also on a PC with Ubuntu and a Raspberry Pi with Raspbian, everything works fine, so back again on the first Mac with the problem, I started to debug again, reinstalling and updating packages with pip and nothing happened.

Other solution that I have tried was to reinstall the certifi package with pip but nothing was fixed.

At the end, what solved the problem was running the script that comes with Python and is located in /Applications/Python 3.X/Install Certificates.command, you can run it directly from Finder with double clic on it or on a terminal go to the folder and execute it.

After doing this I tested python-socketio 3.1.2 and python-socketio 4.0.1 and everything works fine.

A final recommendation, in case that you are still getting the same error after try running the script, you can try an alternative to python-socketio, in the process to figure it out I have tried socketIO-client-2 when I was getting the error and this library worked good on the initial conditions (before running the script). After running the script above both are running perfect now.

Calavraian
  • 11
  • 3