#715 closed defect (fixed)
ssl.SSLError: A failure in the SSL library occurred (_ssl.c:1129)
Reported by: | andreaerdna | Owned by: | |
---|---|---|---|
Priority: | major | Component: | Package |
Version: | Keywords: | ||
Cc: |
Description
The following error occurs trying to open an ssl connection with certain servers using QGIS 3.22.2 or QGIS 3.16.15 from OSGeo4W v2:
Traceback (most recent call last): File "C:\OSGEO4~4\apps\Python39\lib\code.py", line 90, in runcode exec(code, self.locals) File "<input>", line 1, in <module> File "C:\OSGEO4~4\apps\Python39\lib\ssl.py", line 1342, in connect self._real_connect(addr, False) File "C:\OSGEO4~4\apps\Python39\lib\ssl.py", line 1333, in _real_connect self.do_handshake() File "C:\OSGEO4~4\apps\Python39\lib\ssl.py", line 1309, in do_handshake self._sslobj.do_handshake() ssl.SSLError: A failure in the SSL library occurred (_ssl.c:1129)
The issue doesn't occur using QGIS 3.16.15 from OSGeo4W v1.
To reproduce the issue:
import ssl import socket socketHandler = socket.socket(socket.AF_INET, socket.SOCK_STREAM) socketWraped = ssl.create_default_context().wrap_socket(socketHandler, server_hostname='prgcloud.com') socketWraped.connect(('prgcloud.com', 443))
The issue brokes the functionality of some plugins in QGIS from OSGeo4W v2: for example, qgis-cloud-plugin https://github.com/qgiscloud/qgis-cloud-plugin/issues/54 or impact-qgis-plugin https://github.com/anyways-open/impact-qgis-plugin/issues/18
Side notes:
the openssl package version installed in OSGeo4W v2 is openssl-1.1.1l-2, while
ssl.OPENSSL_VERSION
returns OpenSSL 1.1.1h 22 Sep 2020
;
the openssl package version installed in OSGeo4W v2 is openssl-1.1.1d-2 and
ssl.OPENSSL_VERSION
returns OpenSSL 1.1.1d 10 Sep 2019
.
Change History (19)
comment:1 by , 3 years ago
comment:2 by , 3 years ago
I found out that copying libcrypto-1_1.dll and libssl-1_1.dll from a "normal" pyton3.9.5 install works. They have the same date (03.05.2021) than the other files in the QGIS-Python "DLLs" dir while the originals differ (also in size):
03.05.2021 18:36 3.406.016 libcrypto-1_1.dll 21.10.2021 18:35 3.439.104 libcrypto-1_1.dll.org 03.05.2021 18:36 690.368 libssl-1_1.dll 21.10.2021 18:35 687.616 libssl-1_1.dll.org
Running my code from the former comment in the QGIS-console, that works without this modification, so I think my IDE has a different path order or something like that (?)
comment:3 by , 3 years ago
I don't know if the two issue are related.
I've tested your code
import urllib.request response = urllib.request.urlopen('https://www.python.org/') html = response.read()
in QGIS 3.22.6 and QGIS 3.24.2 (Windows 10 64 bit - OSGeo4W) python console and I don't see any error message.
In my OSGeo4W\bin folder there are:
21/10/2021 18:35 3.439.104 libcrypto-1_1-x64.dll 21/10/2021 18:35 687.616 libssl-1_1-x64.dll
and in OSGeo4W\apps\Python39\DLLs folder there are:
21/10/2021 18:35 3.439.104 libcrypto-1_1.dll 21/10/2021 18:35 687.616 libssl-1_1.dll
comment:4 by , 3 years ago
follow-up: 7 comment:5 by , 3 years ago
Grmpf, tried the patch without success. prgcloud.com
still fails. On a closer look this is (meanwhile?) because its certificate is for www.prgcloud.com
. www.prgcloud.com
and www.python.org
work fine.
import ssl import socket import urllib.request for i in ['prgcloud.com', 'www.prgcloud.com', 'www.python.org']: try: socketHandler = socket.socket(socket.AF_INET, socket.SOCK_STREAM) socketWrapped = ssl.create_default_context().wrap_socket(socketHandler, server_hostname=i) socketWrapped.connect((i, 443)) print(f"ssl {i}: OK") except Exception as e: print(f"ssl {i}: FAIL {e}") try: response = urllib.request.urlopen(f'https://{i}/') html = response.read() print(f"urllib {i}: OK") except Exception as e: print(f"urllib {i}: FAIL {e}")
results in:
C:\OSGeo4W>python3 test.py ssl prgcloud.com: FAIL A failure in the SSL library occurred (_ssl.c:1129) urllib prgcloud.com: FAIL <urlopen error A failure in the SSL library occurred (_ssl.c:1129)> ssl www.prgcloud.com: OK urllib www.prgcloud.com: OK ssl www.python.org: OK urllib www.python.org: OK
Guess the fix for #696 cured this too.
comment:6 by , 3 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
follow-ups: 8 10 comment:7 by , 3 years ago
Replying to jef:
Grmpf, tried the patch without success.
prgcloud.com
still fails. On a closer look this is (meanwhile?) because its certificate is forwww.prgcloud.com
.www.prgcloud.com
andwww.python.org
work fine.
Guess the fix for #696 cured this too.
I cannot confirm the fixing of this bug.
With both the OSGeo4W v2 shell and the Python console of QGIS 3.22.6 and 3.24.2, the test.py Python scripts returns:
C:\OSGeo4W_V2>python3 test.py ssl prgcloud.com: FAIL A failure in the SSL library occurred (_ssl.c:1129) urllib prgcloud.com: FAIL <urlopen error A failure in the SSL library occurred (_ssl.c:1129)> ssl www.prgcloud.com: FAIL A failure in the SSL library occurred (_ssl.c:1129) urllib www.prgcloud.com: FAIL <urlopen error A failure in the SSL library occurred (_ssl.c:1129)> ssl www.python.org: OK urllib www.python.org: OK
With the Python console of QGIS 3.22.6 and 3.24.2, the following script:
import ssl import socket socketHandler = socket.socket(socket.AF_INET, socket.SOCK_STREAM) socketWraped = ssl.create_default_context().wrap_socket(socketHandler, server_hostname='www.prgcloud.com') socketWraped.connect(('www.prgcloud.com', 443))
returns:
Traceback (most recent call last): File "C:\OSC726~1\apps\Python39\lib\code.py", line 90, in runcode exec(code, self.locals) File "<input>", line 1, in <module> File "C:\OSC726~1\apps\Python39\lib\ssl.py", line 1342, in connect self._real_connect(addr, False) File "C:\OSC726~1\apps\Python39\lib\ssl.py", line 1333, in _real_connect self.do_handshake() File "C:\OSC726~1\apps\Python39\lib\ssl.py", line 1309, in do_handshake self._sslobj.do_handshake() ssl.SSLError: A failure in the SSL library occurred (_ssl.c:1129)
With the OSGeo4W v1 shell and the Python console of QGIS 3.16.16 (OSGeo4W v1), the test.py Python script returns:
C:\Program Files\QGIS 3.16.16v1>python3 test.py ssl prgcloud.com: FAIL [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch, certificate is not valid for 'prgcloud.com'. (_ssl.c:1045) urllib prgcloud.com: FAIL <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch, certificate is not valid for 'prgcloud.com'. (_ssl.c:1045)> ssl www.prgcloud.com: OK urllib www.prgcloud.com: OK ssl www.python.org: OK urllib www.python.org: OK
With the Python console of QGIS 3.16.16 (OSGeo4W v1), the following script:
import ssl import socket socketHandler = socket.socket(socket.AF_INET, socket.SOCK_STREAM) socketWraped = ssl.create_default_context().wrap_socket(socketHandler, server_hostname='www.prgcloud.com') socketWraped.connect(('www.prgcloud.com', 443))
returns no error.
follow-up: 9 comment:8 by , 3 years ago
Replying to andreaerdna:
Replying to jef:
Grmpf, tried the patch without success.
prgcloud.com
still fails. On a closer look this is (meanwhile?) because its certificate is forwww.prgcloud.com
.www.prgcloud.com
andwww.python.org
work fine.Guess the fix for #696 cured this too.
I cannot confirm the fixing of this bug.
same here.
adding some OSGeo related URLs to the list
for i in ['prgcloud.com', 'www.prgcloud.com', 'www.python.org', 'grass.osgeo.org', 'www.osgeo.org']:
results in OSGeo4W Version 2:
run o-help for a list of available commands C:\OSGeo4W>cd D:\wd\testmypa C:\OSGeo4W>d: D:\wd\testmypa>python --version Python 3.9.5 D:\wd\testmypa>python test.py ssl prgcloud.com: FAIL A failure in the SSL library occurred (_ssl.c:1129) urllib prgcloud.com: FAIL <urlopen error A failure in the SSL library occurred (_ssl.c:1129)> ssl www.prgcloud.com: FAIL A failure in the SSL library occurred (_ssl.c:1129) urllib www.prgcloud.com: FAIL <urlopen error A failure in the SSL library occurred (_ssl.c:1129)> ssl www.python.org: OK urllib www.python.org: OK ssl grass.osgeo.org: FAIL A failure in the SSL library occurred (_ssl.c:1129) urllib grass.osgeo.org: FAIL <urlopen error A failure in the SSL library occurred (_ssl.c:1129)> ssl www.osgeo.org: FAIL A failure in the SSL library occurred (_ssl.c:1129) urllib www.osgeo.org: FAIL <urlopen error A failure in the SSL library occurred (_ssl.c:1129)>
comment:9 by , 3 years ago
Replying to hellik:
Replying to andreaerdna:
Replying to jef:
Grmpf, tried the patch without success.
prgcloud.com
still fails. On a closer look this is (meanwhile?) because its certificate is forwww.prgcloud.com
.www.prgcloud.com
andwww.python.org
work fine.Guess the fix for #696 cured this too.
I cannot confirm the fixing of this bug.
same here.
adding some OSGeo related URLs to the list
for i in ['prgcloud.com', 'www.prgcloud.com', 'www.python.org', 'grass.osgeo.org', 'www.osgeo.org']:results in OSGeo4W Version 2:
now tested in OSGeo4W Version 1:
run o-help for a list of available commands C:\>cd D:\wd\testmypa C:\>d: D:\wd\testmypa>py3_env.bat D:\wd\testmypa>SET PYTHONHOME=C:\OSGEO4~1\apps\Python37 D:\wd\testmypa>SET PYTHONPATH=C:\OSGEO4~1\apps\Python37;C:\OSGEO4~1\apps\Python37\Scripts D:\wd\testmypa>PATH C:\OSGEO4~1\apps\Python37;C:\OSGEO4~1\apps\Python37\Scripts;{app};C:\OSGEO4~1\apps\Python27\Scripts;C:\OSGEO4~1\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBem;C:\OSGEO4~1\apps\msys\bin;C:\Program Files\R\R-4.0.3\bin\x64 D:\wd\testmypa>python --version Python 3.7.0 D:\wd\testmypa>python test.py ssl prgcloud.com: FAIL [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch, certificate is not valid for 'prgcloud.com'. (_ssl.c:1045) urllib prgcloud.com: FAIL <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch, certificate is not valid for 'prgcloud.com'. (_ssl.c:1045)> ssl www.prgcloud.com: OK urllib www.prgcloud.com: OK ssl www.python.org: OK urllib www.python.org: OK ssl grass.osgeo.org: OK urllib grass.osgeo.org: OK ssl www.osgeo.org: OK urllib www.osgeo.org: OK D:\wd\testmypa>
comment:10 by , 3 years ago
Replying to andreaerdna:
Replying to jef:
Grmpf, tried the patch without success.
prgcloud.com
still fails. On a closer look this is (meanwhile?) because its certificate is forwww.prgcloud.com
.www.prgcloud.com
andwww.python.org
work fine.Guess the fix for #696 cured this too.
I cannot confirm the fixing of this bug. [...] With the Python console of QGIS 3.22.6 and 3.24.2, the following script:
import ssl import socket socketHandler = socket.socket(socket.AF_INET, socket.SOCK_STREAM) socketWraped = ssl.create_default_context().wrap_socket(socketHandler, server_hostname='www.prgcloud.com') socketWraped.connect(('www.prgcloud.com', 443))returns:
Traceback (most recent call last): File "C:\OSC726~1\apps\Python39\lib\code.py", line 90, in runcode exec(code, self.locals) File "<input>", line 1, in <module> File "C:\OSC726~1\apps\Python39\lib\ssl.py", line 1342, in connect self._real_connect(addr, False) File "C:\OSC726~1\apps\Python39\lib\ssl.py", line 1333, in _real_connect self.do_handshake() File "C:\OSC726~1\apps\Python39\lib\ssl.py", line 1309, in do_handshake self._sslobj.do_handshake() ssl.SSLError: A failure in the SSL library occurred (_ssl.c:1129)
changing www.prgcloud.com to www.osgeo.org
in OSGeo4W Ver1
D:\wd\testmypa>python test2.py D:\wd\testmypa>
and in OSGeo4W Ver2
run o-help for a list of available commands C:\OSGeo4W>cd D:\wd\testmypa C:\OSGeo4W>d: D:\wd\testmypa>python test2.py Traceback (most recent call last): File "D:\wd\testmypa\test2.py", line 5, in <module> socketWraped.connect(('www.osgeo.org', 443)) File "C:\OSGeo4W\apps\Python39\lib\ssl.py", line 1342, in connect self._real_connect(addr, False) File "C:\OSGeo4W\apps\Python39\lib\ssl.py", line 1333, in _real_connect self.do_handshake() File "C:\OSGeo4W\apps\Python39\lib\ssl.py", line 1309, in do_handshake self._sslobj.do_handshake() ssl.SSLError: A failure in the SSL library occurred (_ssl.c:1129)
follow-up: 12 comment:11 by , 3 years ago
related issue for winGRASS https://github.com/OSGeo/grass/issues/2150
it seems not all Windows 10 versions flying around the world seem to be affected.
comment:12 by , 3 years ago
Replying to hellik:
related issue for winGRASS https://github.com/OSGeo/grass/issues/2150
it seems not all Windows 10 versions flying around the world seem to be affected.
seems not to be fixed for all windows 10 flavours
follow-up: 14 comment:13 by , 3 years ago
qgis*.vars
doesn't include SSL_CERT_FILE
, hence it's not included in the .env
and in turn not set, when you start the .exe
directly (eg. by using the shortcut). In the shell and QGIS from qgis*.bat
it should work.
follow-up: 15 comment:14 by , 3 years ago
Replying to jef:
QGIS from
qgis*.bat
it should work.
started here qgis.bat
in OSGeo4W Ver 2:
# Python Console # Use iface to access QGIS API interface or type help(iface) for more info # Security warning: typing commands from an untrusted source can harm your computer exec(Path('C:/Users/hkmyr/AppData/Local/Temp/tmpxzb_61_i.py').read_text()) ssl prgcloud.com: FAIL A failure in the SSL library occurred (_ssl.c:1129) urllib prgcloud.com: FAIL <urlopen error A failure in the SSL library occurred (_ssl.c:1129)> ssl www.prgcloud.com: FAIL A failure in the SSL library occurred (_ssl.c:1129) urllib www.prgcloud.com: FAIL <urlopen error A failure in the SSL library occurred (_ssl.c:1129)> ssl www.python.org: OK urllib www.python.org: OK ssl grass.osgeo.org: FAIL A failure in the SSL library occurred (_ssl.c:1129) urllib grass.osgeo.org: FAIL <urlopen error A failure in the SSL library occurred (_ssl.c:1129)> ssl www.osgeo.org: FAIL A failure in the SSL library occurred (_ssl.c:1129) urllib www.osgeo.org: FAIL <urlopen error A failure in the SSL library occurred (_ssl.c:1129)>
still a failure.
system info
QGIS version 3.24.2-Tisler QGIS code revision 13c1a028 Compiled against Qt 5.15.2 Running against Qt 5.15.3 Python version 3.9.5 Compiled against GDAL/OGR 3.4.2 Running against GDAL/OGR 3.4.3 PROJ version 9.0.0 EPSG Registry database version v10.054 (2022-02-13) GEOS version 3.10.2-CAPI-1.16.0 SQLite version 3.38.1 PDAL version 2.3.0 PostgreSQL client version unknown SpatiaLite version 5.0.1 QWT version 6.1.3 QScintilla2 version 2.11.5 OS version Windows 10 Version 2009 Active Python plugins kmltools 3.1.10 latlontools 3.5.3 LocatePoints 0.3.4 MultiDistanceBuffer 3.2.4 openlayers_plugin 2.0.0 OSMDownloader 1.0.3 qgisgbifapi 0.3.2 QuickOSM 1.16.0 quick_map_services 0.19.11.1 scriptrunner3 3.0.5 SentinelHub 2.0.0 vrtbuilderplugin 0.9.20210222T174536.master db_manager 0.1.20 grassprovider 2.12.99 MetaSearch 0.3.6 processing 2.12.99 sagaprovider 2.12.99
follow-up: 16 comment:15 by , 3 years ago
Replying to hellik:
Replying to jef:
QGIS from
qgis*.bat
it should work.started here
qgis.bat
in OSGeo4W Ver 2:# Python Console # Use iface to access QGIS API interface or type help(iface) for more info # Security warning: typing commands from an untrusted source can harm your computer exec(Path('C:/Users/hkmyr/AppData/Local/Temp/tmpxzb_61_i.py').read_text()) ssl prgcloud.com: FAIL A failure in the SSL library occurred (_ssl.c:1129) urllib prgcloud.com: FAIL <urlopen error A failure in the SSL library occurred (_ssl.c:1129)> ssl www.prgcloud.com: FAIL A failure in the SSL library occurred (_ssl.c:1129) urllib www.prgcloud.com: FAIL <urlopen error A failure in the SSL library occurred (_ssl.c:1129)> ssl www.python.org: OK urllib www.python.org: OK ssl grass.osgeo.org: FAIL A failure in the SSL library occurred (_ssl.c:1129) urllib grass.osgeo.org: FAIL <urlopen error A failure in the SSL library occurred (_ssl.c:1129)> ssl www.osgeo.org: FAIL A failure in the SSL library occurred (_ssl.c:1129) urllib www.osgeo.org: FAIL <urlopen error A failure in the SSL library occurred (_ssl.c:1129)>still a failure.
system info
QGIS version 3.24.2-Tisler QGIS code revision 13c1a028 Compiled against Qt 5.15.2 Running against Qt 5.15.3 Python version 3.9.5 Compiled against GDAL/OGR 3.4.2 Running against GDAL/OGR 3.4.3 PROJ version 9.0.0 EPSG Registry database version v10.054 (2022-02-13) GEOS version 3.10.2-CAPI-1.16.0 SQLite version 3.38.1 PDAL version 2.3.0 PostgreSQL client version unknown SpatiaLite version 5.0.1 QWT version 6.1.3 QScintilla2 version 2.11.5 OS version Windows 10 Version 2009 Active Python plugins kmltools 3.1.10 latlontools 3.5.3 LocatePoints 0.3.4 MultiDistanceBuffer 3.2.4 openlayers_plugin 2.0.0 OSMDownloader 1.0.3 qgisgbifapi 0.3.2 QuickOSM 1.16.0 quick_map_services 0.19.11.1 scriptrunner3 3.0.5 SentinelHub 2.0.0 vrtbuilderplugin 0.9.20210222T174536.master db_manager 0.1.20 grassprovider 2.12.99 MetaSearch 0.3.6 processing 2.12.99 sagaprovider 2.12.99
looking at https://trac.osgeo.org/osgeo4w/ticket/696#comment:2
import os os.getenv("SSL_CERT_FILE") os.getenv("SSL_CERT_DIR") cert_filet = os.getenv("SSL_CERT_FILE") cert_dirt = os.getenv("SSL_CERT_DIR") print(cert_filet) print(cert_dirt)
results in
# Python Console # Use iface to access QGIS API interface or type help(iface) for more info # Security warning: typing commands from an untrusted source can harm your computer exec(Path('C:/Users/hkmyr/AppData/Local/Temp/tmpkhsda6a5.py').read_text()) C:\OSGeo4W\bin\curl-ca-bundle.crt C:\OSGeo4W\apps\openssl\certs
comment:16 by , 3 years ago
Replying to hellik:
looking at https://trac.osgeo.org/osgeo4w/ticket/696#comment:2
import os os.getenv("SSL_CERT_FILE") os.getenv("SSL_CERT_DIR") cert_filet = os.getenv("SSL_CERT_FILE") cert_dirt = os.getenv("SSL_CERT_DIR") print(cert_filet) print(cert_dirt)results in
# Python Console # Use iface to access QGIS API interface or type help(iface) for more info # Security warning: typing commands from an untrusted source can harm your computer exec(Path('C:/Users/hkmyr/AppData/Local/Temp/tmpkhsda6a5.py').read_text()) C:\OSGeo4W\bin\curl-ca-bundle.crt C:\OSGeo4W\apps\openssl\certs
C:\OSGeo4W\bin\curl-ca-bundle.crt is there
C:\OSGeo4W\apps\openssl\certs is an empty folder here
comment:17 by , 3 years ago
Odd:
import os import ssl import socket import urllib.request print(f"SSL_CERT_FILE:{os.getenv('SSL_CERT_FILE')}") for i in ['www.osgeo.org', 'www.python.org']: try: socketHandler = socket.socket(socket.AF_INET, socket.SOCK_STREAM) socketWrapped = ssl.create_default_context().wrap_socket(socketHandler, server_hostname=i) socketWrapped.connect((i, 443)) print(f"ssl {i}: OK") except Exception as e: print(f"ssl {i}: FAIL {e}") try: response = urllib.request.urlopen(f'https://{i}/') html = response.read() print(f"urllib {i}: OK") except Exception as e: print(f"urllib {i}: FAIL {e}")
python console, 3.24.2, Windows Sandbox (Windows 10 Version 2004), shortcut:
SSL_CERT_FILE:None ssl www.osgeo.org: OK urllib www.osgeo.org: OK ssl www.python.org: FAIL A failure in the SSL library occurred (_ssl.c:1129) urllib www.python.org: FAIL <urlopen error A failure in the SSL library occurred (_ssl.c:1129)>
python console, 3.24.2, Windows Sandbox (Windows 10 Version 2004), qgis.bat:
SSL_CERT_FILE:C:\OSGeo4W\bin\curl-ca-bundle.crt ssl www.osgeo.org: OK urllib www.osgeo.org: OK ssl www.python.org: OK urllib www.python.org: OK
python console, 3.24.2, Windows 10 Version 2009, qgis.bat:
SSL_CERT_FILE:D:\TEMP\OSC26D~1\bin\curl-ca-bundle.crt ssl www.osgeo.org: OK urllib www.osgeo.org: OK ssl www.python.org: OK urllib www.python.org: OK
python console, 3.24.2, Windows 10 Version 2009, shortcut:
SSL_CERT_FILE:None ssl www.osgeo.org: OK urllib www.osgeo.org: OK ssl www.python.org: OK urllib www.python.org: OK
comment:19 by , 3 years ago
The OS version of my system is reported in QGIS About window as "Windows 10 Version 1903".
The latest script executed in the Python console of QGIS 3.24.2 or 3.22.6 launched from the shortcut (.exe) returns:
SSL_CERT_FILE:None ssl www.osgeo.org: FAIL A failure in the SSL library occurred (_ssl.c:1129) urllib www.osgeo.org: FAIL <urlopen error A failure in the SSL library occurred (_ssl.c:1129)> ssl www.python.org: OK urllib www.python.org: OK
The same script executed in the Python console of QGIS 3.24.2 or 3.22.6 launched from the .bat batch files, or in the OSGeo4W (v2) Shell, returns:
SSL_CERT_FILE:C:\OSC726~1\bin\curl-ca-bundle.crt ssl www.osgeo.org: FAIL A failure in the SSL library occurred (_ssl.c:1129) urllib www.osgeo.org: FAIL <urlopen error A failure in the SSL library occurred (_ssl.c:1129)> ssl www.python.org: OK urllib www.python.org: OK
Don't know if this is the same problem, but I'm trying to read https with urllib.request and get an error:
My code looks like this: