Tag Archives: ssl

Solution to [SSL: certificate_verify_failed] when you get downloads video

[SSL: certificate_verify_failed] problem when downloading video using you get and ffmpeg

Since the you get -- debug debugging shows that it is a certificate verification problem, the part ignoring SSL certificate verification is added to the code and implemented in pycharm (non command line)
Modify url = 'website', output_Dir = R 'save path'

import ssl
from you_get import common

# Ignore certificate validation issues
ssl._create_default_https_context = ssl._create_unverified_context

# Call any_download_playlist in you_get.common to download a collection

# Call any_download in you_get.common for single set download

So far, the video has been downloaded successfully

[PHP]stream_socket_client(): Failed to enable crypto

Problem recurrence:

function getCertInfo($domain)
    $context = stream_context_create([
        'ssl' => [
            'capture_peer_cert'       => true,
            'capture_peer_cert_chain' => true,

    $client = stream_socket_client("ssl://{$domain}:443", $errorCode, $errorMessage, 30, STREAM_CLIENT_CONNECT, $context);
    if ($client === false) {
        var_dump("!!!open {$domain} socket connection fail. {$errorMessage}($errorCode) !!!";
        return false;

    $params = stream_context_get_params($client);
    if (empty($params['options']['ssl']['peer_certificate'])) {
        var_dump("!!!{$domain} stream_context_get_params options ssl peer_certificate is empty!!!");
        return false;

    return openssl_x509_parse($params['options']['ssl']['peer_certificate']);

Solution: $context add verify_ Peer configuration

$context = stream_context_create([
    'ssl' => [
        'capture_peer_cert'       => true,
        'capture_peer_cert_chain' => true,
        'verify_peer'             => false,

[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed [Solved]

1. Problem phenomenon

Error reported by Ubuntu machine or docker container

Traceback (most recent call last):
  File "main.py", line 200, in <module>
  File "attribute_extract/extract_attribute.py", line 37, in __init__
  File "attribute_extract/models.py", line 25, in __init__
  File "torchvision/models/resnet.py", line 199, in resnet50
  File "torch/hub.py", line 433, in load_state_dict_from_url
  File "torch/hub.py", line 349, in _download_url_to_file
  File "urllib/request.py", line 162, in urlopen
  File "urllib/request.py", line 465, in open
  File "urllib/request.py", line 483, in _open
  File "urllib/request.py", line 443, in _call_chain
  File "urllib/request.py", line 1286, in https_open
  File "urllib/request.py", line 1245, in do_open
urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)>

2. Solutions

sudo apt-get update 
sudo apt-get install ca-certificates
sudo update-ca-certificates --fresh
export SSL_CERT_DIR=/etc/ssl/certs

[Solved] PHP getimagesize(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL

Today, I encountered a problem with the client application server (CentOS). When using getimagesize(), an error is always reported:

PHP getimagesize(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:ssl3_ get_ server_ certificate:certificate verify failed

It is preliminarily judged that openssl.cafile in php.ini is not set. After opening the PHP configuration file, it is found that it is set. The current setting value is:


After that, it was suspected that the certificate might expire. First, compare the contents of the file on your own server. If you find that the size is inconsistent, copy and paste the contents from your own server. After saving, the problem of reloading PHP configuration still exists;

Remember that similar problems have occurred on Windows systems before. At that time, curl.cainfo was configured, so from this website
: http://curl.haxx.se/ca/cacert.pem Download the certificate and put it in the /usr/local/OpenSSL/ directory to modify the configuration

curl.cainfo = /usr/local/openssl/cacert.pem


When this problem occurs on the Internet, the solutions found are also operated in this way. However, the overload configuration problem remains after saving. Change the configuration back again.

Finally, see this article on: https://stackoverflow.com/questions/17084886/ssl-error-routinesssl3-get-server-certificatecertificate-verify-failed

It is found that the Linux system has the command to update the local certificate. The commands are different for different systems. The CentOS operation is as follows:

#Install ca certificate tool
yum install ca-certificates -y

# Update Certificate


Git push error: RPC failed; curl 7 OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 10054

Today, I encountered an error when submitting code with gitbash
error: RPC failed; curl 7 OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 10054

The common solution on the Internet is:
git config — global http.sslverify “false”
but I still report the same error after trying

Later, it was found that the uploaded file was too large. You can modify the configuration to

execute the statement: git config http.postbuffer 524288000
and then push again. It’s done

A download error occurred while downloading data from pytorch. Urllib.error.urlerror: < urlopen error [SSL: certificate_verify_failed]

The reason is that the SSL certificate needs to be verified, but the certificate verification failed. I tried some methods on the Internet, mainly including canceling certificate verification and installing the latest certificate. I didn’t find a suitable method to install the latest certificate, so I used the method of canceling certificate verification. The specific operation is to add the following code at the location where the file needs to be downloaded:

import ssl
ssl._create_default_https_context = ssl._create_unverified_context

PHP function file_ get_ Contents() reports an error when using HTTPS protocol: SSL operation failed


file_ get_ The contents () function is used to read the contents of a file into a string. It is one of the commonly used functions to read the contents of a file.

But sometimes file is used on the server_ get_ When the contents() function requests the URL file of HTTPS protocol, an error will be reported, and the file content cannot be read correctly,


The server is not properly configured with HTTPS certificate

Solution: (three solutions)

Method 1:

Download HTTPS certificate to server

The server downloads this certificate, http://curl.haxx.se/ca/cacert.pem
Php.ini configuration
openssl.cafile = “/ etc/SSL/certs/cacert. PEM”// the path where you actually download the certificate
Restart PHP

Method 2:

Use the curl function to process HTTPS parameters and obtain the file content

function getSSLPage($url) {
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_HEADER, false);
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_SSLVERSION,3); 
    $result = curl_exec($ch);
    return $result;


Method 3:

Make file_ get_ The contents() function skips HTTPS authentication

$stream_opts = [
    "ssl" => [

$response = file_get_contents("https://xxx.xxx.xxx",false,stream_context_create($stream_opts));

  It is recommended to use curl function instead of file in development_ get_ Contents() function.

cURL error 60: SSL certificate problem: self signed certificate in certificate chain

1、 Question

Curl error 60: SSL certificate problem: self signed certificate in certificate chain – server http302 this is generally a problem with self signed certificates

2、 Settle

Scheme 1. Directly use the domain name with HTTPS on the online server

Solution 2. Windows local development environment solution

a) Download certificate:

b) Put the downloaded Certificate in your PHP path:

D: \ wamp64 \ bin \ PHP \ php7.3.21 \ extras \ SSL this is your local PHP version path

c) Modify the php.ini file

curl.cainfo ="D:\wamp64\bin\php\php7.3.21\extras\ssl\ca-cert.crt"

d) Just restart PHP

[Solved] Android7 8 Jack server SSL error: Jack server failed to (re)start, try ‘jack-diagnose’ or see Jack server log

The following error message appears when compiling Android 7 8 code
Jack server failed to (re)start, try ‘jack-diagnose’ or see Jack server log
SSL error when connecting to the Jack server. Try ‘jack-diagnose’
SSL error when connecting to the Jack server. Try ‘jack-diagnose’
It is due to the updated version of JDK
According to the JDK Release Highlights, we can find that this update disables TLSv1.0 and TLSv1.1 in jdk.tls.disabledAlgorithms

sudo vim /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/java.security

Change to:

Restart the server or restart jack server to compile after the modification