Tag Archives: ssl

[Solved] Python urllib sending request Error: urllib.error.urlerror: <urlopen error [SSL: certificate_verify_failed]….>

Error:urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:xxx)>

Solution:
Add the following codes before you use urllib.request.Request(url):

import ssl
ssl._create_default_https_context = ssl._create_unverified_context

Problem analysis

This is because the website visited is HTTPS://, which requires SSL authentication, and using urllib directly will lead to local authentication failure (the specific reason is not found out), so SSL is used_create_unverified_Context turn off authentication

Error recurrence

When request = urllib.Request.Request (URL, data) is executed, an error is reported. Cancel the comments in the upper two lines to solve the problem

import json
import urllib


def baidu_search():
    url = "https://www.baidu.com/s?"
    data = {"wd": "AHA"}
    data = json.dumps(data).encode('GBK')
    # import ssl
    # ssl._create_default_https_context = ssl._create_unverified_context  # If these two lines are not added, the next line reports an error
    request = urllib.request.Request(url, data)
    response = urllib.request.urlopen(request)
    content = response.read()
    print(str(content))


if __name__ == '__main__':
    baidu_search()

Error when downloading the built-in dataset of pytoch = urllib.error.urlerror: urlopen error [SSL: certificate_verify_failed]

Error reason:

This is an SSL certificate validation error. When an HTTPS site is requested, but the certificate validation error occurs, such an error will be reported.

Solution:

Just add the following two lines to the code to skip the certificate check and successfully access the web page.

# Global removal of certificate validation
import ssl
ssl._create_default_https_context = ssl._create_unverified_context

Nginx Error: nginx: [emerg] the “ssl“ parameter requires ngx_http_ssl_module in /project/api/nginx.conf:

Error reporting reason:

NGX is not installed_http_ssl_Module module

Solution:

    1. check which modules are installed in Nginx
/usr/local/ngxin/sbin/nginx -V

nginx version: nginx/1.12.2
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC) 
configure arguments:

No parameters after configure arguments indicates that no modules are installed
install NGX_http_ssl_Module the module is in the installation directory ofngxin, note the installation directory, find configure and execute:

./configure --prefix=/usr/local/nginx 
./configure --with-http_ssl_module

After installation, execute make and make install 

make
...
make install

Back up the original nginx, and overwrite the compiled nginx with the original nginx 

cp /usr/local/nginx/sbin/nginx  /usr/local/nginx/sbin/nginx.bak
cp ./objs/nginx /usr/local/nginx/sbin/

Check whether the installation is successful

/usr/local/nginx/sbin/nginx -V

nginx version: nginx/1.12.2
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC) 
built with OpenSSL 1.0.2k-fips  26 Jan 2017
TLS SNI support enabled
configure arguments: --with-http_ssl_module

[UNK] enable nginx

/usr/local/nginx/sbin/nginx -s reload

Error 0 when adding SSL access to laravel project

Problem Description: project development framework DCAT, server management tool pagoda, configure SSL. Log in and report error 0. Check the nginx error log and find that it is not written. When the browser opens the debugging function, the console reports an error fastcgi send in stderr: “PHP message: PHP fatal error: allowed memory size of 134217728 bytes exhausted (tried to allocate 20480 bytes) in, the configuration file. Env configuration HTTPS and JS base file HTTPS have been changed.

Solution:
find config/admin.php and change the HTTPS configuration item to true

Solution to [SSL: certificate_verify_failed] when you get downloads video

[SSL: certificate_verify_failed] problem when downloading video using you get and ffmpeg

Since the you get -- debug debugging shows that it is a certificate verification problem, the part ignoring SSL certificate verification is added to the code and implemented in pycharm (non command line)
Modify url = 'website', output_Dir = R 'save path' 

import ssl
from you_get import common

# Ignore certificate validation issues
ssl._create_default_https_context = ssl._create_unverified_context

# Call any_download_playlist in you_get.common to download a collection
common.any_download_playlist(url='https://www.bilibili.com/video/BVXXX',stream_id='',info_only=False,
                             output_dir=r'F:\StudyLesson\YouGet',merge=True)

# Call any_download in you_get.common for single set download
common.any_download(url='https://www.bilibili.com/video/BVXXX?p=8',stream_id='',
                    info_only=False,output_dir=r'F:\StudyLesson\YouGet',merge=True)

So far, the video has been downloaded successfully
record.

[PHP]stream_socket_client(): Failed to enable crypto

Problem recurrence:

<?php
function getCertInfo($domain)
{
    $context = stream_context_create([
        'ssl' => [
            'capture_peer_cert'       => true,
            'capture_peer_cert_chain' => true,
        ],
    ]);

    $client = stream_socket_client("ssl://{$domain}:443", $errorCode, $errorMessage, 30, STREAM_CLIENT_CONNECT, $context);
    if ($client === false) {
        var_dump("!!!open {$domain} socket connection fail. {$errorMessage}($errorCode) !!!";
        return false;
    }

    $params = stream_context_get_params($client);
    if (empty($params['options']['ssl']['peer_certificate'])) {
        var_dump("!!!{$domain} stream_context_get_params options ssl peer_certificate is empty!!!");
        return false;
    }

    return openssl_x509_parse($params['options']['ssl']['peer_certificate']);
}

Solution: $context add verify_ Peer configuration

<?php 
$context = stream_context_create([
    'ssl' => [
        'capture_peer_cert'       => true,
        'capture_peer_cert_chain' => true,
        'verify_peer'             => false,
    ],
]);

[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed [Solved]

1. Problem phenomenon

Error reported by Ubuntu machine or docker container

Traceback (most recent call last):
  File "main.py", line 200, in <module>
  File "attribute_extract/extract_attribute.py", line 37, in __init__
  File "attribute_extract/models.py", line 25, in __init__
  File "torchvision/models/resnet.py", line 199, in resnet50
  File "torch/hub.py", line 433, in load_state_dict_from_url
  File "torch/hub.py", line 349, in _download_url_to_file
  File "urllib/request.py", line 162, in urlopen
  File "urllib/request.py", line 465, in open
  File "urllib/request.py", line 483, in _open
  File "urllib/request.py", line 443, in _call_chain
  File "urllib/request.py", line 1286, in https_open
  File "urllib/request.py", line 1245, in do_open
urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)>

2. Solutions

sudo apt-get update 
sudo apt-get install ca-certificates
sudo update-ca-certificates --fresh
export SSL_CERT_DIR=/etc/ssl/certs

[Solved] PHP getimagesize(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL

Today, I encountered a problem with the client application server (CentOS). When using getimagesize(), an error is always reported:

PHP getimagesize(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:ssl3_ get_ server_ certificate:certificate verify failed

It is preliminarily judged that openssl.cafile in php.ini is not set. After opening the PHP configuration file, it is found that it is set. The current setting value is:

openssl.cafile=/etc/pki/tls/certs/ca-bundle.crt

After that, it was suspected that the certificate might expire. First, compare the contents of the file on your own server. If you find that the size is inconsistent, copy and paste the contents from your own server. After saving, the problem of reloading PHP configuration still exists;

Remember that similar problems have occurred on Windows systems before. At that time, curl.cainfo was configured, so from this website
: http://curl.haxx.se/ca/cacert.pem Download the certificate and put it in the /usr/local/OpenSSL/ directory to modify the configuration

[curl]
curl.cainfo = /usr/local/openssl/cacert.pem

[openssl]
openssl.cafile=/usr/local/openssl/cacert.pem

When this problem occurs on the Internet, the solutions found are also operated in this way. However, the overload configuration problem remains after saving. Change the configuration back again.

Finally, see this article on: https://stackoverflow.com/questions/17084886/ssl-error-routinesssl3-get-server-certificatecertificate-verify-failed

It is found that the Linux system has the command to update the local certificate. The commands are different for different systems. The CentOS operation is as follows:

#Install ca certificate tool
yum install ca-certificates -y

# Update Certificate
update-ca-trust

Problem-solving.

Git push error: RPC failed; curl 7 OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 10054

Today, I encountered an error when submitting code with gitbash
error: RPC failed; curl 7 OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 10054

The common solution on the Internet is:
git config — global http.sslverify “false”
but I still report the same error after trying

Later, it was found that the uploaded file was too large. You can modify the configuration to

execute the statement: git config http.postbuffer 524288000
and then push again. It’s done

A download error occurred while downloading data from pytorch. Urllib.error.urlerror: < urlopen error [SSL: certificate_verify_failed]

The reason is that the SSL certificate needs to be verified, but the certificate verification failed. I tried some methods on the Internet, mainly including canceling certificate verification and installing the latest certificate. I didn’t find a suitable method to install the latest certificate, so I used the method of canceling certificate verification. The specific operation is to add the following code at the location where the file needs to be downloaded:

import ssl
ssl._create_default_https_context = ssl._create_unverified_context

PHP function file_ get_ Contents() reports an error when using HTTPS protocol: SSL operation failed

Scenario:

file_ get_ The contents () function is used to read the contents of a file into a string. It is one of the commonly used functions to read the contents of a file.

But sometimes file is used on the server_ get_ When the contents() function requests the URL file of HTTPS protocol, an error will be reported, and the file content cannot be read correctly,

reason:

The server is not properly configured with HTTPS certificate

Solution: (three solutions)

Method 1:

Download HTTPS certificate to server

The server downloads this certificate, http://curl.haxx.se/ca/cacert.pem
Php.ini configuration
openssl.cafile = “/ etc/SSL/certs/cacert. PEM”// the path where you actually download the certificate
Restart PHP

Method 2:

Use the curl function to process HTTPS parameters and obtain the file content

<?php
function getSSLPage($url) {
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_HEADER, false);
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_SSLVERSION,3); 
    $result = curl_exec($ch);
    curl_close($ch);
    return $result;
}

var_dump(getSSLPage("https://xxx.xxx.xxx"));
?>

Method 3:

Make file_ get_ The contents() function skips HTTPS authentication

$stream_opts = [
    "ssl" => [
        "verify_peer"=>false,
        "verify_peer_name"=>false,
    ]
]; 

$response = file_get_contents("https://xxx.xxx.xxx",false,stream_context_create($stream_opts));

  It is recommended to use curl function instead of file in development_ get_ Contents() function.