An error is reported when installing a project on Linux. Requsts has SSL related problems. After checking, it is found that there is a problem with the version of requests,
There will be problems in the latest version. The solutions are as follows:
pip install requests==2.24.01、 Question
Curl error 60: SSL certificate problem: self signed certificate in certificate chain – server http302 this is generally a problem with self signed certificates
2、 Settle
Scheme 1. Directly use the domain name with HTTPS on the online server
Solution 2. Windows local development environment solution
a) Download certificate:
https://github.com/china-li-shuo/ca-cert
b) Put the downloaded Certificate in your PHP path:
D: \ wamp64 \ bin \ PHP \ php7.3.21 \ extras \ SSL this is your local PHP version path
c) Modify the php.ini file
curl.cainfo ="D:\wamp64\bin\php\php7.3.21\extras\ssl\ca-cert.crt"
openssl.cafile="D:\wamp64\bin\php\php7.3.21\extras\ssl\ca-cert.crt"
d) Just restart PHP
The questions are as follows:
Solution:
Add a code to disable the warning at the top
import urllib3
urllib3.disable_warnings()Postman reports an error when using: SSL error: self signed certificate disable SSL verification
Solution
select the setting menu:
The default SSL certificate verification is on. After it is turned off, there will be no certificate error:
The following error message appears when compiling Android 7 8 code
Jack server failed to (re)start, try ‘jack-diagnose’ or see Jack server log
SSL error when connecting to the Jack server. Try ‘jack-diagnose’
SSL error when connecting to the Jack server. Try ‘jack-diagnose’
It is due to the updated version of JDK
https://java.com/en/download/help/release_changes.html
According to the JDK Release Highlights, we can find that this update disables TLSv1.0 and TLSv1.1 in jdk.tls.disabledAlgorithms
Solution:
sudo vim /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/java.security
Change to:
Restart the server or restart jack server to compile after the modification
A java microservice function exception in the environment, look at the logs reporting errors.
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Reason: The self-signed certificate used by the customer is not trusted by jdk.
Import the customer domain SSL certificate into jdk library.
# export LANG=”en_US.UTF-8″
# openssl s_client -connect www.example.com:443 < /dev/null | sed -ne ‘/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p’ > www.example.com.crt
# keytool -import -file www.example.com.crt -alias www.example.com -keystore $JAVA_HOME/jre/lib/security/cacerts –storepass “changeit” –noprompt -trustcacerts
Restart the relevant java application and solve it.
Reason:
The reason for this problem is that curl.cainfo is not configured, which is located in php.ini.
Solution:
Since the reasons for the errors are stated, it is much easier to solve them, as follows:
1. Download cacert
Download address: https://curl.haxx.se/ca/cacert.pem
2. Modify php.ini and restart
curl.cainfo="real_path/cacert.pem"matters needing attention:
Needs to be turned on php_curl、php_openSSL extension;
Error: as shown in the following figure 
After many ideological struggles, he began to solve the problem after admitting that it was his own problem:
{
"apiUrl": "http://192.168.56.101:5000/",
"port": "8080",
"host": "127.0.0.1",
"socketHost": "172.16.0.26:443"//Add this line to the json file to configure public (no comments can be written in the json)
}
In reference https://github.com/vuejs/vue-cli/issues/1472
After the discussion, the following solutions are found:
webpack.dev.conf.js file:
Import
const URL = require('../static/config.json');
const socketHost = URL.socketHost;
Add content in devServer: {}:
public: socketHost,
disableHostCheck: trueFortunately, the problem is solved!
Execute the following commands when upgrading the flutter
Flutter upgrade
Unfortunately, for some reason, it cannot be accessed. The following error is reported
Standard error: fatal: unable to access
'https://github.com/flutter/flutter.git/': LibreSSL SSL_connect:
SSL_ERROR_SYSCALL in connection to github.com:443
You can set the routing agent. The command is as follows:
git config --global http.proxy http://127.0.0.1:1080
git config --global https.proxy http://127.0.0.1:1080
Note that the port can be modified according to its own configuration. Set or not set HTTPS according to your needs
if you want to cancel the proxy setting, you can use the following command:
git config --global --unset http.proxy
git config --global --unset https.proxy
After setting, test OK
Git config — the global command will add the following configuration in the ~ /. Gitconfig file
[http]
proxy = http://127.0.0.1:1080
[https]
proxy = https://127.0.0.1:1080
Note:
there is another way to use this command. It has not been tested yet. Save it first
git config --global --add remote.origin.proxy
FIX: SSL error when connecting to the Jack server.
##Background
unbuntu16.04 compiles android 8 source code and suddenly reports an error.
FAILED: setup-jack-server
/bin/bash -c "(prebuilts/sdk/tools/jack-admin install-server prebuilts/sdk/tools/jack-launcher.jar prebuilts/sdk/tools/jack-server-4.11.ALPHA.jar 2>&1 || (exit 0) ) && (JACK_SERVER_VM_ARGUMENTS=\"-Dfile.encoding=UTF-8 -XX:+TieredCompilation\" prebuilts/sdk/tools/jack-admin start-server 2>&1 || exit 0 ) && (prebuilts/sdk/tools/jack-admin update server prebuilts/sdk/tools/jack-server-4.11.ALPHA.jar 4.11.ALPHA 2>&1 || exit 0 ) && (prebuilts/sdk/tools/jack-admin update jack prebuilts/sdk/tools/jacks/jack-4.32.CANDIDATE.jar 4.32.CANDIDATE || exit 47 )"
Jack server already installed in ".jack-server"
Communication error with Jack server (35), try 'jack-diagnose' or see Jack server log
SSL error when connecting to the Jack server. Try 'jack-diagnose'
SSL error when connecting to the Jack server. Try 'jack-diagnose'
Solution
Try according to the prompt:
$ jack-diagnose
error: process ID list syntax error
Usage:
ps [options]
Try 'ps --help <simple|list|output|threads|misc|all>'
or 'ps --help <s|l|o|t|m|a>'
for additional help text.
For more details see ps(1).
Port 8077 is used by another process (pid=), please ensure to free the port or change port configuration in '/.jack-settings' and 'jack-server/config.properties'
error: process ID list syntax error
Usage:
ps [options]
Try 'ps --help <simple|list|output|threads|misc|all>'
or 'ps --help <s|l|o|t|m|a>'
for additional help text.
For more details see ps(1).
Port 8076 is used by another process (pid=), please ensure to free the port or change port configuration in '.jack-settings' and '/.jack-server/config.properties'
SSL error when connecting to the Jack server. Try 'jack-diagnose'
The problem remains the same, so the focus is still on SSL communication:
finally, it is solved by the following methods:
1. Edit/etc/java-8-openjdk/security/java.security
#
# Algorithm restrictions for Secure Socket Layer/Transport Layer Security
# (SSL/TLS) processing
#
# In some environments, certain algorithms or key lengths may be undesirable
# when using SSL/TLS. This section describes the mechanism for disabling
# algorithms during SSL/TLS security parameters negotiation, including
# protocol version negotiation, cipher suites selection, peer authentication
# and key exchange mechanisms.
#
# Disabled algorithms will not be negotiated for SSL/TLS connections, even
# if they are enabled explicitly in an application.
#
# For PKI-based peer authentication and key exchange mechanisms, this list
# of disabled algorithms will also be checked during certification path
# building and validation, including algorithms used in certificates, as
# well as revocation information such as CRLs and signed OCSP Responses.
# This is in addition to the jdk.certpath.disabledAlgorithms property above.
#
# See the specification of "jdk.certpath.disabledAlgorithms" for the
# syntax of the disabled algorithm string.
#
# Note: The algorithm restrictions do not apply to trust anchors or
# self-signed certificates.
#
# Note: This property is currently used by the JDK Reference implementation.
# It is not guaranteed to be examined and used by other implementations.
#
# Example:
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
include jdk.disabled.namedCurves
2. Find the line of TLSv1, delete TLSv1, TLSv1.1, and save it.
3. switch to the Android compiled source project directory: prebuilts/sdk/tools/
4. Run.
./jack-admin kill-server
./jack-admin start-server
After the server restarts one day, Apache cannot start. Check the Apache error log:
cat /var/log/httpd/error_log
The following errors are found:
[Wed Aug 25 18:49:00.134257 2021] [:error] [pid 1607] SSL Library Error: -8181 Certificate has expired
[Wed Aug 25 18:49:00.134318 2021] [:error] [pid 1607] Unable to verify certificate 'Server-Cert'. Add "NSSEnforceValidCerts off" to nss.conf so the server can start until the problem can be resolved.
Use the following command to view the certificate information and find that the certificate has expired:
certutil -d /etc/httpd/alias -L -n Server-Cert
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4 (0x4)
Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
Issuer: "CN=Certificate Shack,O=example.com,C=US"
Validity:
Not Before: Fri Jan 24 15:03:11 2017
Not After : Wed Jan 24 15:03:11 2021
You can use temporary methods to solve this problem:
first set the certificate inspection prohibition, and then cancel this setting after the certificate is updated. Operation method:
add the nssenforcevalidcerts off setting in the/etc/httpd/conf.d/nss.conf file to temporarily cancel the certificate inspection.
The permanent solution is to regenerate the certificate. The command is as follows:
yum install httpd mod_nss
certutil -d /etc/httpd/alias -L -n Server-Cert
cd /etc/httpd/alias
rm -f *.db
/usr/sbin/gencert /etc/httpd/alias > /etc/httpd/alias/install.log 2>&1
Then check that the certificate expiration date is normal.
certutil -d /etc/httpd/alias -L -n Server-Cert
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4 (0x4)
Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
Issuer: "CN=Certificate Shack,O=example.com,C=US"
Validity:
Not Before: Fri Aug 27 07:27:30 2021
Not After : Wed Aug 27 07:27:30 2025
Try to start Apache and find that it still can’t be started. Check the error log again and find a new error report:
[Fri Aug 27 15:38:17.483837 2021] [:error] [pid 15043] Server user apache lacks read access to NSS key database /etc/httpd/alias/key3.db.
It should be that the Apache user does not have permission to the key3.db file
let’s check the file attributes:
ls -l /etc/httpd/alias/
total 88
-rw-------. 1 root root 65536 Oct 26 17:26 cert8.db
-rw-------. 1 root root 5872 Oct 26 17:26 install.log
-rw-------. 1 root root 16384 Oct 26 17:26 key3.db
lrwxrwxrwx. 1 root root 24 Nov 15 10:58 libnssckbi.so -> /usr/lib64/libnssckbi.so
-rw-------. 1 root root 16384 Oct 26 17:26 secmod.db
Then modify the attributes of all DB files in the/etc/httpd/alias/Directory:
chown :apache /etc/httpd/alias/*.db
chmod u=rw,g=r *.db
The effect is the same with the following two commands:
chown root.apache /etc/httpd/alias/*.db
chmod 0640 /etc/httpd/alias/*.db
After modification, check the properties of the DB file:
ls -l /etc/httpd/alias/
total 88
-rw-r-----. 1 root apache 65536 Oct 26 17:26 cert8.db
-rw-------. 1 root root 5872 Oct 26 17:26 install.log
-rw-r-----. 1 root apache 16384 Oct 26 17:26 key3.db
lrwxrwxrwx. 1 root root 24 Nov 15 10:58 libnssckbi.so -> /usr/lib64/libnssckbi.so
-rw-r-----. 1 root apache 16384 Oct 26 17:26 secmod.db
Finally, start Apache:
systemctl start httpd
Start successfully!
The code compilation of 8909 A7 has never been a problem before. Suddenly, one day, the compilation encountered SSL-related errors. The specific errors are as follows:
[ 0% 12/6140] Ensure Jack server is installed and started
FAILED: /bin/bash -c "(prebuilts/sdk/tools/jack-admin install-server prebuilts/sdk/tools/jack-launcher.jar prebuilts/sdk/tools/jack-server-4.8.ALPHA.jar 2>&1 || (exit 0) ) && (JACK_SERVER_VM_ARGUMENTS=\"-Dfile.encoding=UTF-8 -XX:+TieredCompilation\" prebuilts/sdk/tools/jack-admin start-server 2>&1 || exit 0 ) && (prebuilts/sdk/tools/jack-admin update server prebuilts/sdk/tools/jack-server-4.8.ALPHA.jar 4.8.ALPHA 2>&1 || exit 0 ) && (prebuilts/sdk/tools/jack-admin update jack prebuilts/sdk/tools/jacks/jack-2.28.RELEASE.jar 2.28.RELEASE || exit 47; prebuilts/sdk/tools/jack-admin update jack prebuilts/sdk/tools/jacks/jack-3.36.CANDIDATE.jar 3.36.CANDIDATE || exit 47; prebuilts/sdk/tools/jack-admin update jack prebuilts/sdk/tools/jacks/jack-4.7.BETA.jar 4.7.BETA || exit 47 )"
Jack server already installed in "/fwork1/yuwl/.jack-server"
Communication error with Jack server (35), try 'jack-diagnose' or see Jack server log
SSL error when connecting to the Jack server. Try 'jack-diagnose'
SSL error when connecting to the Jack server. Try 'jack-diagnose'
[ 0% 12/6140] target R.java/Manifest.java: SnapdragonCamera (out/target/common/obj/APPS/SnapdragonCamera_intermediates/src/R.stamp)
Judging from the error log, it was an SSL exception when connecting to the jack server. At first, it was considered to be a jack server problem. The processing process included restarting the jack server service and configuring the jack server port number. It was ineffective. Finally, it was found that many people encountered the same problem through the network. The solutions are as follows. The personal test is effective
Solution:
delete the tlsv1 and tlsv1.1 configurations of the jdk.tls.disabledalgorithms parameter in the/etc/java-8-openjdk/security/java.security file
