nvpy icon indicating copy to clipboard operation
nvpy copied to clipboard
verified publisher icon cpbotha

SSL certificate verification problem.

Open hbayindir opened this issue 8 years ago • 3 comments

I've probably found an edge case in nvPY's code. I'm currently stuck debugging it, so I need help.

  • The Problem: When I open nvPY, It fails to get the notes from the server.
  • The Reason: Because I get the exception <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)> in simplenote.py, line 57.
  • Why it's strange: Because when I try to connect to same URLs via my browser or the tool I've written to test urllib2, everything works great. I even transplanted the authenticate function from nvpy to the tool, and it's working correctly. The stranger thing is I have three computers which run the same distribution (Debian testing, all are up to date) with similar package lists and, other systems doesn't exhibit this problem.

All help and tips are greately appreciated. I'll fork and create a pull request for the fix, but I was unable to find a solution yet. All help is greatly appreciated!

hbayindir avatar Oct 12 '17 18:10 hbayindir

humm... that's strange indeed.

would you tell me these results?

  • nvpy version.
  • environment variables on a python process. You would be easier to run strings /proc/${PYTHON_PID}/environ to get environment variables.
  • results of ssl.get_default_verify_paths()
  • results of openssl s_client -showcerts -connect simple-note.appspot.com:443 -servername simple-note.appspot.com </dev/null
  • occurrence frequency of that error.
  • do you use a proxy for the Internet access?

yuuki0xff avatar Oct 13 '17 01:10 yuuki0xff

Of course.

  • nvPY version: Freshly checked out of master, commit 127fdee.
  • I've attached two environment files. One is from nvpy, the other one is from python command. They are not different though.
  • Result of ssl.get_default_verify_paths(): DefaultVerifyPaths(cafile=None, capath='/usr/lib/ssl/certs', openssl_cafile_env='SSL_CERT_FILE', openssl_cafile='/usr/lib/ssl/cert.pem', openssl_capath_env='SSL_CERT_DIR', openssl_capath='/usr/lib/ssl/certs')
  • I've also attached the result of openssl s_client -showcerts -connect simple-note.appspot.com:443 -servername simple-note.appspot.com </dev/null
  • This occurs every time. nvpy is unusable for me on this system.
  • No, my internet connection is transparent.

nvpy-environment.txt openssl-command-result.txt python-interpreter-environment.txt

hbayindir avatar Oct 13 '17 19:10 hbayindir

I also have taken an environment snapshot from a system with a working nvPY, and I found the problem. My system locale on this system is tr_TR.UTF-8. Working system is en_US.UTF-8, and when I export en_US.UTF-8 to nvPY, it works as it should.

This is a notorious problem. In Turkish, we have two different I s. ı,I,i,İ. Unlike English and other languages which have the capitalization relation i <-> I, we have something more different: ı <-> I & i <-> İ. Probably code is doing a similar conversion somewhere, and things go south.

I think it should be fixed.

Obligatory Coding Horror story → What's wrong with Turkey?

hbayindir avatar Oct 13 '17 19:10 hbayindir