Skip to content

setup downloads sometimes fails CERTIFICATE_VERIFY_FAILED #14169

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
zerothi opened this issue May 8, 2019 · 7 comments
Closed

setup downloads sometimes fails CERTIFICATE_VERIFY_FAILED #14169

zerothi opened this issue May 8, 2019 · 7 comments
Assignees
@tacaswell
Milestone
v3.3.1

Comments

@zerothi
Copy link
Contributor

zerothi commented May 8, 2019

Bug report

Sometimes (depending on how Python has been installed) one might see a

<urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)>

error.

Fix

The easy fix is to ensure certifi certificates path is added to the urlopen method.

I.e. in your setupext.py you may need:

import certifi
    with urlopen(
            Request(url, headers={"User-Agent": ""}), cafile=certifi.where()) as req:
        file_contents = BytesIO(req.read())

Probably there needs to be some try-execpt-(import certifi-fix) to handle this.

Matplotlib version

This happens when setup.py tries to download files, e.g. the recent change to jquery download. So basically I have only seen this in 2.2.4 and 3.0.3.

Agreed, this may be because my installation is not the same as system installations, but it may happen elsewhere I guess.
@tacaswell tacaswell added this to the v2.2.5 milestone May 8, 2019
@tacaswell
Copy link
Member

This should probably be gated on certifi being installed? Not sure we want to make this an additional build time requirement.

@zerothi
Copy link
Contributor Author

zerothi commented May 8, 2019

Agreed, so I am not aware of what this actually means for you... Hence I suspected it could be something like:

try:
    old-method
except Exception as e:
   if "CERTIFICIATE_VERIFY_FAILED" in str(e):
       import certifi ...

but I am not sure what is the best way.

@tacaswell
Copy link
Member

I was thinking

try:
    import certifi
    ca_path = certifi.where()
except ImporError:
    ca_path = None

to avoid having the two copies of the Request line, but either way should work (assuming ca_path being None is ok with Request).

@zerothi
Copy link
Contributor Author

zerothi commented May 9, 2019

Yeah, that is a good idea! But I don't know if ca_path would cause other problems (sometimes?)

@tacaswell tacaswell self-assigned this Oct 22, 2019
@tacaswell tacaswell modified the milestones: v2.2.5, v3.2.1 Jan 17, 2020
@tacaswell
Copy link
Member

Re-milestoned this to oldest version of Matplotlib this is going to be supported in the near future.

@tacaswell tacaswell modified the milestones: v3.2.1, v3.2.2 Mar 16, 2020
@tacaswell tacaswell modified the milestones: v3.2.2, needs sorting May 13, 2020
@github-actions
Copy link

This issue has been marked "inactive" because it has been 365 days since the last comment. If this issue is still present in recent Matplotlib releases, or the feature request is still wanted, please leave a comment and this label will be removed. If there are no updates in another 30 days, this issue will be automatically closed, but you are free to re-open or create a new issue if needed. We value issue reports, and this procedure is meant to help us resurface and prioritize issues that have not been addressed yet, not make them disappear. Thanks for your help!

@github-actions github-actions bot added the status: inactive Marked by the “Stale” Github Action label Jun 16, 2023
@QuLogic
Copy link
Member

QuLogic commented Jun 16, 2023

certifi was added in #18225.

@QuLogic QuLogic closed this as completed Jun 16, 2023
@QuLogic QuLogic removed the status: inactive Marked by the “Stale” Github Action label Jun 16, 2023
@QuLogic QuLogic modified the milestones: future releases, v3.3.1 Jun 16, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tacaswell tacaswell

Labels
None yet
Projects
None yet
Milestone
v3.3.1
Development

No branches or pull requests
3 participants
@tacaswell @QuLogic @zerothi