Indeed, it's one of the two issues we saw recently here. And this one,
with binary 8.6 it is indeed that
"import ssl" fails. But even if people install Sage's optional openssl
package on MacOS, it won't be enough, still.
>
> Because if there is no _ssl module included in Python then it can't
> use HTTPS anyways. But if `import _ssl` works then there is a working
> SSL library included, whatever it may be.
>
> The other issue is just a question of whether or not the SSL library
> has up-to-date root certificates to verify connections with. If it
> doesn't, then HTTPS connections will fail with some
> SSL_CERTIFICATE_VERIFY_FAILED
Yes, this is exactly what I saw when I tried Python.org's 2.7.16
without running that script:
>>> from urllib import urlopen
>>> f=urlopen("
https://oeis.org/")
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib.py",
line 87, in urlopen
return opener.open(url)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib.py",
line 213, in open
return getattr(self, name)(url)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib.py",
line 443, in open_https
h.endheaders(data)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/httplib.py",
line 1038, in endheaders
self._send_output(message_body)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/httplib.py",
line 882, in _send_output
self.send(msg)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/httplib.py",
line 844, in send
self.connect()
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/httplib.py",
line 1263, in connect
server_hostname=server_hostname)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py",
line 369, in wrap_socket
_context=self)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py",
line 599, in __init__
self.do_handshake()
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py",
line 828, in do_handshake
self._sslobj.do_handshake()
IOError: [Errno socket error] [SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed (_ssl.c:727)
> which can be worked around in a number
> of different ways (including installing up-to-date root CA certs from
> a presumed "trusted" source into a location that Python's urllib knows
> where to look).
The bottom line is two-fold:
1) As Python.org now ships 2.7.16 with pre-build openssl, then why
don't we do the same?
(IMHO Sage should not try to out-saint the pope, and stick to "we
don't ship openssl orthodoxy")
2) It's not sufficient to have an up to date openssl package, it also
needs some further blessing
with certs on MacOS.
Dima