CERTIFICATE_VERIFY_FAILED Windows only?

[Ulli Horlacher]

My program uses https and runs fine on Linux, but on Windows it crashes:

W10dev:/cygdrive/p: python fextasy.py -D
DEBUG(fextasy.py): verbose=0
DEBUG(fextasy.py): User-Agent: fextasy-20211127_1806 Windows 10.0.19041
DEBUG(fextasy.py): TCPCONNECT to fex.flupp.org:443
Traceback (most recent call last):
File "P:\fextasy.py", line 1351, in <module>
main()
File "P:\fextasy.py", line 232, in main
file = fexget('')
File "P:\fextasy.py", line 622, in fexget
if not http_connect(server,port):
File "P:\fextasy.py", line 956, in http_connect
if not tcp_connect(server,port): return
File "P:\fextasy.py", line 973, in tcp_connect
sock = context.wrap_socket(sock,server_hostname=host)
File "C:\Users\admin\AppData\Local\Programs\Python\Python310\lib\ssl.py", line 512, in wrap_socket
return self.sslsocket_class._create(
File "C:\Users\admin\AppData\Local\Programs\Python\Python310\lib\ssl.py", line 1070, in _create
self.do_handshake()
File "C:\Users\admin\AppData\Local\Programs\Python\Python310\lib\ssl.py", line 1341, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_s
sl.c:997)


The sourcecode here is:

def tcp_connect(host,port):
global sock

message(f"D:TCPCONNECT to {host}:{port}")
try:
sock = socket.create_connection((host,port))
except socket.error as e:
message("E:cannot connect to %s:%d - %s" % (host,port,e.strerror))
return False
sock.settimeout(timeout)
if port == 443:
context = ssl.create_default_context()
sock = context.wrap_socket(sock,server_hostname=host)
return True



Google chrome and firefox both say the certifacte is valid:

https://fex.flupp.org/fop/U4xC4kz8/X-20211127192031.png

https://fex.flupp.org/fop/mBabXKSz/X-20211127192416.png

Why does Python complain (only on Windows!)?



--
Ullrich Horlacher Server und Virtualisierung
Rechenzentrum TIK
Universitaet Stuttgart E-Mail: horl...@tik.uni-stuttgart.de
Allmandring 30a Tel: ++49-711-68565868
70569 Stuttgart (Germany) WWW: http://www.tik.uni-stuttgart.de/

[Chris Angelico]

On Sun, Nov 28, 2021 at 6:38 AM Ulli Horlacher
<fram...@rus.uni-stuttgart.de> wrote:
>
> My program uses https and runs fine on Linux, but on Windows it crashes:
>

> Google chrome and firefox both say the certifacte is valid:
>
> https://fex.flupp.org/fop/U4xC4kz8/X-20211127192031.png
>
> https://fex.flupp.org/fop/mBabXKSz/X-20211127192416.png
>
> Why does Python complain (only on Windows!)?
>

What version of Python is it, and where did you install it from? On
some versions, Python will use Microsoft's provided certificate store.
One solution may be to fetch Mozilla's root certs from PyPI:

https://pypi.org/project/certifi/

ChrisA

[Ulli Horlacher]

Chris Angelico <ros...@gmail.com> wrote:
> On Sun, Nov 28, 2021 at 6:38 AM Ulli Horlacher
> <fram...@rus.uni-stuttgart.de> wrote:
> >
> > My program uses https and runs fine on Linux, but on Windows it crashes:
> >
> > Google chrome and firefox both say the certifacte is valid:
> >
> > https://fex.flupp.org/fop/U4xC4kz8/X-20211127192031.png
> >
> > https://fex.flupp.org/fop/mBabXKSz/X-20211127192416.png
> >
> > Why does Python complain (only on Windows!)?
> >
>
> What version of Python is it, and where did you install it from?

https://www.python.org/ftp/python/3.10.0/python-3.10.0-amd64.exe

> On some versions, Python will use Microsoft's provided certificate store.
> One solution may be to fetch Mozilla's root certs from PyPI:
>
> https://pypi.org/project/certifi/

C:\Users\admin>pip install certifi
Collecting certifi
Downloading certifi-2021.10.8-py2.py3-none-any.whl (149 kB)
Installing collected packages: certifi
Successfully installed certifi-2021.10.8


Great!
Now my program runs without CERTIFICATE_VERIFY_FAILED