Requests with openssl getting SNIMissingWarning and InsecurePlatformWarning on android.

[Kyle Monson]

I'm having problems getting requests working with openssl on Android.

I'm using the android_new toolchain and have the following requirements in my buildozer spec file:

requirements = pyopenssl, cryptography, pyasn1, apsw, requests, ndg-httpsclient, kivy

In logcat gives me this:

I/python  (31084):  /data/data/edword.test.edword/files/_applibs/requests/packages/urllib3/util/ssl_.py:315: SNIMissingWarning:

An HTTPS request has been made, but the SNI (Subject Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#snimissingwarning.

I/python  (31084):    SNIMissingWarning

I/python  (31084):  /data/data/edword.test.edword/files/_applibs/requests/packages/urllib3/util/ssl_.py:120: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain

SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.

I/python  (31084):    InsecurePlatformWarning

I/python  (31084): [Errno 185090050] _ssl.c:340: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib

I/python  (31084):  /data/data/edword.test.edword/files/_applibs/requests/packages/urllib3/util/ssl_.py:120: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain

SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.

I/python  (31084):    InsecurePlatformWarning

I/python  (31084): [Errno 185090050] _ssl.c:340: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib

On my server I'm seeing this:

EOF occurred in violation of protocol

And it fails to connect.

Am I missing a requirement somewhere? 

If I run from Kivy 1.9.0 on Windows (which is running python 2.7.9) it works fine.

[Kyle Monson]

I figured this out.

There is no recipe for ndg-httpsclient (or requests, but ndg-httpsclient is the problem). When ndg-httpsclient is installed via pip it also installs pyopenssl, cryptography and a bunch of other things for which there are recipes for in python-for-android. This messes up the resulting APK as now it has two versions pyopenssl among other things and the wrong one is being loaded. Requests covers up the error with an try except guard around it's ndg-httpsclient import. 

The solution was to create a recipe for ndg-httpsclient. I now have ssl in requests working.

A pull request will be forthcoming.

This also indicates that the mechanism to prevent compiled modules (or compiled dependencies) from installing via pip is failing.

Before anyone asks: I also made an apsw recipe for the new toolchain, but I think I cheated to make it work so it will be a while before clean it up and submit it.

[Erik Sandberg]

I'm running intp this issue but I don't see a recipe for ndg-httpsclient. Is there an update here?

[Kyle Monson]

Sorry, I didn't ever do this pull request. I dropped Kivy and moved to Unity some time after I posted this. Here is the recipe. Just copy it into an __init__.py file (or however recipes are made these days)

from pythonforandroid.toolchain import PythonRecipe

class Ndg_httpsclient(PythonRecipe):

    version = '0.4.0'

    url = 'https://pypi.python.org/packages/source/n/ndg-httpsclient/ndg_httpsclient-{version}.tar.gz'

    depends = ['python2', 'pyopenssl', 'cryptography']

    call_hostpython_via_targetpython = False

recipe = Ndg_httpsclient()

All it's doing is preempting installing ndg_httpsclient via pip and specifying the other recipes to depend on. You probably should update the version number and update the depends to Python 3 if needed.