Opened 9 years ago

Last modified 9 years ago

#46550 new defect

googlecl: ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)

Reported by: zdroik@… Owned by: macports-tickets@…
Priority: Normal Milestone:
Component: ports Version: 2.3.3
Keywords: Cc:
Port: googlecl

Description (last modified by ryandesign (Ryan Carsten Schmidt))

googlecl stopped working with a recent update from the last month. it is SSL related.

google -v docs list
....
 File "/opt/local/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/googlecl/base.py", line 399, in retry_operation
    raise unexpected
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)

Change History (4)

comment:1 Changed 9 years ago by ryandesign (Ryan Carsten Schmidt)

Description: modified (diff)
Keywords: googlecl ssl removed
Summary: googlecl bustedgooglecl: ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)

Which "recent update from the last month" do you mean? googlecl's version has not changed in two years (not since r101174).

comment:2 Changed 9 years ago by zdroik@…

The update was not googlecl related.

I simply update macports with a monthly refresh.

port selfupdate; port upgrade outdated

I have not tracked down which underlying software update broke it.

comment:3 Changed 9 years ago by ned-deily (Ned Deily)

Python has changed: as of 2.7.9, certificates are now verified by default. (https://www.python.org/downloads/release/python-279/). So it is possible that a TLS (SSL) connection to a server that used to work now fails because the certificate validation is now being enforced. If so, the trick is to figure out which one and then, if necessary, add any custom or missing root CA's to the user's root CA store for the MacPorts OpenSSL (/opt/local/etc/openssl).

comment:4 Changed 9 years ago by mouse07410 (Mouse)

The problem is with the latest macports openssl-1.0.1k_0 upgrade. It broke certificate signature:

$ openssl verify -CAfile Forest_CA.pem RabbitMQ-manager.pem
RabbitMQ-manager.pem: CN = RabbitMQ-manager, O = The Burrow, OU = Messengers, C = US
error 7 at 0 depth lookup:certificate signature failure
$ /usr/bin/openssl verify -CAfile Forest_CA.pem RabbitMQ-manager.pem
RabbitMQ-manager.pem: OK
$ openssl version
OpenSSL 1.0.1k 8 Jan 2015
$ /usr/bin/openssl version
OpenSSL 0.9.8za 5 Jun 2014
$
Last edited 9 years ago by mouse07410 (Mouse) (previous) (diff)
Note: See TracTickets for help on using tickets.