Pymol gives error on fetching from any https site

[carlosfamilia (Carlos Familia)]

Pymol gives error on fetching from any https site, to reproduce you can try "fetch 89594, type=cid" or try to install a plugin from the internet, ​https://raw.githubusercontent.com/ADplugin/ADplugin/master/autodock.py for instance.

It gives the following error for the plugin (for the structure just says it cannot load the structure):

Plugin-Error: <urlopen error [SSL:CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)>

I have done some searching and apparently python ssl suffered some change in somewhere in python 2.7.xx that requires certificates. Not sure if it helps.

[mf2k (Frank Schima)]

In the future, please use WikiFormatting and Cc the port maintainers (port info --maintainers pymol), if any.

The Milestone field is for use by Macports team members only, please do not set it.

[mf2k (Frank Schima)]

As reporter, you do not need to Cc yourself.

[carlosfamilia (Carlos Familia)]

Noted! Thanks.

I have been looking around in the pymol code and made some changes.

This rolls back for the previous behaviour, however it does not check the certificates, I am not sure if you want to implement it like this or a more safe approach. Nevertheless the code needing changes is here identified:

--- modules/pymol/internal.py	2017-03-09 00:40:30.000000000 +0000
+++ internal.py	2017-10-23 17:28:36.000000000 +0100
@@ -3,6 +3,7 @@
 
 import os
 import sys
+import ssl
 cmd = sys.modules["pymol.cmd"]
 from pymol import _cmd
 import threading
@@ -316,9 +317,10 @@
         if not is_string(finfo):
             handle = finfo
         elif '://' in finfo:
+            context = ssl._create_unverified_context()
             req = urllib2.Request(finfo,
                     headers={'User-Agent': 'PyMOL/' + _self.get_version()[0]})
-            handle = urllib2.urlopen(req)
+            handle = urllib2.urlopen(req, context=context)
         else:
             handle = open(finfo, 'rb')
         contents = handle.read()

--- modules/pymol/plugins/repository.py	2017-04-26 14:08:45.000000000 +0100
+++ plugins/repository.py	2017-10-23 17:32:35.000000000 +0100
@@ -11,6 +11,7 @@
 from __future__ import print_function
 
 import sys
+import ssl
 if sys.version_info[0] > 2:
     import urllib.request as urllib2
     from urllib.parse import urlparse
@@ -31,9 +32,9 @@
     not change that.
     '''
     from . import pref_get

+    context = ssl._create_unverified_context()
     timeout = pref_get('network_timeout', 10.0)
-    return urllib2.urlopen(url, timeout=timeout)
+    return urllib2.urlopen(url, timeout=timeout, context=context)
 
 
 def urlreadstr(url, encoding='iso-8859-1'):

[carlosfamilia (Carlos Familia)]

Please note that I have changed the diffs from previous comment to a more readable format.

[jwhowarth]

Please open a bug report upstream at ​https://sourceforge.net/p/pymol/bugs/?source=navbar

[carlosfamilia (Carlos Familia)]

Bug reported. ​https://sourceforge.net/p/pymol/bugs/195/

[carlosfamilia (Carlos Familia)]

Apparently it can be solved by running the following command on the first time pymol is run:

PYTHONHTTPSVERIFY=0 pymol

Maybe this could be added to the information displayed after pymol install.

Thomas also sugested to run the following command within pymol:

import ssl
ssl._https_verify_certificates(enable=False)

However the first command worked and from that point onwards pymol could be called just by:

pymol

Without any problems with https.

[raimue (Rainer Müller)]

It is bad practice not to verify SSL certificates. I don't know anything about pymol, so I also don't know how I could reproduce the issue. Exact commands that need to be entered to reproduce this problem would help.

However, please verify first that urllib2 in python works correctly on your system. Does the command below also produce an error? If so, it is a problem with your installation of python27 in general and not specific to pymol.

$ python2.7 -c 'import urllib2; print urllib2.urlopen("https://example.org").read();'
<!doctype html>
<html>
<head>
    <title>Example Domain</title>
...

[carlosfamilia (Carlos Familia)]

I agree with you, that was I originally suggested this wasn't the best way to solve the problem. I have run the command and gave me the following:

$ python2.7 -c 'import urllib2; print urllib2.urlopen("https://example.org").read();'

Traceback (most recent call last):
  File "<string>", line 2, in <module>
  File "/opt/local/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 154, in urlopen
    return opener.open(url, data, timeout)
  File "/opt/local/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 429, in open
    response = self._open(req, data)
  File "/opt/local/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 447, in _open
    '_open', req)
  File "/opt/local/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 407, in _call_chain
    result = func(*args)
  File "/opt/local/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 1241, in https_open
    context=self._context)
  File "/opt/local/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 1198, in do_open
    raise URLError(err)
urllib2.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)>

[reneeotten (Renee Otten)]

please try again with the latest version and reopen the ticket if the problem persists