CERTIFICATE_VERIFY_FAILED in Python 3.6, the official installer for macOS

The contents of this article are all written in ** Important Information ** of the installer, but I will leave it because I am addicted to it if I do not notice it.

Pythonインストーラーの大切な情報

problem

Using Python 3.6 installed with the official installer for macOS distributed on python.org, when trying to get the https: // web page with ʻurllib.request.urlopen () `, I get the following error: Occurs.

Traceback (most recent call last):
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/urllib/request.py", line 1318, in do_open
    encode_chunked=req.has_header('Transfer-encoding'))
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/http/client.py", line 1239, in request
    self._send_request(method, url, body, headers, encode_chunked)
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/http/client.py", line 1285, in _send_request
    self.endheaders(body, encode_chunked=encode_chunked)
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/http/client.py", line 1234, in endheaders
    self._send_output(message_body, encode_chunked=encode_chunked)
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/http/client.py", line 1026, in _send_output
    self.send(msg)
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/http/client.py", line 964, in send
    self.connect()
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/http/client.py", line 1400, in connect
    server_hostname=server_hostname)
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/ssl.py", line 401, in wrap_socket
    _context=self, _session=session)
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/ssl.py", line 808, in __init__
    self.do_handshake()
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/ssl.py", line 1061, in do_handshake
    self._sslobj.do_handshake()
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/ssl.py", line 683, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:749)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/urllib/request.py", line 223, in urlopen
    return opener.open(url, data, timeout)
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/urllib/request.py", line 526, in open
    response = self._open(req, data)
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/urllib/request.py", line 544, in _open
    '_open', req)
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/urllib/request.py", line 504, in _call_chain
    result = func(*args)
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/urllib/request.py", line 1361, in https_open
    context=self._context, check_hostname=self._check_hostname)
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/urllib/request.py", line 1320, in do_open
    raise URLError(err)
urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:749)>

Other modules that use the ssl module should get the same error when validating the server certificate.

Cause

Since OpenSSL installed by default on macOS is too old, since Python 3.6, the installer for macOS includes OpenSSL and the system's OpenSSL is no longer referenced.

As a result, the root certificate installed in the OS is not referenced, and the root certificate is not included in the state immediately after installation [^ 1]. As a result, TLS server certificate validation fails.

approach

The following command will download the certifi module and reference the root certificate contained therein.

$ /Applications/Python\ 3.6/Install\ Certificates.command

Before execution:

$ ls -l /Library/Frameworks/Python.framework/Versions/3.6/etc/openssl/

After execution:

$ ls -l /Library/Frameworks/Python.framework/Versions/3.6/etc/openssl/
total 8
lrwxr-xr-x  1 orange  admin  52  3 22 23:00 cert.pem -> ../../lib/python3.6/site-packages/certifi/cacert.pem

In this case, it says to subscribe to the certifi project mailing list to properly update as the root certificate renews.

from now on

I don't want the current situation where users have to update their certificates individually, so DSAS Developer's Room: Recent Python-dev (2017-03) /archives/2017-03/python-dev-201703.html) Make OS certificates available using TLS implementations other than OpenSSL PEP 543 I think it will lead to the story of org / dev / peps / pep-0543 /).

reference

[^ 1]: pip ships with a root certificate, so pip install works.

Recommended Posts

CERTIFICATE_VERIFY_FAILED in Python 3.6, the official installer for macOS
MongoDB for the first time in Python
Tips for hitting the ATND API in Python
How to run python in virtual space (for MacOS)
Download the file in Python
Find the difference in Python
Search for strings in Python
OpenCV3 installation for Python3 @macOS
Techniques for sorting in Python
About "for _ in range ():" in python
Check the operation of Python for .NET in each environment
[Understand in the shortest time] Python basics for data analysis
Google search for the last line of the file in Python
Check for memory leaks in Python
Getting the arXiv API in Python
Check for external commands in python
Python in the browser: Brython's recommendation
Save the binary file in Python
Hit the Sesami API in Python
Get the desktop path in Python
Get the script path in Python
In the python command python points to python3.8
Implement the Singleton pattern in Python
Hit the web API in Python
See python for the first time
I wrote the queue in Python
Calculate the previous month in Python
Examine the object's class in python
Get the desktop path in Python
What is the python underscore (_) for?
Run unittests in Python (for beginners)
Get the host name in Python
Access the Twitter API in Python
The first step in Python Matplotlib
I wrote the stack in Python
Command for the current directory Python
Master the weakref module in Python
Get the Ticker Symbol for US exchange listed stocks in Python
Wrap (part of) the AtCoder Library in Cython for use in Python
Automatically resize screenshots for the App Store for each screen in Python
[Introduction to Python] How to use the in operator in a for statement?
Dockerfile with the necessary libraries for natural language processing in python
Review the basics in 1 minute! Python Priority queue for fast minimums
Try using FireBase Cloud Firestore in Python for the time being
Learn the design pattern "Prototype" in Python
Learn the design pattern "Builder" in Python
Load the remote Python SDK in IntelliJ
Introducing the BOT framework Minette for Python
Try using the Wunderlist API in Python
Python development environment for macOS using venv 2016
Check the behavior of destructor in Python
Add syntax highlighting for the Kv language to Spyder in the Python IDE
Learn the design pattern "Flyweight" in Python
Try using the Kraken API in Python
Learn the design pattern "Observer" in Python
Learn the design pattern "Memento" in Python
[Python] Sweet Is it sweet? About suites and expressions in the official documentation
Learn the design pattern "Proxy" in Python
Notes on nfc.ContactlessFrontend () for nfcpy in python
Write the test in a python docstring
Inject is recommended for DDD in Python