Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix SSL certificate verification issue #161

Closed
wants to merge 1 commit into from
Closed

Fix SSL certificate verification issue #161

wants to merge 1 commit into from

Conversation

kunaltyagi
Copy link

Detected while using rosdep (ros-infrastructure/rosdep#808)

@kunaltyagi
Copy link
Author

Post the changes in linked PR, the errors detected are:

#7 37.97 Wrote /etc/ros/rosdep/sources.list.d/20-default.list
#7 37.97 Recommended: please run
#7 37.97 
#7 37.97        rosdep update
#7 37.97 
#7 69.46 Warning: running 'rosdep update' as root is not recommended.
#7 69.46   You should run 'sudo rosdep fix-permissions' and invoke 'rosdep update' again without sudo.
#7 69.46 ERROR: error loading sources list:
#7 69.46        <urlopen error <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)> (https://raw.githubusercontent.com/ros/rosdistro/master/index-v4.yaml)>
#7 69.46 reading in sources list data from /etc/ros/rosdep/sources.list.d
#7 69.46 Hit https://raw.githubusercontent.com/ros/rosdistro/master/rosdep/osx-homebrew.yaml
#7 69.46 Hit https://raw.githubusercontent.com/ros/rosdistro/master/rosdep/base.yaml
#7 69.46 Hit https://raw.githubusercontent.com/ros/rosdistro/master/rosdep/python.yaml
#7 69.46 Hit https://raw.githubusercontent.com/ros/rosdistro/master/rosdep/ruby.yaml
#7 69.46 Hit https://raw.githubusercontent.com/ros/rosdistro/master/releases/fuerte.yaml
#7 69.46 Query rosdistro index https://raw.githubusercontent.com/ros/rosdistro/master/index-v4.yaml
------

Investigation pointed to a urlopen without a SSL context from rosdistro

@kunaltyagi
Copy link
Author

Sole CI error is for Python 3.5 which is EOL

@cottsay
Copy link
Member

cottsay commented Oct 15, 2021

PEP 476 states that the default Python behavior is to use the system default certificate database. Manually supplying the context to use certifi, which explicitly states that it is the Mozilla collection, overrides that behavior.

The problem isn't that a context isn't provided, it's that your system's default certificate database isn't able to verify the connection, but Mozilla's database is.

I'm moderately confident that this is a problem with your system configuration.

@kunaltyagi kunaltyagi closed this Dec 4, 2021
@kunaltyagi kunaltyagi deleted the ssl.fix branch December 4, 2021 12:50
@kunaltyagi
Copy link
Author

This is an issue with the distro, so can't really keep this open

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kunaltyagi @cottsay