[New-bugs-announce] [issue36137] SSL verification fails for some sites inside windows docker container

Mika Fischer report at bugs.python.org
Wed Feb 27 09:34:57 EST 2019 

New submission from Mika Fischer <fischer at videmo.de>:

Inside a windows docker container, SSL verification fails for some but not all hosts. 

See this issue over in the docker repo:
https://github.com/docker-library/python/issues/359

Maybe you guys could shed some light on what could be the possible.

To reproduce, install Docker for Windows and then:

This works:
```
docker run -ti python:3.7-windowsservercore-1809 python -c "import urllib.request as r; r.urlopen('https://bootstrap.pypa.io').close()"
```

This doesn't
```
docker run -ti python:3.7-windowsservercore-1809 python -c "import urllib.request as r; r.urlopen('https://google.com').close()"
Traceback (most recent call last):
  File "C:\Python\lib\urllib\request.py", line 1317, in do_open
    encode_chunked=req.has_header('Transfer-encoding'))
  File "C:\Python\lib\http\client.py", line 1229, in request
    self._send_request(method, url, body, headers, encode_chunked)
  File "C:\Python\lib\http\client.py", line 1275, in _send_request
    self.endheaders(body, encode_chunked=encode_chunked)
  File "C:\Python\lib\http\client.py", line 1224, in endheaders
    self._send_output(message_body, encode_chunked=encode_chunked)
  File "C:\Python\lib\http\client.py", line 1016, in _send_output
    self.send(msg)
  File "C:\Python\lib\http\client.py", line 956, in send
    self.connect()
  File "C:\Python\lib\http\client.py", line 1392, in connect
    server_hostname=server_hostname)
  File "C:\Python\lib\ssl.py", line 412, in wrap_socket
    session=session
  File "C:\Python\lib\ssl.py", line 853, in _create
    self.do_handshake()
  File "C:\Python\lib\ssl.py", line 1117, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "C:\Python\lib\urllib\request.py", line 222, in urlopen
    return opener.open(url, data, timeout)
  File "C:\Python\lib\urllib\request.py", line 525, in open
    response = self._open(req, data)
  File "C:\Python\lib\urllib\request.py", line 543, in _open
    '_open', req)
  File "C:\Python\lib\urllib\request.py", line 503, in _call_chain
    result = func(*args)
  File "C:\Python\lib\urllib\request.py", line 1360, in https_open
    context=self._context, check_hostname=self._check_hostname)
  File "C:\Python\lib\urllib\request.py", line 1319, in do_open
    raise URLError(err)
urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)>
```

----------
assignee: christian.heimes
components: SSL
messages: 336761
nosy: Mika Fischer, christian.heimes
priority: normal
severity: normal
status: open
title: SSL verification fails for some sites inside windows docker container
type: behavior
versions: Python 3.6, Python 3.7, Python 3.8

_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue36137>
_______________________________________

More information about the New-bugs-announce mailing list