[pypy-issue] Issue #2832: SSL certificate verification fails after fork() (pypy/pypy)

Karan Lyons issues-reply at bitbucket.org
Fri May 18 09:36:30 EDT 2018


New issue 2832: SSL certificate verification fails after fork()
https://bitbucket.org/pypy/pypy/issues/2832/ssl-certificate-verification-fails-after

Karan Lyons:

The attached script reproduces the error. On Python 3.5.3 it outputs:

```
#!python

b'{"headers":{"Accept-Encoding":"identity","Connection":"close","Host":"httpbin.org"}}\n'
b'{"headers":{"Accept-Encoding":"identity","Connection":"close","Host":"httpbin.org"}}\n'
```

However on PyPy 6.0.0 (fdd60ed87e941677e8ea11acf9f1819466521bf2) the request after `fork()` fails:

```
#!python

b'{"headers":{"Accept-Encoding":"identity","Connection":"close","Host":"httpbin.org"}}\n'

Traceback (most recent call last):
  File "pypy_ssl_after_fork_bug.py", line 16, in <module>
    print(request())
  File "pypy_ssl_after_fork_bug.py", line 8, in request
    connection.request('GET', '/headers')
  File "/usr/local/Cellar/pypy3/6.0.0/libexec/lib-python/3/http/client.py", line 1107, in request
    self._send_request(method, url, body, headers)
  File "/usr/local/Cellar/pypy3/6.0.0/libexec/lib-python/3/http/client.py", line 1152, in _send_request
    self.endheaders(body)
  File "/usr/local/Cellar/pypy3/6.0.0/libexec/lib-python/3/http/client.py", line 1103, in endheaders
    self._send_output(message_body)
  File "/usr/local/Cellar/pypy3/6.0.0/libexec/lib-python/3/http/client.py", line 934, in _send_output
    self.send(msg)
  File "/usr/local/Cellar/pypy3/6.0.0/libexec/lib-python/3/http/client.py", line 877, in send
    self.connect()
  File "/usr/local/Cellar/pypy3/6.0.0/libexec/lib-python/3/http/client.py", line 1261, in connect
    server_hostname=server_hostname)
  File "/usr/local/Cellar/pypy3/6.0.0/libexec/lib-python/3/ssl.py", line 385, in wrap_socket
    _context=self)
  File "/usr/local/Cellar/pypy3/6.0.0/libexec/lib-python/3/ssl.py", line 760, in __init__
    self.do_handshake()
  File "/usr/local/Cellar/pypy3/6.0.0/libexec/lib-python/3/ssl.py", line 996, in do_handshake
    self._sslobj.do_handshake()
  File "/usr/local/Cellar/pypy3/6.0.0/libexec/lib-python/3/ssl.py", line 641, in do_handshake
    self._sslobj.do_handshake()
  File "/usr/local/Cellar/pypy3/6.0.0/libexec/lib_pypy/_cffi_ssl/_stdssl/__init__.py", line 355, in do_handshake
    raise pyssl_error(self, ret)
_cffi_ssl._stdssl.error.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] error:14007086:SSL routines:CONNECT_CR_CERT:certificate verify failed
```




More information about the pypy-issue mailing list