Announcement: TLSv1.2 will become mandatory in the future for Python.org Sites

dieter dieter at handshake.de
Sat Jan 14 04:03:26 EST 2017


oliver <oliver.schoenborn at gmail.com> writes:

> When I run this per email from my work laptop,
>
> python3 -c "import urllib.request,json;
> print(json.loads(urllib.request.urlopen('
> https://www.howsmyssl.com/a/check').read())['tls_version'])"
>
> I get the following traceback:
> ...
> File "c:\Python35\lib\ssl.py", line 633, in do_handshake
> self._sslobj.do_handshake()
> ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
> (_ssl.c:645)

I guess (!) that somehow the well known trusted CA (= "Certificate authority")
certificates are incomplete on your machine.

Certificate verification works as follows:
a certificate is always signed by a certificate authority ("CA");
for a certificate to be trusted, the signing CA must be trusted.
There may be several trust steps but finally, there must be
some "CA" that you are trusting "without further proof".
The certificates of those "CA"s are somewhere stored on your machine.

Apparently, the "https" servers you have problems with
are using a CA which is not declared trusted on your machine
(by installing the appropriate certificate at the correct place).



More information about the Python-list mailing list