flask-oauth icon indicating copy to clipboard operation
flask-oauth copied to clipboard
verified publisher icon mitsuhiko

certificate verify failed

Open xinthink opened this issue 13 years ago • 7 comments

I'm using flask_oauth in an app deployed on heroku.

And 'certificate verify failed' occurs when requesting the access token from https://api.weibo.com. But it's ok to access the website in browser, no certificate warning.

So, how can I just ignore the ssl certificate verification?

Stack trace:

File "/Volumes/ws/prj/mark1x/venv/lib/python2.7/site-packages/flask_oauth.py", line 429, in decorated
  data = self.handle_oauth2_response()
File "/Volumes/ws/prj/mark1x/venv/lib/python2.7/site-packages/flask_oauth.py", line 400, in handle_oauth2_response
  resp, content = self._client.request(url, self.access_token_method)
File "/Volumes/ws/prj/mark1x/venv/lib/python2.7/site-packages/oauth2/__init__.py", line 682, in request
  connection_type=connection_type)
File "/Volumes/ws/prj/mark1x/venv/lib/python2.7/site-packages/httplib2/__init__.py", line 1597, in request
  (response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
File "/Volumes/ws/prj/mark1x/venv/lib/python2.7/site-packages/httplib2/__init__.py", line 1345, in _request
  (response, content) = self._conn_request(conn, request_uri, method, body, headers)
File "/Volumes/ws/prj/mark1x/venv/lib/python2.7/site-packages/httplib2/__init__.py", line 1281, in _conn_request
  conn.connect()
File "/Volumes/ws/prj/mark1x/venv/lib/python2.7/site-packages/httplib2/__init__.py", line 1036, in connect
  raise SSLHandshakeError(e)
SSLHandshakeError: [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

xinthink avatar Apr 13 '13 14:04 xinthink

Yup I have the same problem.

enewhuis avatar Aug 15 '13 04:08 enewhuis

Ditto, did you guys have any success figuring this one out?

balanceiskey avatar Dec 18 '13 20:12 balanceiskey

My solution is to add additional http options to python-oauth2 and flask-oauth: https://github.com/simplegeo/python-oauth2/pull/136 https://github.com/xinthink/flask-oauth/commit/8be4c2e244a4ed516e7dc5e2529d5650b1be78f0

xinthink avatar Dec 19 '13 01:12 xinthink

So I was actually able to remedy this by adding more entries to the cacert.txt, per this thread: http://stackoverflow.com/questions/9270195/python-ssl-issue-with-oauth2

Note this appears to be more of an issue for httplib2 than for flask-oauth.

balanceiskey avatar Dec 19 '13 01:12 balanceiskey

Hey guys, we just merged some changes in joestump/python-auth2 that should help :)

jaitaiwan avatar Jul 29 '15 11:07 jaitaiwan

In case it helps anyone other than myself. :) Newer versions of urllib2 verify ssl certificates by default. You can override this behavior by monkey patching the http_request method of the flask_oauthlib.client.OAuth class.

import ssl
from flask_oauthlib.client import OAuth, prepare_request, http


auth = oauth.remote_app()


def net_http_request(uri, headers=None, data=None, method=None):
    '''
    Method for monkey patching 'flask_oauthlib.client.OAuth.http_request'
    This version allows for insecure SSL certificates
    '''
    uri, headers, data, method = prepare_request(
        uri, headers, data, method
    )
    req = http.Request(uri, headers=headers, data=data)
    req.get_method = lambda: method.upper()
    try:
        resp = http.urlopen(req, context=ssl._create_unverified_context())
        content = resp.read()
        resp.close()
        return resp, content
    except http.HTTPError as resp:
        content = resp.read()
        resp.close()
        return resp, content

auth.http_request = new_http_request

dwoz avatar May 06 '17 22:05 dwoz

Thanks @dwoz! it helped to do quick fix

just typo: new_http_request must be net_http_request

gbrian avatar Feb 09 '21 17:02 gbrian