psf
`import requests` intermittently fails on windows server 2022
I have an error on a miniconda based python3.11 installation on Windows Server 2022 where import requests fails intermittently for one of my apps. It seems to be an SSL verification issue as far as I can tell.
Expected Result
I expected the requests library to successfully load.
Actual Result
import requests fails with the following stack trace:
Traceback (most recent call last):
File "C:\ProjectName\APPS\py-mysvc\deployed\src\app.py", line 29, in <module>
import mysvc_models
File "C:\ProjectName\APPS\py-mysvc\deployed\src\mysvc_models.py", line 9, in <module>
import mysvc_utils
File "C:\ProjectName\APPS\py-mysvc\deployed\src\mysvc_utils.py", line 17, in <module>
import requests
File "C:\ProjectName\ENV\py-mysvc\Lib\site-packages\requests\__init__.py", line 164, in <module>
from .api import delete, get, head, options, patch, post, put, request
File "C:\ProjectName\ENV\py-mysvc\Lib\site-packages\requests\api.py", line 11, in <module>
from . import sessions
File "C:\ProjectName\ENV\py-mysvc\Lib\site-packages\requests\sessions.py", line 15, in <module>
from .adapters import HTTPAdapter
File "C:\ProjectName\ENV\py-mysvc\Lib\site-packages\requests\adapters.py", line 81, in <module>
_preloaded_ssl_context.load_verify_locations(
ssl.SSLError: [X509] PEM lib (_ssl.c:4154)
Matching this stack trace to the openssl version I have available leads me to SSL_CTX_load_verify_locations but I'm unable to debug the issue further.
Reproduction Steps
I'm unable to consistently reproduce it but it fails at this step.
import requests
System Information
{
"chardet": {
"version": null
},
"charset_normalizer": {
"version": "3.3.2"
},
"cryptography": {
"version": ""
},
"idna": {
"version": "3.10"
},
"implementation": {
"name": "CPython",
"version": "3.11.6"
},
"platform": {
"release": "10",
"system": "Windows"
},
"pyOpenSSL": {
"openssl_version": "",
"version": null
},
"requests": {
"version": "2.32.3"
},
"system_ssl": {
"version": "30300020"
},
"urllib3": {
"version": "2.2.3"
},
"using_charset_normalizer": true,
"using_pyopenssl": false
}
Relevant conda packages:
# Name Version Build Channel
ca-certificates 2024.9.24 haa95532_0
certifi 2024.8.30 py311haa95532_0
cffi 1.17.1 py311h827c3e9_0
h11 0.14.0 py311haa95532_0
h2 4.1.0 pyhd8ed1ab_0 conda-forge
hpack 4.0.0 py_0
httpcore 1.0.6 pyhd8ed1ab_0 conda-forge
httpx 0.27.2 pyhd8ed1ab_0 conda-forge
openssl 3.3.2 h2466b09_0 conda-forge
python 3.11.6 h2628c8c_0_cpython conda-forge
python-certifi-win32 1.2 py311h1ea47a8_6 conda-forge
python_abi 3.11 5_cp311 conda-forge
pywin32 306 py311h12c1d0e_2 conda-forge
wincertstore 0.2 py311haa95532_0
As mentioned above, the issue happens intermittently not continuously as mentioned in the PR. I have indeed recreated the environment in the PR but this does not appear to have fixed the issue.
What would be the best way to improve the logs so that we can determine why SSL_CTX_load_verify_locations fails the next time this reoccurs?
Check System Environment:
Ensure no system-level conflicts affect SSL libraries. For instance, avoid mixing libraries from different environments. or Explicitly specify the SSL context in your application:
import ssl ssl._create_default_https_context = ssl._create_unverified_context
