gpsoauth
gpsoauth copied to clipboard
Published
20 hours ago •
simon-weber
simon-weber
Max retries exceeded with url: /auth
During using gkeepapi, I occasionally meet this error:
requests.exceptions.SSLError: HTTPSConnectionPool(host='android.clients.google.com', port=443): Max retries exceeded with url: /auth (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1000)')))
I suppose this is the problem of this library, so I ask it here. Is it correct? If so, how to fix it?
Here is the full error:
/usr/lib/python3/dist-packages/urllib3/util/ssl_.py:372: SNIMissingWarning: An HTTPS request has been made, but the SNI (Server Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
warnings.warn(
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 665, in urlopen
httplib_response = self._make_request(
^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 376, in _make_request
self._validate_conn(conn)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 996, in _validate_conn
conn.connect()
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 366, in connect
self.sock = ssl_wrap_socket(
^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 383, in ssl_wrap_socket
return context.wrap_socket(sock)
^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.12/ssl.py", line 455, in wrap_socket
return self.sslsocket_class._create(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.12/ssl.py", line 1046, in _create
self.do_handshake()
File "/usr/lib/python3.12/ssl.py", line 1317, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1000)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 439, in send
resp = conn.urlopen(
^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 719, in urlopen
retries = retries.increment(
^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 436, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='android.clients.google.com', port=443): Max retries exceeded with url: /auth (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1000)')))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "//tranky.py", line 23, in <module>
keep.login(id, pw)
File "/usr/local/lib/python3.12/dist-packages/gkeepapi/__init__.py", line 697, in login
ret = auth.login(email, password, device_id)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/dist-packages/gkeepapi/__init__.py", line 54, in login
res = gpsoauth.perform_master_login(self._email, password, self._device_id)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/dist-packages/gpsoauth/__init__.py", line 143, in perform_master_login
return _perform_auth_request(data, proxy)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/dist-packages/gpsoauth/__init__.py", line 86, in _perform_auth_request
res = session.post(AUTH_URL, data=data, verify=True)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 583, in post
return self.request('POST', url, data=data, json=json, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 535, in request
resp = self.send(prep, **send_kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 648, in send
r = adapter.send(request, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 514, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='android.clients.google.com', port=443): Max retries exceeded with url: /auth (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1000)')))
That SNIMissingWarning makes me think there's an issue with your system python's tls setup. Usually that has to do with how you installed python or openssl, or maybe the versions of related python packages (like requests or urllib3).
I got this when I use python 12rc on Ubuntu 20.04 (docker). When I change to python 11 it's solved
Adding context.load_default_certs() to https://github.com/simon-weber/gpsoauth/blob/e08bb6e100f9c0015b085f112f924a0fee173ba4/gpsoauth/init.py#L69-L80
fixes the issue for me. I'm not sure why this is not an issue universally, the SSLContext simply has an empty certificate store upon initialisation on my machine. Python 3.12.3
>>> import ssl
>>> s = ssl.SSLContext()
>>> s.cert_store_stats()
{'x509': 0, 'crl': 0, 'x509_ca': 0}
>>> s.load_default_certs()
>>> s.cert_store_stats()
{'x509': 147, 'crl': 0, 'x509_ca': 147}
>>>
Hm. I don't see any harm in adding load_default_certs. I'm also not sure why it's not a bigger problem to have them go unloaded.