Skip to content

[SSL: CERTIFICATE_VERIFY_FAILED]  #184

New issue
New issue
Open
#185
Open
[SSL: CERTIFICATE_VERIFY_FAILED] #184
#185
@jkirk

Description

@jkirk
jkirk
opened on Oct 11, 2021

Since 2021-09-30, the day of the Let's Encrypt DST Root CA X3 expiration, pydio-sync stopped working with:

00:57:40 ERROR   140401309402880 Thread-3 [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
Traceback (most recent call last):
  File "/home/pydio/tcAgent/work/a00136d723583ad3/build/pydio-agent/out01-PYZ.pyz/pydio.job.continous_merger", line 460, in run
  File "/home/pydio/tcAgent/work/a00136d723583ad3/build/pydio-agent/out01-PYZ.pyz/pydio.job.continous_merger", line 771, in load_remote_changes_in_store
  File "/home/pydio/tcAgent/work/a00136d723583ad3/build/pydio-agent/out01-PYZ.pyz/pydio.sdkremote.remote", line 407, in changes_stream
  File "/home/pydio/tcAgent/work/a00136d723583ad3/build/pydio-agent/out01-PYZ.pyz/pydio.sdkremote.remote", line 337, in perform_request
  File "/home/pydio/tcAgent/work/a00136d723583ad3/build/pydio-agent/out01-PYZ.pyz/pydio.sdkremote.remote", line 271, in perform_with_tokens
  File "/home/pydio/tcAgent/work/a00136d723583ad3/build/pydio-agent/out01-PYZ.pyz/requests.api", line 65, in get
  File "/home/pydio/tcAgent/work/a00136d723583ad3/build/pydio-agent/out01-PYZ.pyz/requests.api", line 49, in request
  File "/home/pydio/tcAgent/work/a00136d723583ad3/build/pydio-agent/out01-PYZ.pyz/requests.sessions", line 461, in request
  File "/home/pydio/tcAgent/work/a00136d723583ad3/build/pydio-agent/out01-PYZ.pyz/requests.sessions", line 573, in send
  File "/home/pydio/tcAgent/work/a00136d723583ad3/build/pydio-agent/out01-PYZ.pyz/requests.adapters", line 431, in send
SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
00:57:40 ERROR   140401317795584 Thread-1 [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)

This is because a very old list of CA certificates (especially with the now expired root certificate DST Root CA X3 and without the now valid "ISRG Root X1") is included.

We need to update the list of certificates from here, I believe: https://github.com/certifi/python-certifi/blob/master/certifi/cacert.pem

Since there seem to be no new releases, any idea how to create a new build?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions