Ssl: certificate_verify_failed

Simple code like this

with urllib.request.urlopen(TAGS_URL, context=gcontext) as response:
            remonte_json = response.read()

Will give errror about CERTIFICATE_VERIFY_FAILED. From quick search:


We can enable certificate check but real solution is to install the certificates.
/Applications/Python\ 3.6/Install\ Certificates.command
I wonder maybe those certificates should be included with blender?
As far as I know python addon do not have write acces to blender installation folder, so I do not think it is possible to fix from addon.

Blender Python is bundled with the certifi package that includes certificates.

Certificate verification can fail for various reasons. Maybe there are specific certificates missing, maybe the website is using an encryption method that has been deprecated by Python or OpenSSL, etc. Have you confirmed that a lack of certificate files is the problem?

Actually you may be right. The SSL error appears only on some users computers. It may be problem with their network configuration or something. It is hard to me to tell without acess to theirs pc’s.
The more detailed error pring message:

unable to get local issuer certificate (_ssl.c:1076)

But I did not found real solution (I just disabled SHH check in urllib.request.urlopen ).

1 Like

Hello,

I would like to join this discussion, since I’m facing the same problems, although in a different and maybe not that usual environment…

So, to begin, I’m using Blender with Python for optimizing rendering (and other parameters) by applying Evolutionary Algorithms and Deep Neural Networks. For the latter I’m using the framework Pytorch (https://pytorch.org). That means, for installing all the Python 3rd Party libs I need, I directly called the Python executable within the Blender distribution (I’m using 2.82) with pip install (\python3.7m -m pip install ).

The problem I’m facing is that I get the abovementioned error (CERTIFICATE_VALIDATE_FAILED) when Pytorch tries to download pre-trained networks, e.g. from https://download.pytorch.org/models/vgg16-397923af.pth). It does this by simply calling “urlopen”.

Surprisingly I have no troubles starting this in Windows (Windows 10). It works w/o anything to do. Only when I downloaded the Blender Linux executables and started exactly the same code (always with blender -b -P script.py) there (Ubuntu 18.04.4 LTS bionic), it stumbled over the certificates.

Blender Python seems to ignore the certificates when started under Linux, since they are there (in the certifi module in site-packages, as mentioned).

Currently I inserted a workaround before the urlopen call in Pytorch. With

import ssl
ctx = ssl.create_default_context()
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE
u = urlopen(url, context=ctx)

the certificate check is simply switched off. So, I can proceed, there is no rush for an immediate solution, but it would be nice to have one, since in each future update, when I install my Python 3rd party libs, I have to make sure not to forget to insert this workaround. Beyond the fact that although this is all (thankfully) open source, it is not best thing to do, to firstly alter the software you’re applying …

Thanks in advance for any hint,
Andre

I use similar solution and worked ok for one user, but then on Mac user it failed.
Similar problem in CGCookie addon autoupdater: https://github.com/CGCookie/blender-addon-updater/issues/39

In your initial post, i saw a small part you added in the function. I was testing the same thing with your addon. I also looked into the blender updater addon since i worked with it before on mac and also remember the SSL issues in older versions.

I did noticed you had a typo in your call

urllib.request.urlopen(TAGS_URL, context=gcontext)

The “gcontext” in this case. When i use this line in your script, the updater works fine on OSX. There is also another issue why its skipping. The versioning in your JSON isnt concistant. the last 3 version only have 2 decimals in the versioning. where it should 2.22.0 the JSON has 2.22

This code below fixes it for me on OSX 10.11.6 (yeah i know its old) using bl 2.83

context = ssl._create_unverified_context()
zipdata = BytesIO(urllib.request.urlopen(zip_url, context=context).read())

That was with older versions of Blender, before that update it worked fine.

I just now got it to work again on OSX