curl-and-python

Re: Error 60: SSL failed under pycurl, but works under normal curl

From: Jacco van Dorp via curl-and-python <curl-and-python_at_cool.haxx.se>
Date: Wed, 10 Jan 2018 10:27:33 +0100

On Tue, Jan 9, 2018 at 6:37 PM, Gisle Vanem via curl-and-python
<curl-and-python_at_cool.haxx.se> wrote:
>
> Jacco van Dorp wrote:
>
>> | * SSL certificate problem: unable to get local issuer certificate
>> | * Closing connection 0
>> | Traceback (most recent call last):
>> | File "C:/Users/User/.PyCharmCE2017.3/config/scratches/scratch.py",
>> line 12, in <module>
>> | curl.perform()
>> | pycurl.error: (60, 'SSL certificate problem: unable to get local
>> issuer certificate')
>
>
> You don't have a %CURL_CA_BUNDLE% set. Or your libcurl was compiled
> without a default CA-bundle. Mine was built with:
> -DCURL_CA_BUNDLE='getenv("CURL_CA_BUNDLE")'
>
> But you can set it in your script; first locate your (or from curl)
> "cacert.pem" and do e.g.:
> curl.setopt(curl.CAINFO, r"f:\net\src\inet\curl\cacert.pem")
>
> Or (not advisable though):
> curl.setopt (curl.SSL_VERIFYPEER, 0)
>
>
> --
> --gv

Thanks for your help. I seem to have fixed this problem, by
downloading the pem file from https://curl.haxx.se/docs/caextract.html
. (After first trying to extract the certificate from the issuer and
converting it with openssl as per
https://curl.haxx.se/docs/sslcerts.html, but that didn't seem to work
for me.)

I've got another problem, tho...very related. Adding just the
"curl.setopt(curl.CAINFO, os.path.abspath(".") + "\\cacert.pem")" to
my earlier python script, the output now looks like:

 --------Start of long log----------

* TCP_NODELAY set
* Connected to us17.api.mailchimp.com (2.16.84.96) port 443 (#0)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: C:\Users\User\Desktop\PythonScripts\jaccoscripts\cacert.pem
  CApath: none
* SSL connection using TLSv1.2 / ECDHE-ECDSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: C=US; ST=Georgia; L=Atlanta; O=The Rocket Science Group,
LLC; OU=IT; CN=wildcardsan2.mailchimp.com
* start date: Aug 29 00:00:00 2017 GMT
* expire date: Aug 29 23:59:59 2018 GMT
* subjectAltName: host "us17.api.mailchimp.com" matched cert's
"*.api.mailchimp.com"
* issuer: C=US; O=Symantec Corporation; OU=Symantec Trust Network;
CN=Symantec Class 3 ECC 256 bit SSL CA - G2
* SSL certificate verify ok.
* Server auth using Basic with user '[REDACTED PASSWORD]'
> GET /3.0/ HTTP/1.1
Host: us17.api.mailchimp.com
Authorization: Basic Yzc1ZTdjNDNiYTM3YjFhOTIyOTg4ZTA2ZTliYjExODMtdXMxNzo=
User-Agent: PycURL/7.43.0.1 libcurl/7.57.0 OpenSSL/1.1.0g zlib/1.2.11
c-ares/1.13.0 libssh2/1.8.0
Accept: */*

-------Notes: Seems like authentication worked, but.....--------------

< HTTP/1.1 401 Unauthorized
< Server: openresty
< Content-Type: application/problem+json; charset=utf-8
< Content-Length: 229
< X-Request-Id: 27f168c2-75cc-4d64-805b-6979c4e3f546
< Link: <https://us17.api.mailchimp.com/schema/3.0/ProblemDetailDocument.json>;
rel="describedBy"
< Date: Wed, 10 Jan 2018 09:06:38 GMT
< Connection: keep-alive
< Set-Cookie: _AVESTA_ENVIRONMENT=prod; path=/
<
* Connection #0 to host us17.api.mailchimp.com left intact
{"type":"http://developer.mailchimp.com/documentation/mailchimp/guides/error-glossary/","title":"API
Key Missing","status":401,"detail":"Your request did not include an
API key.","instance":"27f168c2-75cc-4d64-805b-6979c4e3f546"}

------------End logs------------

It still behave different from the curl command line request. So the
simple question:

Does the seperate user/pwd paramters from pycurl resolve into a
"user:pwd" string, or does it not ? If not, is there a way I can do
this another way ? It would seem to me that the server returns this
because it expects the api key (which is the password), in a certain
way and doesn't get it that way.

Asking this in the same thread because it seems to me that it's still
about a difference in behaviour between curl and pycurl.

The referred error glossary in the response isn't really any help either.

>
> _______________________________________________
> https://cool.haxx.se/cgi-bin/mailman/listinfo/curl-and-python
_______________________________________________
https://cool.haxx.se/cgi-bin/mailman/listinfo/curl-and-python
Received on 2018-01-10