Unable to locate SSL certificates
CIAO ships with a copy of the openSSL library. This is required to provide access to any encrypted website, ie https://. The library makes use of signed certificates on the users machine; however, the location of that certificate file is OS dependent -- different Linux distributions install the file in different locations.
Some users trying to access an encrypted URL may see an error message like
% python -c 'from urllib import request; request.urlopen("https://cxc.cfa.harvard.edu/ciao/");' Traceback (most recent call last): File "/home/user/ciao-4.13/ots/lib/python3.7/urllib/request.py", line 1254, in do_open h.request(req.get_method(), req.selector, req.data, headers) File "/home/user/ciao-4.13/ots/lib/python3.7/http/client.py", line 1107, in request self._send_request(method, url, body, headers) File "/home/user/ciao-4.13/ots/lib/python3.7/http/client.py", line 1152, in _send_request self.endheaders(body) ... File "/home/user/ciao-4.13/ots/lib/python3.7/ssl.py", line 641, in do_handshake self._sslobj.do_handshake() ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:719) ...
Workaround:
Users can try setting the environment variables: SSL_CERT_FILE and|or SSL_CERT_DIR. These should point to the location of the cert.pm file on the system
bash$ export SSL_CERT_FILE=/etc/ssl/cert.pem bash$ export SSL_CERT_DIR=/etc/ssl/certs or tcsh% setenv SSL_CERT_FILE /etc/ssl/cert.pem tcsh% setenv SSL_CERT_DIR /etc/ssl/certs
If you are unsure where the certificate file is located then open a new terminal and try the following command.
$ python -c "import ssl; print(ssl.get_default_verify_paths())" DefaultVerifyPaths(cafile=None, capath=None, openssl_cafile_env='SSL_CERT_FILE', openssl_cafile='/etc/pki/tls/cert.pem', openssl_capath_env='SSL_CERT_DIR', openssl_capath='/etc/pki/tls/certs')
The SSL_CERT_FILE is the openssl_cafile_env and SSL_CERT_DIR is the openssl_capath_env.