python - CERTIFICATE_VERIFY_FAILED when using urllib to connect to almerys.com -


i trying connect server, token, when trying check connection, getting above error. 1 know why or how make connection kind of secure servers?

here code: 

import requests import json import urllib.request import os  req0 = "http://127.0.0.1:8000/" reqvar  = "https://santeintegration.almerys.com/vfcapi/"  #data = {"ip":"1.1.2.3"} headers = {"authorization":"bearer {eyjhbgcioijsuzi1niisinr5cci6ikpxvcj9.eyjpc3mioijtywmtbgxvewqilcjhdwqioijodhrwczovl3nhbnrlaw50zwdyyxrpb24uywxtzxj5cy5jb20vdmzjyxbplyisim5izii6mtuwmtawndyymcwizxhwijoxntaxmdi2mje3lcjzdwiioijnyxlhiiwiywrtaw4ionrydwv9.kg3duwuqgusywoc9bnezfoqvepzkwkpzhfrbs94skkv86tyys_qip5wzbg53cqmbhsheymzptvnhv6zcad9e9hxt0ibywfn7mdp9wmb60zpddd88tpwpvuxgkescrwhenld-udpwynpeca3wm1htr-cz_d3npm2bdhqjkguyra_zuc3f-xvlvkoc4scv0kd9-qwr-e9cgxctrkcczq4hr13rundc4z6__a13xmaujh4wweci57fsrhumtnjb83t2rdaiesfuwmjxnjrxyehbwgawp5yzwadcjmavqqlty34p5ejtcadb9idfdtaai2sqku_dcvzntm3wm9ows50bjw}"}  request = urllib.request.request(reqvar,headers)#, headers=req_headers) opener = urllib.request.build_opener() response2 = opener.open(request)  html=response2.read() json_obj = json.loads(html) token_string = json_obj["token"].encode("ascii","ignore") print(token_string)

and error below : 

traceback (most recent call last):   file "/library/frameworks/python.framework/versions/3.6/lib/python3.6/urllib/request.py", line 1318, in do_open     encode_chunked=req.has_header('transfer-encoding'))   file "/library/frameworks/python.framework/versions/3.6/lib/python3.6/http/client.py", line 1239, in request     self._send_request(method, url, body, headers, encode_chunked)   file "/library/frameworks/python.framework/versions/3.6/lib/python3.6/http/client.py", line 1285, in _send_request     self.endheaders(body, encode_chunked=encode_chunked)   file "/library/frameworks/python.framework/versions/3.6/lib/python3.6/http/client.py", line 1234, in endheaders     self._send_output(message_body, encode_chunked=encode_chunked)   file "/library/frameworks/python.framework/versions/3.6/lib/python3.6/http/client.py", line 1026, in _send_output     self.send(msg)   file "/library/frameworks/python.framework/versions/3.6/lib/python3.6/http/client.py", line 964, in send     self.connect()   file "/library/frameworks/python.framework/versions/3.6/lib/python3.6/http/client.py", line 1400, in connect     server_hostname=server_hostname)   file "/library/frameworks/python.framework/versions/3.6/lib/python3.6/ssl.py", line 401, in wrap_socket     _context=self, _session=session)   file "/library/frameworks/python.framework/versions/3.6/lib/python3.6/ssl.py", line 808, in __init__     self.do_handshake()   file "/library/frameworks/python.framework/versions/3.6/lib/python3.6/ssl.py", line 1061, in do_handshake     self._sslobj.do_handshake()   file "/library/frameworks/python.framework/versions/3.6/lib/python3.6/ssl.py", line 683, in do_handshake     self._sslobj.do_handshake() ssl.sslerror: [ssl: certificate_verify_failed] certificate verify failed (_ssl.c:748)  during handling of above exception, exception occurred:  traceback (most recent call last):   file "request.py", line 15, in <module>     response2 = opener.open(request)   file "/library/frameworks/python.framework/versions/3.6/lib/python3.6/urllib/request.py", line 526, in open     response = self._open(req, data)   file "/library/frameworks/python.framework/versions/3.6/lib/python3.6/urllib/request.py", line 544, in _open     '_open', req)   file "/library/frameworks/python.framework/versions/3.6/lib/python3.6/urllib/request.py", line 504, in _call_chain     result = func(*args)   file "/library/frameworks/python.framework/versions/3.6/lib/python3.6/urllib/request.py", line 1361, in https_open     context=self._context, check_hostname=self._check_hostname)   file "/library/frameworks/python.framework/versions/3.6/lib/python3.6/urllib/request.py", line 1320, in do_open     raise urlerror(err) urllib.error.urlerror: <urlopen error [ssl: certificate_verify_failed] certificate verify failed (_ssl.c:748)>

does 1 know's why or how make connection kind of secure servers?

you need add ca root almerys sas orange group certificate trust store. almerys sas orange group issuer of server's certificate.

a quick google not revealing download it. have find it. however, certificate aia has:

authority information access:     ca issuers - uri:http://testpki.almerys.com/trustca.cer

so:

$ wget http://testpki.almerys.com/trustca.cer ... saving to: ‘trustca.cer’ trustca.cer         100%[===================>]   1.62k  --.-kb/s    in 0s

then, learn format (asn.1/der or pem). binary data, asn.1/der encoded.

$ file trustca.cer trustca.cer: data

convert pem:

$ openssl x509 -inform der -outform pem -in trustca.cer -out trustca.pem $ cat trustca.pem -----begin certificate----- miigddccbfygawibagicjzawdqyjkozihvcnaqelbqawadelmakga1uebhmcrlix ... uforwjiyc73ahrofaymciywwzcjekofpwkpazvfemn2d0jmmkf9nzwffvxvulwuy n6vhjfs4kroshsql5rkgi1qli+5dfyds -----end certificate-----

now, use trustca.pem ca root urllib or add trust store. see questions add ssl ca file using urllib2 , urllib , validation of server certificate

req0 = "http://127.0.0.1:8000/" reqvar  = "https://santeintegration.almerys.com/vfcapi/"

also note 127.0.0.1:8000 , santeintegration.almerys.com different origins. almerys.com's certificate not validate 127.0.0.1.

for 127.0.0.1 need certificate on local host includes ip address. that, see how create self-signed certificate openssl? certificate need added trust store.

$ openssl s_client -connect santeintegration.almerys.com:443 -tls1 -servername santeintegration.almerys.com | openssl x509 -text -noout depth=1 c = fr, o = almerys sas orange group, ou = 0002 432701639, ou = trusted services, cn = test almerys trust ca verify error:num=20:unable local issuer certificate certificate:     data:         version: 3 (0x2)         serial number: 22501 (0x57e5)     signature algorithm: sha256withrsaencryption         issuer: c=fr, o=almerys sas orange group, ou=0002 432701639, ou=trusted services, cn=test almerys trust ca         validity             not before: feb 29 07:50:04 2016 gmt             not after : feb 28 07:50:04 2018 gmt         subject: c=fr, o=almerys, cn=santeintegration.almerys.com         subject public key info:             public key algorithm: rsaencryption                 public-key: (2048 bit)                 modulus:                     00:a0:5e:c5:0d:f8:4d:52:80:dc:a6:e1:e1:42:c8:                     db:30:ed:11:52:3f:80:e0:73:54:43:81:e3:e4:3b:                     7a:f4:b7:cf:a7:2b:d8:22:42:90:1a:b2:6c:6a:9b:                     b3:7d:49:ce:fc:e5:0e:d1:4a:4d:33:9a:cc:1f:7d:                     d0:47:18:28:cc:6d:9f:78:b1:f4:71:2b:73:a5:11:                     4a:25:f2:42:c3:66:2a:95:e2:7c:65:1d:f1:46:65:                     68:e0:f1:c1:91:92:27:0d:ac:32:17:b5:67:63:41:                     0e:4b:8c:00:0e:cd:b8:94:55:91:5c:04:4b:16:03:                     ef:dc:05:81:4d:cd:91:d5:3a:ae:20:b4:1f:fe:9f:                     04:21:c9:04:e2:09:e5:df:58:35:f2:c5:7f:34:34:                     c1:71:27:02:24:ed:c2:d8:90:c1:19:35:7f:69:59:                     11:61:da:05:c2:77:dd:5a:d7:e7:22:37:96:6d:bd:                     0e:97:2e:f3:34:22:66:e1:27:57:4e:33:23:43:f8:                     2a:a5:a2:f6:6d:ca:37:14:cd:aa:b2:e1:9e:cb:73:                     ee:09:17:19:1e:66:33:4f:c7:f2:a1:16:e9:9a:33:                     26:5f:f2:45:48:eb:04:b1:b8:5f:36:58:a2:97:b6:                     98:8d:17:58:44:f9:92:94:66:64:7f:29:95:93:18:                     d9:37                 exponent: 65537 (0x10001)         x509v3 extensions:             x509v3 extended key usage:                 tls web server authentication             x509v3 subject key identifier:                 41:ee:b2:b4:42:25:ec:6b             x509v3 authority key identifier:                 keyid:1f:ce:44:5c:5b:7f:a5:83:23:f7:74:0b:cd:58:c5:7c:ba:c2:f3:2c              authority information access:                 ca issuers - uri:http://testpki.almerys.com/trustca.cer              x509v3 key usage:                 digital signature, key encipherment, data encipherment             x509v3 crl distribution points:                  full name:                   uri:http://testpki.almerys.com/trustca.crl      signature algorithm: sha256withrsaencryption          62:59:12:7c:90:55:2c:37:cd:20:b4:be:f0:fa:ef:eb:ad:b0:          17:56:37:48:0e:a1:c4:00:a6:07:58:d1:7f:85:b1:42:f2:7a:          a3:cd:9f:42:a8:99:5a:26:5b:6c:01:d5:8d:a6:f1:73:22:34:          2a:bb:88:91:c9:50:a9:4a:be:66:ea:7b:c2:6d:36:21:6d:fc:          83:d1:0a:14:b4:62:c8:9c:a2:02:2a:3e:3d:ff:75:a0:a5:f4:          2c:69:93:97:06:05:72:ad:12:1e:c8:62:f9:18:b5:fb:f8:82:          61:a5:a9:5b:bb:1d:28:35:cf:cb:d8:d0:4c:7d:09:db:1b:ec:          bd:1b:3b:c1:06:df:3f:44:07:38:ac:f7:79:d7:68:35:c4:94:          da:74:19:97:94:f8:05:bc:e6:bf:8c:c4:49:87:21:96:5d:f2:          13:ea:e9:17:ec:ed:2d:a8:cd:ee:fe:68:e9:42:4f:64:a6:49:          f0:01:87:05:fa:a6:61:12:e3:f7:73:74:24:b2:70:a6:34:cd:          34:6d:0b:45:a1:40:8d:3f:9d:02:b7:df:1c:96:de:3a:bb:72:          35:6e:7b:bb:bb:61:8a:77:ce:63:b7:5e:cb:54:11:72:8d:1f:          8d:fe:34:de:ba:cc:86:1e:06:30:3c:ae:5b:16:91:22:64:dc:          6d:14:55:95:bb:74:62:a9:78:94:4d:b0:e0:1f:f6:b3:24:9c:          94:0e:da:2d:9e:d1:9d:7c:c2:0a:70:e0:74:f5:b3:de:4c:d0:          fa:79:01:b1:fb:fb:5f:b8:21:37:50:63:12:c7:c6:f4:33:90:          a2:80:0d:6c:af:be:6c:bd:3e:8c:aa:14:6c:13:67:a5:57:44:          13:9a:75:52:9e:53:03:0f:bb:09:e1:f4:e9:ae:1e:e0:d2:4c:          23:fa:9c:2a:b1:75:66:96:08:a7:19:59:c3:95:3a:c6:9d:21:          68:5e:0e:f1:d5:34:b5:08:e3:03:a0:8f:47:9e:32:dc:e8:df:          8b:32:b4:a0:d8:d5:60:ac:33:2f:b6:81:13:50:fa:1b:88:d8:          3c:33:76:c2:8a:bf:d2:60:3a:e1:8e:e3:4a:ac:26:72:c7:12:          7e:24:09:19:f3:6c:80:3b:15:e4:0a:a6:c5:a2:2e:70:ef:f5:          43:12:ca:23:2c:b9:da:8e:c7:37:52:41:86:b9:c2:1a:e9:6f:          a8:1c:0e:2b:b0:80:f9:d8:dd:80:e9:12:a4:cf:75:3b:ca:2b:          45:0e:29:f0:6e:c5:77:4b:d4:41:d9:c9:7b:b2:2c:3e:ff:29:          de:15:e1:26:5d:03:88:14:fd:3f:24:fc:4d:c2:d5:13:38:24:          f1:07:06:af:d9:30:c4:e0

Comments

Post a Comment

Popular posts from this blog

node.js - Node js - Trying to send POST request, but it is not loading javascript content -

i have been trying send post request website, , has not been loading full site. i guessing problem node js not loading javascript content, executing it. can see javascript in response, though never loads content javascript files producing in html. what mean is, doesn't execute javascript. how make node js code overcome this, , wait the full website load? have tried native code, , "request' module, both producing same errors. if helps, don't need native javascript. modules fine. some code have tried (request module): var options = { method: 'post', uri: 'https://url', formdata: { 'email': 'email', 'prize': '0', 'transactional': 'on' }, headers: { /* 'content-type': 'application/x-www-form-urlencoded' */ // set automatically } }; rp(options) .then(function (body) { console.log(body) }) .catch(function (err) { console.log(err) }); when fetch content...
Read more

javascript - Replicate keyboard event with html button -

i have tried few ways make happen. have javascript pinball game uses keyboard keys controls. converting application touch screen display. workaround, hoping overlay buttons when clicked simulate keyboard strokes. have done research , sounds should work. using jquery v3.2.1 here things have tried far... html element: <input type="button" class="coil"></input> $('.coil').trigger({type: 'keydown', which: 40, keycode: 40}); with this, not errors, nothing happens. var coilkey = $('body').keydown(function(e) { switch (e.keycode) { case 40: break;} }) $('.coil').click(coilkey); this 1 returns error in console... ((jquery.event.special[handleobj.origtype] || (intermediate value)).handle || handleobj.handler).apply not function below javascript game engine handles key listeners... addkeylistener: function (keyandlistener) { this.keylisteners.push(keyandlistener); }, // gi...
Read more

javascript - Web audio api 5.1 surround example not working in firefox -

i've been playing lott lately web audio api on both firefox , chrome. few days ago started experiment surround set. when trying surround audio in web audio api came notice example works fine in chrome v59 not in firefox v54. // create web audio api context var audioctx = new (window.audiocontext || window.webkitaudiocontext)(); audioctx.destination.channelinterpretation = 'discrete'; audioctx.destination.channelcountmode = 'explicit'; audioctx.destination.channelcount = 6; var oscillators = []; var merger = audioctx.createchannelmerger(6); console.log(audioctx.destination, merger); //merger.channelinterpretation = 'discrete'; //merger.channelcountmode = 'explicit'; //merger.channelcount = 6; var addoscilator = function(channel, frequency) { var oscillator = audioctx.createoscillator(); oscillator.frequency.value = frequency; // value in hertz oscillator.connect(merger,0,channel); oscillator.start(); oscillators.push(o...
Read more