Invalid and/or missing SSL certificate when using Google App Engine

Question

UPDATE: Please, if anyone can help: Google is waiting for inputs and examples of this problem on their bug tracking tool. If you have reproducible steps for this issue, please share them on: https://code.google.com/p/googleappengine/issues/detail?id=10937

I'm trying to fetch data from the StackExchange API using a Google App Engine backend. As you may know, some of StackExchange's APIs are site-specific, requiring developers to run queries against every site the user is registered in.

So, here's my backend code for fetching timeline data from these sites. The feed_info_site variable holds the StackExchange site name (such as 'security', 'serverfault', etc.).

    data = json.loads(urllib.urlopen("%sme/timeline?%s" %          (self.API_BASE_URL, urllib.urlencode({"pagesize": 100,          "fromdate": se_since_timestamp, "filter": "!9WWBR         (nmw", "site": feed_info_site, "access_token":      decrypt(self.API_ACCESS_TOKEN_SECRET, self.access_token), "key":  self.API_APP_KEY}))).read()) for item in data['items']:     ... # code for parsing timeline items 

When running this query on all sites except Stack Overflow, everything works OK. What's weird is, when the feed_info_site variable is set to 'stackoverflow', I get the following error from Google App Engine:

    HTTPException: Invalid and/or missing SSL certificate for URL:  https://api.stackexchange.com/2.2/me/timeline? filter=%219WWBR%28nmw&access_token=     <ACCESS_TOKEN_REMOVED>&fromdate=1&pagesize=100&key= <API_KEY_REMOVED>&site=stackoverflow 

Of course, if I run the same query in Safari, I get the JSON results I'm expecting from the API. So the problem really lies in Google's URLfetch service. I found several topics here on Stack Overflow related to similar HTTPS/SSL exceptions, but no accepted answer solved my problems. I tried removing cacerts.txt files. I also tried making the call with validate_certificate=False, with no success.

I think the problem is not strictly related to HTTPS/SSL. If so, how would you explain that changing a single API parameter would make the request to fail?

Answer 1

1. Wait for the next update to the app engine (scheduled one soon) then update.
2. Replace browserid.org/verify with another service (verifier.loogin.persona.org/verify is a good service hosted by Mozilla what could be used)
3. Make sure cacerts.txt doesnt exist (looks like you have sorted but just in-case :-) )
4. Attempt again Good luck! -Brendan