Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

SSLError in Requests when packaging as OS X .app

I'm developing an application for OS X. The application involves communicating with a server through python-requests, using a secure connection.

I am able to run the python file I intend to package, and it succeeds with the SSL connection. However, when I package the file with py2app and try to run it, I get the following error:

Traceback (most recent call last):
File "/Users/yossi/Documents/repos/drunken-octo-nemesis/dist/drunken-octo.app/Contents/Resources/__boot__.py", line 338, in <module>
    _run()
File "/Users/yossi/Documents/repos/drunken-octo-nemesis/dist/drunken-octo.app/Contents/Resources/__boot__.py", line 333, in _run
    exec(compile(source, path, 'exec'), globals(), globals())
File "/Users/yossi/Documents/repos/drunken-octo-nemesis/dist/drunken-octo.app/Contents/Resources/media_test.py", line 16, in <module>
    cmpbl.syncWithCloud()
File "src/compare_book_lists.pyc", line 172, in syncWithCloud
File "src/compare_book_lists.pyc", line 64, in checkMediaOnCloud
File "src/get_cloud_book_list.pyc", line 26, in getCloudFulfilledBookList
File "requests/api.pyc", line 55, in get
File "requests/api.pyc", line 44, in request
File "requests/sessions.pyc", line 354, in request
File "requests/sessions.pyc", line 460, in send
File "requests/adapters.pyc", line 250, in send
requests.exceptions.SSLError: [Errno 185090050] _ssl.c:340: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib
2013-06-12 11:39:49.119 drunken-octo[1656:707] drunken-octo Error

I was able to package part of my application successfully. The problem begins when the target file depends, somewhere in the chain, on Requests.

I am using zc.buildout to organize my imports. Therefore, I am running in a local python interpreter created by the buildout, so any fixes, unfortunately, will be easier to implement if they don't involve modifying the system Python. However, all suggestions are welcome, and I'll do my best to modify them for my specifics.

This only happens when I run the packaged app. Any ideas?

like image 734
trekkieyk Avatar asked Jun 12 '13 17:06

trekkieyk


2 Answers

The easiests workaround is to add an option for py2app to your setup.py file:

setup(
   ...
   options={
      'py2app':{
          'packages': [ 'requests' ]
       }
   }
)

This includes the entire package into the application bundle, including the certificate bundle.

I've filed an issue for this in my py2app tracker, a future version of py2app will include logic to detect the use of the request library and will copy the certificate bundle automaticly.

like image 145
Ronald Oussoren Avatar answered Sep 20 '22 18:09

Ronald Oussoren


Requests uses a bundle of ceritificates to verify a servers identity. This bundle is kept (it has to be) in an independent file. Normally requests ships with its own bundle, but if packaged into a single file the bundle is lost. You can ship a new bundle alongside your app or let requests use the systemwide certificate. (I don't know, where OS X keeps this file, but on my linux box its /etc/ssl/certs/ca-certificates.crt)

To see, where requests expects the file you can do this:

import requests
print(requests.certs.where())

To change the location, where requests looks for the bundle you can pass the verify-parameter with a string value:

import requests
requests.get("https://httpbin.org/", verify="path/to/your/bundle")

If you don't want to pass the parameter every time, create a session and configure it to use your bundle:

import requests
s = requests.Session()
s.verify = "path/to/your/bundle"
s.get("https://httpbin.org")
like image 26
t-8ch Avatar answered Sep 21 '22 18:09

t-8ch