Invalid SSL Certificate for https://yottabuild.org is preventing yotta build from working #744

Closed
bitbangr opened this Issue Mar 19, 2016 · 4 comments

Comments

Projects
None yet
3 participants
@bitbangr

Running OS X 10.10.5 Yosemite running on Macbook Air
used installer yotta_osx_installer_v0.0.4.dmg

Got the following error when running -> yotta search target "x86-osx-native"

(yotta workspace) ~/Documents/VHS/oshchip/blinky $ yotta search target "x86-osx-native" Traceback (most recent call last): File "/Applications/yotta.app/Contents/Resources/workspace/bin/yotta", line 4, in <module> yotta.main() File "/Applications/yotta.app/Contents/Resources/workspace/lib/python2.7/site-packages/yotta/main.py", line 239, in main status = args.command(args, following_args) File "/Applications/yotta.app/Contents/Resources/workspace/lib/python2.7/site-packages/yotta/search.py", line 53, in execCommand for result in registry_access.search(query=args.query, keywords=args.kw, registry=args.registry): File "/Applications/yotta.app/Contents/Resources/workspace/lib/python2.7/site-packages/yotta/lib/registry_access.py", line 679, in search response = requests.get(url, headers=headers, params=params) File "/Applications/yotta.app/Contents/Resources/workspace/lib/python2.7/site-packages/requests/api.py", line 69, in get return request('get', url, params=params, **kwargs) File "/Applications/yotta.app/Contents/Resources/workspace/lib/python2.7/site-packages/requests/api.py", line 50, in request response = session.request(method=method, url=url, **kwargs) File "/Applications/yotta.app/Contents/Resources/workspace/lib/python2.7/site-packages/requests/sessions.py", line 471, in request resp = self.send(prep, **send_kwargs) File "/Applications/yotta.app/Contents/Resources/workspace/lib/python2.7/site-packages/requests/sessions.py", line 579, in send r = adapter.send(request, **kwargs) File "/Applications/yotta.app/Contents/Resources/workspace/lib/python2.7/site-packages/requests/adapters.py", line 430, in send raise SSLError(e, request=request) requests.exceptions.SSLError: ("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",)

Checking the https://yottabuild.org shows the following error in chrome.

yottabuildsslerror

@bitbangr bitbangr changed the title from SSL: CERTIFICATE_VERIFY_FAILED - OpenSSL Versioning and Certificate Locations to OS X SSL: CERTIFICATE_VERIFY_FAILED - OpenSSL Versioning and Certificate Locations Mar 19, 2016

@bitbangr

This comment has been minimized.

Show comment
Hide comment
@bitbangr

bitbangr Mar 19, 2016

There seems to be an issue with the Certificates for the domains that require network access.

Could this be what is causing the errors in Target and Build commands?

http://yottadocs.mbed.com/reference/registry.html#network-access

https://registry.yottabuild.org

(yotta workspace) ~/Documents/VHS/oshchip/blinky $ wget https://registry.yottabuild.org
--2016-03-18 17:51:28-- https://registry.yottabuild.org/
Resolving registry.yottabuild.org... 54.243.54.152, 54.235.218.129, 107.20.190.36
Connecting to registry.yottabuild.org|54.243.54.152|:443... connected.
ERROR: cannot verify registry.yottabuild.org's certificate, issued by 'CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB':
Unable to locally verify the issuer's authority.
To connect to registry.yottabuild.org insecurely, use `--no-check-certificate'.

yottabuild org cert issue

There seems to be an issue with the Certificates for the domains that require network access.

Could this be what is causing the errors in Target and Build commands?

http://yottadocs.mbed.com/reference/registry.html#network-access

https://registry.yottabuild.org

(yotta workspace) ~/Documents/VHS/oshchip/blinky $ wget https://registry.yottabuild.org
--2016-03-18 17:51:28-- https://registry.yottabuild.org/
Resolving registry.yottabuild.org... 54.243.54.152, 54.235.218.129, 107.20.190.36
Connecting to registry.yottabuild.org|54.243.54.152|:443... connected.
ERROR: cannot verify registry.yottabuild.org's certificate, issued by 'CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB':
Unable to locally verify the issuer's authority.
To connect to registry.yottabuild.org insecurely, use `--no-check-certificate'.

yottabuild org cert issue

@bitbangr bitbangr changed the title from OS X SSL: CERTIFICATE_VERIFY_FAILED - OpenSSL Versioning and Certificate Locations to Invalid SSL Certificate for https://yottabuild.org is preventing yotta build from working Mar 19, 2016

@autopulated

This comment has been minimized.

Show comment
Hide comment
@autopulated

autopulated Mar 21, 2016

Contributor

The registry has a new cert (since last week), but it's definitely valid and installed correctly. Possibly you have a very old set of root certificates which is being used.

Note that the yottabuild.org root domain redirects, so to test the certificate in your browser you need to load https://registry.yottabuild.org.

Please could you try using the latest master version of yotta, which includes an explicit dependency on the certifi set of root certificates. (Alternatively, running pip install -U certifi would test the same thing).

Contributor

autopulated commented Mar 21, 2016

The registry has a new cert (since last week), but it's definitely valid and installed correctly. Possibly you have a very old set of root certificates which is being used.

Note that the yottabuild.org root domain redirects, so to test the certificate in your browser you need to load https://registry.yottabuild.org.

Please could you try using the latest master version of yotta, which includes an explicit dependency on the certifi set of root certificates. (Alternatively, running pip install -U certifi would test the same thing).

@bitbangr

This comment has been minimized.

Show comment
Hide comment
@bitbangr

bitbangr Mar 21, 2016

I've installed and used the latest master version of yotta and I am now able to do yotta builds, targets etc. with no SSL certificate errors!

You can close this issue if you like.

I am guessing that the downloadable OS X yotta.app in the # Using yotta.app section of the http://yottadocs.mbed.com/#installing web page needs to be updated.

Possibly the following certs contained in the OS X Yotta App need updating?
/Applications/yotta.app/Contents/Resources/workspace/lib/python2.7/site-packages/pip/_vendor/requests/cacert.pem
/Applications/yotta.app/Contents/Resources/workspace/lib/python2.7/site-packages/requests/cacert.pem`

I've installed and used the latest master version of yotta and I am now able to do yotta builds, targets etc. with no SSL certificate errors!

You can close this issue if you like.

I am guessing that the downloadable OS X yotta.app in the # Using yotta.app section of the http://yottadocs.mbed.com/#installing web page needs to be updated.

Possibly the following certs contained in the OS X Yotta App need updating?
/Applications/yotta.app/Contents/Resources/workspace/lib/python2.7/site-packages/pip/_vendor/requests/cacert.pem
/Applications/yotta.app/Contents/Resources/workspace/lib/python2.7/site-packages/requests/cacert.pem`

@bitbangr bitbangr closed this Mar 21, 2016

@bitbangr bitbangr referenced this issue in OSHChip/target-OSHChip-gcc Mar 21, 2016

Closed

Issue while executing yotta target oshchip-gcc #1

@anderss90

This comment has been minimized.

Show comment
Hide comment
@anderss90

anderss90 Aug 18, 2016

autopulated's answer solved this for me. ( i ran pip install -U certifi).

autopulated's answer solved this for me. ( i ran pip install -U certifi).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment