OpenSSL Error

[juga0]

scan gives OpenSSL error for some relays:
2018-01-29T14:34:57+0000 [WARN]: Download failed for router $6F33E92A67EC038B559415AC56C860075F6D287F: <twisted.python.failure.Failure twisted.web._newclient.ResponseNeverReceived: [<twisted.python.failure.Failure OpenSSL.SSL.Error: [('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')]>]>.

Check the TLS options in the fetch agent

[juga0]

The agent is defined in https://github.com/juga0/bwscanner/blob/develop/bwscanner/fetcher.py#L76.

In theory twisted should be using the certificates system path in trustRoot (https://twistedmatrix.com/documents/17.1.0/api/twisted.web.client.BrowserLikePolicyForHTTPS.html)

[meejah]

What OS are you running this on?

[juga0]

Debian, so cacert is missing, but that shouldn't be the issue.

[meejah]

Another thing to try would be the now built-in txtorcon agent, available via Tor.web_agent() or Circuit.web_agent() (the latter uses the given circuit only).

[meejah]

Yeah IME Debian works fine. You could try installing certifi (Python package) but .. shouldn't need to?

[juga0]

Actually i tried SSL_CERT_FILE="$(python -m certifi)" as explained in twisted/treq#94, and then i didn't get this error, but still this shouldn't be needed...

[juga0]

Running Circuit.web_agent() in this example https://github.com/meejah/txtorcon/blob/master/examples/web_client_custom_circuit.py#L47 also gives certificate error.
Maybe twisted version we are using here (16.0.2)?. I'll try with others.

[juga0]

Last version also gives the error.

[meejah]

Do you have the "ca-certificates" package installed in Debian?

[juga0]

Yes.

[juga0]

Upgrading pyOpenSSL to 17.5.0 seems to solve the issue.