Fatal error: bad certificate #93

Open
jamilabreu opened this Issue Nov 8, 2015 · 16 comments

Comments

Projects
None yet
8 participants
@jamilabreu

Any ideas why HTTPoison.get("https://css-tricks.com/snippets/css/a-guide-to-flexbox/") returns:

[error] SSL: :certify: ssl_handshake.erl:1476:Fatal error: bad certificate

and how to prevent it?

@edgurgel edgurgel self-assigned this Nov 8, 2015

@edgurgel

This comment has been minimized.

Show comment
Hide comment
@edgurgel

edgurgel Nov 8, 2015

Owner

Hi! Could you please try again with the last HTTPoison release: 0.8.0 ?

Owner

edgurgel commented Nov 8, 2015

Hi! Could you please try again with the last HTTPoison release: 0.8.0 ?

@jamilabreu

This comment has been minimized.

Show comment
Hide comment
@jamilabreu

jamilabreu Nov 9, 2015

@edgurgel Updated, however still seeing that URL return the same error

@edgurgel Updated, however still seeing that URL return the same error

@edgurgel

This comment has been minimized.

Show comment
Hide comment
@edgurgel

edgurgel Nov 9, 2015

Owner

I think we need to open an issue on https://github.com/benoitc/hackney as I'm no expert on SSL certificate verification :/

Owner

edgurgel commented Nov 9, 2015

I think we need to open an issue on https://github.com/benoitc/hackney as I'm no expert on SSL certificate verification :/

@jamilabreu

This comment has been minimized.

Show comment
Hide comment
@jamilabreu

jamilabreu Nov 10, 2015

Hmm. Seems related: benoitc/hackney#240

Not sure if it helps, but I tried the insecure option:

HTTPoison.get("https://css-tricks.com/snippets/css/a-guide-to-flexbox/", [], hackney: [:insecure])

And the %HTTPoison.Response body returns a binary as opposed to a valid string:

<<31, 139, 8, 0, 0, 0, 0, 0, 0, 3, 236, 253, 219, 118, 227, 72, 146, 54, 10, 94, 119, 174, 213, 239, 224, 201, 154, 174, 148, 186, 72, 10, 231, 3, 35, 67, 81, 145, 145, 167, 200, 206, 211, 164, 84, 157, 187, 246, 223, 189, ...>>

Hmm. Seems related: benoitc/hackney#240

Not sure if it helps, but I tried the insecure option:

HTTPoison.get("https://css-tricks.com/snippets/css/a-guide-to-flexbox/", [], hackney: [:insecure])

And the %HTTPoison.Response body returns a binary as opposed to a valid string:

<<31, 139, 8, 0, 0, 0, 0, 0, 0, 3, 236, 253, 219, 118, 227, 72, 146, 54, 10, 94, 119, 174, 213, 239, 224, 201, 154, 174, 148, 186, 72, 10, 231, 3, 35, 67, 81, 145, 145, 167, 200, 206, 211, 164, 84, 157, 187, 246, 223, 189, ...>>
@jamilabreu

This comment has been minimized.

Show comment
Hide comment
@jamilabreu

jamilabreu Nov 10, 2015

In tinkering with it a bit more, sometimes it returns the expected HTML in string form, and sometimes a binary ¯/(ツ)

In tinkering with it a bit more, sometimes it returns the expected HTML in string form, and sometimes a binary ¯/(ツ)

@edgurgel

This comment has been minimized.

Show comment
Hide comment
@edgurgel

edgurgel Nov 10, 2015

Owner

Damn that's weird. I will dig deeper later into this...

Owner

edgurgel commented Nov 10, 2015

Damn that's weird. I will dig deeper later into this...

@chrislaskey

This comment has been minimized.

Show comment
Hide comment
@chrislaskey

chrislaskey Dec 9, 2015

Thanks @jamilabreu for the passible hackney option to disable SSL verification. Not something you'd want long term, but definitely helpful while setting up a new environment!

Thanks @jamilabreu for the passible hackney option to disable SSL verification. Not something you'd want long term, but definitely helpful while setting up a new environment!

@jesteracer

This comment has been minimized.

Show comment
Hide comment
@jesteracer

jesteracer Mar 10, 2016

@edgurgel any progress on this one?

@edgurgel any progress on this one?

@edgurgel

This comment has been minimized.

Show comment
Hide comment
@edgurgel

edgurgel Mar 10, 2016

Owner

Can someone try with the newest hackney as the certs were updated 1.5? Just override the hackney version to be this one.

Owner

edgurgel commented Mar 10, 2016

Can someone try with the newest hackney as the certs were updated 1.5? Just override the hackney version to be this one.

@jesteracer

This comment has been minimized.

Show comment
Hide comment
@jesteracer

jesteracer Mar 10, 2016

@edgurgel I used 1.5.1, still got "[error] SSL: :certify: ssl_handshake.erl:1389:Fatal error: bad certificate"

@edgurgel I used 1.5.1, still got "[error] SSL: :certify: ssl_handshake.erl:1389:Fatal error: bad certificate"

@afjackman

This comment has been minimized.

Show comment
Hide comment
@afjackman

afjackman Mar 21, 2016

+1 I also have this problem, not fun.

+1 I also have this problem, not fun.

@jesteracer

This comment has been minimized.

Show comment
Hide comment
@jesteracer

jesteracer Mar 21, 2016

As far as my research went - I figured out, that the certifi lib from hackney, is not actually used, - the error goes away, when I pass the certs bundle directly from the path, where certifi stores them. So my guess is that erlang already has some certs somewhere and they are outdated.

As far as my research went - I figured out, that the certifi lib from hackney, is not actually used, - the error goes away, when I pass the certs bundle directly from the path, where certifi stores them. So my guess is that erlang already has some certs somewhere and they are outdated.

@uri

This comment has been minimized.

Show comment
Hide comment
@uri

uri Jun 27, 2016

the error goes away, when I pass the certs bundle directly from the path, where certifi stores them

How do you do this?

uri commented Jun 27, 2016

the error goes away, when I pass the certs bundle directly from the path, where certifi stores them

How do you do this?

@jesteracer

This comment has been minimized.

Show comment
Hide comment
@jesteracer

jesteracer Jun 27, 2016

@uri sorry, I do not have the code - this issue fixed when we changed ssl. But as far as I can remember - if I passed the cert file to hackney somehow with options.

@uri sorry, I do not have the code - this issue fixed when we changed ssl. But as far as I can remember - if I passed the cert file to hackney somehow with options.

@jaimeiniesta

This comment has been minimized.

Show comment
Hide comment
@jaimeiniesta

jaimeiniesta Aug 4, 2016

I'm also having this problem, on Elixir 1.3.0 and HTTPoison 0.9.0, example:

Interactive Elixir (1.3.0) - press Ctrl+C to exit (type h() ENTER for help)
iex(1)> HTTPoison.get("https://qoolife.com/")
[error] SSL: :certify: ssl_handshake.erl:1476:Fatal error: bad certificate

It works well if I pass Hackney the :insecure option:

HTTPoison.get("https://qoolife.com/", [], hackney: [:insecure])

This happens both in my OS X El Capitán, as in Heroku.

Let me know if I can help fix this testing anything else!

I'm also having this problem, on Elixir 1.3.0 and HTTPoison 0.9.0, example:

Interactive Elixir (1.3.0) - press Ctrl+C to exit (type h() ENTER for help)
iex(1)> HTTPoison.get("https://qoolife.com/")
[error] SSL: :certify: ssl_handshake.erl:1476:Fatal error: bad certificate

It works well if I pass Hackney the :insecure option:

HTTPoison.get("https://qoolife.com/", [], hackney: [:insecure])

This happens both in my OS X El Capitán, as in Heroku.

Let me know if I can help fix this testing anything else!

@trodrigu

This comment has been minimized.

Show comment
Hide comment
@trodrigu

trodrigu Dec 25, 2016

I received a somewhat similar issue that returned a malformed_handshake_data error related to the current version of hackney of 1.6.4. Since, this is part of my learning for 'Programming Elixir' and there is a fix coming in here I just overrode the dependency until the fix arrives.

  # Elixir 1.3.4
  # Erlang 19
 
  # mix.exs
  defp deps do
    [
      { :httpoison, "~> 0.10" },
      { :hackney, "1.6.1", override: true }
    ]
  end

trodrigu commented Dec 25, 2016

I received a somewhat similar issue that returned a malformed_handshake_data error related to the current version of hackney of 1.6.4. Since, this is part of my learning for 'Programming Elixir' and there is a fix coming in here I just overrode the dependency until the fix arrives.

  # Elixir 1.3.4
  # Erlang 19
 
  # mix.exs
  defp deps do
    [
      { :httpoison, "~> 0.10" },
      { :hackney, "1.6.1", override: true }
    ]
  end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment