Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Certificate verify failed: self signed certificate in certificate chain #58

Closed
nickwynja opened this issue Jul 25, 2023 · 5 comments
Closed

Certificate verify failed: self signed certificate in certificate chain #58

nickwynja opened this issue Jul 25, 2023 · 5 comments

Comments

@nickwynja
Copy link

I'm getting cert errors running chatblade currently:

Traceback (most recent call last):
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/urllib3/connectionpool.py", line 467, in _make_request
    self._validate_conn(conn)
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/urllib3/connectionpool.py", line 1092, in _validate_conn
    conn.connect()
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/urllib3/connection.py", line 642, in connect
    sock_and_verified = _ssl_wrap_socket_and_match_hostname(
                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/urllib3/connection.py", line 783, in _ssl_wrap_socket_and_match_hostname
    ssl_sock = ssl_wrap_socket(
               ^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/urllib3/util/ssl_.py", line 469, in ssl_wrap_socket
    ssl_sock = _ssl_wrap_socket_impl(sock, context, tls_in_tls, server_hostname)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/urllib3/util/ssl_.py", line 513, in _ssl_wrap_socket_impl
    return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/python@3.11/3.11.4_1/Frameworks/Python.framework/Versions/3.11/lib/python3.11/ssl.py", line 517, in wrap_socket
    return self.sslsocket_class._create(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/python@3.11/3.11.4_1/Frameworks/Python.framework/Versions/3.11/lib/python3.11/ssl.py", line 1075, in _create
    self.do_handshake()
  File "/opt/homebrew/Cellar/python@3.11/3.11.4_1/Frameworks/Python.framework/Versions/3.11/lib/python3.11/ssl.py", line 1346, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1002)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/urllib3/connectionpool.py", line 790, in urlopen
    response = self._make_request(
               ^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/urllib3/connectionpool.py", line 491, in _make_request
    raise new_e
urllib3.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1002)

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/requests/adapters.py", line 486, in send
    resp = conn.urlopen(
           ^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/urllib3/connectionpool.py", line 874, in urlopen
    return self.urlopen(
           ^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/urllib3/connectionpool.py", line 874, in urlopen
    return self.urlopen(
           ^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/urllib3/connectionpool.py", line 844, in urlopen
    retries = retries.increment(
              ^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/urllib3/util/retry.py", line 515, in increment
    raise MaxRetryError(_pool, url, reason) from reason  # type: ignore[arg-type]
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='api.openai.com', port=443): Max retries exceeded with url: /v1/chat/completions (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1002)')))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/openai/api_requestor.py", line 596, in request_raw
    result = _thread_context.session.request(
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/requests/sessions.py", line 589, in request
    resp = self.send(prep, **send_kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/requests/sessions.py", line 703, in send
    r = adapter.send(request, **kwargs)
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/requests/adapters.py", line 517, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='api.openai.com', port=443): Max retries exceeded with url: /v1/chat/completions (Caused by SSLError(SSLCertVerificationError(1, '[SSL:CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1002)')))

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/opt/homebrew/bin/chatblade", line 8, in <module>
    sys.exit(main())
             ^^^^^^
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/chatblade/__main__.py", line 5, in main
    cli.cli()
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/chatblade/cli.py", line 152, in cli
    handle_input(query, params)
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/chatblade/cli.py", line 81, in handle_input
    messages = fetch_and_cache(messages, params)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/chatblade/cli.py", line 14, in fetch_and_cache
    result = chat.query_chat_gpt(messages, params)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/chatblade/chat.py", line 121, in query_chat_gpt
    result = openai.ChatCompletion.create(messages=dict_messages, **config)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/openai/api_resources/chat_completion.py", line 25, in create
    return super().create(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/openai/api_resources/abstract/engine_api_resource.py", line 153, in create
    response, _, api_key = requestor.request(
                           ^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/openai/api_requestor.py", line 288, in request
    result = self.request_raw(
             ^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/openai/api_requestor.py", line 609, in request_raw
    raise error.APIConnectionError(
openai.error.APIConnectionError: Error communicating with OpenAI: HTTPSConnectionPool(host='api.openai.com', port=443): Max retries exceeded with url: /v1/chat/completions (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1002)')))

I've tested other openai API endpoints manually with curl and am not currently getting these errors. I've tried uninstalling chatblade (via brew) and reinstalling to try to upgrade dependencies but that didn't help.
@nickwynja
Copy link
Author

Seems like updating to macOS 13.5 fixed this.

@npiv
Copy link
Owner

npiv commented Jul 26, 2023

👍 Thx for following up, was trying to replicate it, unsuccessfully.

@nickwynja
Copy link
Author

Really strange though. The first time I ran chatblade after the update it worked but the second time, I received the same CERTIFICATE_VERIFY_FAILED error.

@nickwynja
Copy link
Author

I was looking through the cert chain and it looks like my company uses Netscope and is using a self-signed cert somewhere. 😞

@nickwynja
Copy link
Author

For anyone else on macOS who finds this because their employer doesn't want them being productive, I had to:

  1. Go into Keychain Access > System, and selected both the CA and Intermediate cert that for me were called certadmin and ca.mycompany.goskope.com
  2. Right click and "Export 2 items"
  3. Located the exported file and set the REQUESTS_CA_BUNDLE env var or pass it into the chatblade command:
REQUESTS_CA_BUNDLE=/Users/nick/Downloads/Certificates.pem chatblade ...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@npiv @nickwynja