CA Certificates missing?

[twicejr]

I had issues connecting to https sites with music streaming plugin Soma FM (great addon!)
The problem is fixed with adding the DigiCert CA Certficates...
Shouldn't these be included by default?

The following tutorial fixed it for me:
https://unboxed.co/blog/opensslsslsslerror-certificate-verify-failed/

And see following Error Contents: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)>

Connecting to https://somafm.com/ (DigiCert SSL), now fixed.

[samnazarko]

OSMC includes ca-certificates. If this is an issue it would be better to report this to the Debian maintainer, there is likely good reason for this certificate to be untrusted.

The output of wget would be useful. Can you provide a URL so I can explore this here?

[twicejr]

Strangely enough, it seems wget has no problem at all. Also after removing the added certs ..
Maybe that's cached now, though...
Maybe urllib2 has a different CA path or something.

At least here is the full stacktrace:

                                             - NOTE: IGNORING THIS CAN LEAD TO MEMORY LEAKS!
                                            Error Type: <class 'urllib2.URLError'>
                                            Error Contents: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)>
                                            Traceback (most recent call last):
                                              File "/home/osmc/.kodi/addons/plugin.audio.somafm/default.py", line 186, in <module>
                                                build_directory()
                                              File "/home/osmc/.kodi/addons/plugin.audio.somafm/default.py", line 86, in build_directory
                                                channel_data = fetch_remote_channel_data()
                                              File "/home/osmc/.kodi/addons/plugin.audio.somafm/default.py", line 53, in fetch_remote_channel_data
                                                response = urllib2.urlopen(rootURL + CHANNELS_FILE_NAME)
                                              File "/usr/lib/python2.7/urllib2.py", line 154, in urlopen
                                                return opener.open(url, data, timeout)
                                              File "/usr/lib/python2.7/urllib2.py", line 431, in open
                                                response = self._open(req, data)
                                              File "/usr/lib/python2.7/urllib2.py", line 449, in _open
                                                '_open', req)
                                              File "/usr/lib/python2.7/urllib2.py", line 409, in _call_chain
                                                result = func(*args)
                                              File "/usr/lib/python2.7/urllib2.py", line 1240, in https_open
                                                context=self._context)
                                              File "/usr/lib/python2.7/urllib2.py", line 1197, in do_open
                                                raise URLError(err)
                                            URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)>
                                            -->End of Python script error report<--

[DBMandrake]

If you have removed the additional certs you should run sudo update-ca-certificates --fresh

[samnazarko]

Can you produce a minimal test case in Python 2 using urllib to reproduce this?

We haven't heard of widespread SSL issues. Some SSL certificates have been revoked recently, which complicates things slightly, however OSMC sits on top of Debian 8.4, and ca-certificates is no idle package.