Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SSLHandshakeError with github backend #113

Closed
twitwi opened this Issue Sep 11, 2012 · 8 comments

Comments

Projects
None yet
3 participants

twitwi commented Sep 11, 2012

Hi,

I'm experimenting with allauth and could make it work (with openid and twitter) but I get the following error with github:

SSLHandshakeError at /accounts/github/login/callback/
[Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Request Method: GET
Request URL:    http://localhost:8000/accounts/github/login/callback/?code=ea1fbd2d47cc85ed7f2f&state=%7B%7D
Django Version: 1.4.1
Exception Type: SSLHandshakeError
Exception Value:    
[Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
....

From what I could find, it might be a change in the expected certificate but I'm don't really know.
Any idea?

Python 2.7.3 // django-allauth-0.8.1

Owner

pennersr commented Sep 14, 2012

This looks like a system misconfiguration issue, not something due to allauth.

Perhaps this is related: http://ashwinrayaprolu.wordpress.com/2011/08/18/git-https-access-problem/

You might want to try accessing github https from python without any Django & allauth dependencies to see if that also reproduces the problem. Something like this (untested):

$ pip install requests
$ python
 >>> import requests
 >>> requests.get('https://github.com')
Owner

pennersr commented Oct 3, 2012

Issue timed out (assuming system misconfiguration)...

@pennersr pennersr closed this Oct 3, 2012

I get the same error running Python 2.7 and django-allauth 0.8.2.
Running 'openssl s_client -connect github.com:443' shows the certificate validates correctly.

Running this in python fails:
import httplib2
o = httplib2.Http()
o.request('https://github.com/login/oauth/access_token')

returns an SSLHandshakeError.

Basically it looks like the 'plain vanilla' package installed by pip ignores the system certificates--which is a big pain if you are using a virtualenv. Ubuntu, Suse, and other distros apparently patched httplib2 so it pays attention to the system-wide certificates--but that's not easily installable in a virtualenv.

So it seems httplib2 needs to fix their packages or django-allauth needs to use a different library.

Owner

pennersr commented Oct 22, 2012

Is there an easy way to reproduce this on Ubuntu? Or, perhaps you can confirm that requests does not suffer from this issue. If so, I propose to base all HTTP related code on requests.

@pennersr pennersr reopened this Oct 22, 2012

make sure you have virtualenv installed. run 'virtualenv mytestvirtualenv' then use pip to install django and django-allauth. Basically the Ubuntu packaged version of httplib2 has been patched while the version pip downloads isn't.

Owner

pennersr commented Oct 22, 2012

Confirmed -- requests doesn't suffer from this issue. The httplib2 dependency will need to be removed...

@pennersr pennersr closed this in 93eca00 Dec 22, 2012

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment