-
Notifications
You must be signed in to change notification settings - Fork 22.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
urllib & urllib2 may fail ssl handshaking under a variety of circumstances #3193
Comments
I'm assuming you are using a python version < I can reproduce this issue in earlier versions and can be solved by using server name identification support which was added to
|
We are using 2.7.6.
|
requests is yet another dependency right??? it's not part of standard python We could simply switch all the URLs to http instead of https if that's a better solution |
You are correct, it would be a new dependency on a non-dist-package'ed library. I thought it was part of dist-packages. I'd prefer to use https - although because there are hash's in the filename & checked on download it doesn't add much security. I could probably make a conditional dependency on requests if available, and fall back to urllib and urllib2. There is already 1 layer of fallback from urllib2 to urllib - would get a little uglier to do a 3rd. |
@soumith Perhaps changing the model URLs to |
The hash check on download is to check for corruption & mistakes, not security. It's only 4 bytes so it's very easy to maliciously create collisions. I'd like to keep https because |
We could add an optional dependency on requests (i.e. try to use them, if import fails fall back to |
Turns out you also need to install the security packages for requests if you want this to work:
which will also install:
If you just have requests We can still add an optional dependency on requests, but this might still fail. wdyt? |
You can still say " |
fixed via #3280 |
I'm not sure of the root cause down in the depths of SSL. It somewhere there is improper use of SSL in (python 2.7, ubuntu 14.04, or my compiled version of openSSL).
If desired, I can provide a patch or pull request that changes the model_zoo.py over to use
requests
which properly handles this situation, and is aparently the 'recommended' library for python now (instead of urllib or urllib2).`>>> import torchvision
The text was updated successfully, but these errors were encountered: