-
-
Notifications
You must be signed in to change notification settings - Fork 5.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSLError when windows cert store contains bad certificates #1060
Comments
please run And in the future, dont ignore the issue template. It exists for a reason |
Sorry for the template, but I just couldn't figure what to put in it, since none fits my case. Here is the result, and it is same as above (from the folder where I have the yt-dlp.exe file, i had to modify your command to:
I suppose it does not work probably because I do not have yt-dlp installed, i just placed it in the folder of MPC-HC, and expected it to work like the youtube-dl.exe did! If it has to be installed (including Python!), then I am not so interested in using it that way, too complicated, but I can just try and test it for fun if i figure how (I see 4 ways for it, and for which download binary? And just guessing that most MPC-HC users wont go the extra trouble); I just want to watch video links in the player. |
Forgot to mention that I already have Python installed for the use of UBU Bios tool, but not that i know how to use it much further from a console than to update PLTable and install colorama... |
There is no installation needed I'm not entirely sure what the issue is, but it looks like yt-dlp cant access the certificate store. Can you confirm whether youtube-dl still works on ur PC? |
Yes, youtube-dl works just fine! I tried and successfully installed it (i think) using the But now I do have the console output:
|
In the original post, you were using the exe, correct? Also, since I cant reproduce the issue myself, if I make a patch, would you be willing to test it out (installing with PIP)? |
what is weird is that the relevent code has never been changed in yt-dlp https://github.com/yt-dlp/yt-dlp/blame/master/yt_dlp/utils.py#L2351-2373 |
Correct, I used the .exe (tried the yt-dlp_x86.exe one too); and even after install tried with and without (without nothing happens in the player..). Yes i can test it! |
Just tried again, it works just fine with youtube-dl (using the x64 player wersion - mpc-hc64.exe)...? |
Can you try these things:
import ssl
len(ssl.enum_certificates('ROOT'))
len(ssl.enum_certificates('CA'))
ssl.create_default_context() (continue to the next line even if one gives error) PS: You should run ➤ py
Python 3.9.6 (tags/v3.9.6:db3ff76, Jun 28 2021, 15:26:21) [MSC v.1929 64 bit (AMD64)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>> import ssl
>>> len(ssl.enum_certificates('ROOT'))
47
>>> len(ssl.enum_certificates('CA'))
9
>>> ssl.create_default_context()
<ssl.SSLContext object at 0x000001DA53A65F40>
>>> exit()
➤ |
P.S.
|
This is very useful info. Since the pip version of youtube-dl is also affected, that means the issue is caused somewhere b/w python 3.4 (used by youtube-dl.exe) and python 3.7 (used by yt-dlp_x86.exe) https://github.com/python/cpython/blob/ec7ffa4b5b262369f726a54e145e9c03eaeb4c1a/Lib/ssl.py#L825-L829 says # no explicit cafile, capath or cadata but the verify mode is
# CERT_OPTIONAL or CERT_REQUIRED. Let's try to load default system
# root CA certificates for the given purpose. This may fail silently. But in your case, this is NOT failing silently. I should be able to make a workaround for this (by ignoring the certs), but I'm not sure if that could break other parts. Once I make a patch, I'll ping you so you can test It is odd that I could not find any issue reports about this with a quick search. But, since I can't reproduce it on my machine, making a bug report with all necessary details to python devs is also impractical 😢
This could be the culprit, but the actual code that does the certificate verification is in C (which I am not good at), so I cant really figure out the underlying issue. All I can do with a potential patch is to ignore that error and proceed without loading the certificates |
OK, have tried all I can think off, on my PC and Laptop:
Don't know if this can help you... |
Still not had time to make a patch? Or stumbled on to something, if I can help in any way... |
Yeah, been busy with other stuff Could you test this branch? https://github.com/pukkandan/yt-dlp-dev/tree/ssl-test Test both with default options and with You can install the branch with pip if you have git in your system pip install git+https://github.com/pukkandan/yt-dlp-dev/tree/ssl-test otherwise, just clone the branch and run |
Sorry, it should be |
The error message in your latest attempt, Another thing that the linked issue points out is that python 3.6 is less strict about this issue. So it could be a potential workaround for you till we come up with a more permanent solution |
It is possible, but a bit tricky. I'd have to monkeypatch code from the python's core Even once I patch it for ytdlp, you (and as I understand, all Serbians) will encounter the same issue whenever you run another python 3.7+ program that connects to the internet |
This comment has been minimized.
This comment has been minimized.
Have commented on the "closed", and have opened a new one let's see what they say too... |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This hurts number of Python applications, even those published by large players. Basically, any attempt to read any certificate (for example to load any https url) fails due to this issue. And that is a bug of Python. If you check code that causes this issue you will notice bad code.
This issue can be easily solved with one simple if and one simple exception handler. |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Please keep the discussion here to be yt-dlp specific and move python discussion to the relevent issues opened in their tracker @MDM-79 I have updated the https://github.com/pukkandan/yt-dlp-dev/tree/ssl-test branch. Could you do another test run? |
sweet. I was concerned about performance. But doesn't seem like that's an issue But it doesn't seem like you have just one bad certificate, but quite a lot of them? I'll clean up the code and ask you to test one more time. Then I can commit it |
Works fast. You are correct, a lot of them... Great! 😉 P.S. |
Tested from latest https://github.com/pukkandan/yt-dlp-dev/tree/ssl-test and it works, also no visible warnings anymore either! |
* Remove old compat code * Load certificates only when not using nocheckcertificate * Load each certificate individually Closes #1060 Related bugs.python.org/issue35665, bugs.python.org/issue4531
Works no problem now. Finally will have a working yt-dlp.exe for MPC-HC! As for python and/or openssl will see if anything is done there... |
* Remove old compat code * Load certificates only when not using nocheckcertificate * Load each certificate individually Closes yt-dlp#1060 Related bugs.python.org/issue35665, bugs.python.org/issue4531
In latest mpc-hc 1.9.16 (that just added support for yt-dlp.exe) it does not work with latest yt-dlp.exe 2021.09.02.
This is the error I get:
I tried even the x86 file, full or short YT address, file in MPC folder or not, name only, no mater if the path/file name is specified or not, or where the file is... - not once it worked.
I was pointed here by clsid2: clsid2/mpc-hc#1320
Hope you can help'
The text was updated successfully, but these errors were encountered: