stackoom
  简体   繁体   中英

Alpine 3.3, Python 2.7.11, urllib2 causing SSL: CERTIFICATE_VERIFY_FAILED

 原文  2016-03-03 03:13:52       python/ ssl/ alpine

Question

I have this small Dockerfile 

FROM alpine:3.3
RUN apk --update add python
CMD ["python", "-c", "import urllib2; response = urllib2.urlopen('https://www.python.org')"]

Building it with docker build -t alpine-py/01 . and then running it with docker run -it --rm alpine-py/01 creates the following output 

Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "/usr/lib/python2.7/urllib2.py", line 154, in urlopen
    return opener.open(url, data, timeout)
  File "/usr/lib/python2.7/urllib2.py", line 431, in open
    response = self._open(req, data)
  File "/usr/lib/python2.7/urllib2.py", line 449, in _open
    '_open', req)
  File "/usr/lib/python2.7/urllib2.py", line 409, in _call_chain
    result = func(*args)
  File "/usr/lib/python2.7/urllib2.py", line 1240, in https_open
    context=self._context)
  File "/usr/lib/python2.7/urllib2.py", line 1197, in do_open
    raise URLError(err)
urllib2.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)>

Yesterday I got bitten by the recent OpenSSL 1.0.2g release, which caused py-cryptograpy to not compile. Luckily the guys from py-cryptography released a new version on PyPI a couple of hours later. The issue was that a function in OpenSSL got a new signature.

Could this be related or am I missing something?

2 answers

solution1
 11 ACCPTED  2016-03-03 04:20:25

You need to install ca-certificates to be able to validate signed certs by public CAs: 

FROM alpine:3.3
RUN apk --no-cache add python ca-certificates
CMD ["python", "-c", "import urllib2; response = urllib2.urlopen('https://www.python.org')"]

solution2
 1  2016-03-24 16:59:29

You will need to upgrade Alpine as libssl needs to be upgraded with a patch 

FROM alpine:3.3
RUN apk -U upgrade && \
    apk -U add python ca-certificates && \
    update-ca-certificates
CMD ["python", "-c", "import urllib2; response = urllib2.urlopen('https://www.python.org')"]

apk -U upgrade will upgrade these:

  • libcrypto1.0 (1.0.2e-r0 -> 1.0.2g-r0)
  • libssl1.0 (1.0.2e-r0 -> 1.0.2g-r0)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Python 2.7.11 [SSL: CERTIFICATE_VERIFY_FAILED] urllib and "SSL: CERTIFICATE_VERIFY_FAILED" Error python 3.73 (Windows, urllib3) ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] Python - Issue SSL: CERTIFICATE_VERIFY_FAILED Python SSL: CERTIFICATE_VERIFY_FAILED Python 3.6 SSL: CERTIFICATE_VERIFY_FAILED Python SSL CERTIFICATE_VERIFY_FAILED Python SSL error CERTIFICATE_VERIFY_FAILED Python - SSL: CERTIFICATE_VERIFY_FAILED SSL: CERTIFICATE_VERIFY_FAILED with Python3
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM