I'm getting an error when connecting to www.mydomain.com
using Python 2.7.12, on a fairly new machine that uses Windows 8.1. The error is SSL: CERTIFICATE_VERIFY_FAILED
on the ssl_sock.connect
line of the code below. The code wraps an SSL connection in an context, and specifies I don't want to carry out certificate verification:
ssl._create_default_https_context = ssl._create_unverified_context
s_ = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
context.verify_mode = ssl.CERT_NONE
context.check_hostname = True
context.load_default_certs()
ssl_sock = context.wrap_socket(s_, server_hostname=myurl)
ssl_sock.connect((myurl, int(myportno)))
I've tried adding the plain text version of the security certificate from the server I'm trying to connect to, to the default certificate file that Python references - that didn't work (in any case, it doesn't make sense that I should need to do this)
When I browse to the domain I'm trying to connect to, the browser also doesn't trust the remote server certificate, however I've examined the certificate that's bound to the domain and it's validating fine. What could be causing the mistrust? (I'm currently investigating removal of a Windows security patch from the machine where I'm getting the error, to see if that could be the cause)
(this issue has occurred on other computers using the same code, however it seems to resolve after Windows retrieves a full set of updates. The machine where the problem is persisting also has a full set of updates however)
I resolved this issue, which seems to be related to a post Aug 29th 2016 security update for Windows that causes issues with certificate verification when using the TLS 1.0 protocol. Re-installing Windows without the security update at least allows things to work for now. Also I didn't get this issue when running under Windows 10