OpenLP

Failure to verify SSL cert in SongSelect importer

Bug #1450596 reported by Raoul Snyman
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenLP
Fix Released
Medium
Jonathan Springer
OpenLP 2.1.6

Bug Description

Reported in Support: http://support.openlp.org/scp/tickets.php?id=2798

*OpenLP Bug Report*
Version: {'full': '2.1.4', 'version': '2.1.4', 'build': None}

--- Details of the Exception. ---

Tried to log into SongSelect.
Entered username and password.
Clicked login.

--- Exception Traceback ---
Traceback (most recent call last):
  File "/opt/local/Library/Frameworks/Python.framework/Versions/3.4/lib/python3.4/urllib/request.py", line 1182, in do_open
  File "/opt/local/Library/Frameworks/Python.framework/Versions/3.4/lib/python3.4/http/client.py", line 1088, in request
  File "/opt/local/Library/Frameworks/Python.framework/Versions/3.4/lib/python3.4/http/client.py", line 1126, in _send_request
  File "/opt/local/Library/Frameworks/Python.framework/Versions/3.4/lib/python3.4/http/client.py", line 1084, in endheaders
  File "/opt/local/Library/Frameworks/Python.framework/Versions/3.4/lib/python3.4/http/client.py", line 922, in _send_output
  File "/opt/local/Library/Frameworks/Python.framework/Versions/3.4/lib/python3.4/http/client.py", line 857, in send
  File "/opt/local/Library/Frameworks/Python.framework/Versions/3.4/lib/python3.4/http/client.py", line 1231, in connect
  File "/opt/local/Library/Frameworks/Python.framework/Versions/3.4/lib/python3.4/ssl.py", line 365, in wrap_socket
  File "/opt/local/Library/Frameworks/Python.framework/Versions/3.4/lib/python3.4/ssl.py", line 583, in __init__
  File "/opt/local/Library/Frameworks/Python.framework/Versions/3.4/lib/python3.4/ssl.py", line 810, in do_handshake
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:600)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/Users/raoul/Projects/OpenLP/OpenLP-2.1.4/openlp/plugins/songs/forms/songselectform.py", line 255, in on_login_button_clicked
  File "/Users/raoul/Projects/OpenLP/OpenLP-2.1.4/openlp/plugins/songs/lib/songselect.py", line 75, in login
  File "/opt/local/Library/Frameworks/Python.framework/Versions/3.4/lib/python3.4/urllib/request.py", line 463, in open
  File "/opt/local/Library/Frameworks/Python.framework/Versions/3.4/lib/python3.4/urllib/request.py", line 481, in _open
  File "/opt/local/Library/Frameworks/Python.framework/Versions/3.4/lib/python3.4/urllib/request.py", line 441, in _call_chain
  File "/opt/local/Library/Frameworks/Python.framework/Versions/3.4/lib/python3.4/urllib/request.py", line 1225, in https_open
  File "/opt/local/Library/Frameworks/Python.framework/Versions/3.4/lib/python3.4/urllib/request.py", line 1184, in do_open
urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:600)>

--- System information ---
Platform: Darwin-14.3.0-x86_64-i386-64bit

--- Library Versions ---
Python: 3.4.3
Qt4: 4.8.6
Phonon: -
PyQt4: 4.11.3
QtWebkit: 534.34
SQLAlchemy: 0.9.9
SQLAlchemy Migrate: -
BeautifulSoup: 4.3.2
lxml: 3.4.1
Chardet: 2.3.0
PyEnchant: -
Mako: 1.0.1
pyICU: -
pyUNO bridge: -
VLC: 2.1.5 Rincewind

Related branches

lp:~springermac/openlp/packaging
Tomas Groth: Approve
Raoul Snyman: Approve
Diff: 122 lines (+3/-54)
5 files modified
osx/Info.plist (+0/-2)
osx/macosx-builder.py (+1/-4)
pyinstaller-hooks/hook-openlp.core.ui.media.py (+1/-1)
pyinstaller-hooks/rthook_openlp_pyqt4.py (+0/-43)
windows/windows-builder.py (+1/-4)
Superseded for merging into lp:openlp
Tomas Groth: Needs Fixing
Diff: 4744 lines (+4439/-0) (has conflicts)
51 files modified
.bzrignore (+36/-0)
gentoo/openlp-1.9.4.ebuild (+31/-0)
launchpad-ppa/Makefile (+17/-0)
launchpad-ppa/debian/changelog (+389/-0)
launchpad-ppa/debian/compat (+1/-0)
launchpad-ppa/debian/control (+20/-0)
launchpad-ppa/debian/copyright (+10/-0)
launchpad-ppa/debian/docs (+1/-0)
launchpad-ppa/debian/openlp.install (+1/-0)
launchpad-ppa/debian/pycompat (+1/-0)
launchpad-ppa/debian/pyversions (+1/-0)
launchpad-ppa/debian/rules (+21/-0)
osx/Info.plist (+126/-0)
osx/LICENSE.txt (+339/-0)
osx/applescript-adjust-dmg-view.master (+31/-0)
osx/config.ini.default (+23/-0)
osx/macosx-builder.py (+768/-0)
pyinstaller-hooks/hook-mysql.connector.py (+23/-0)
pyinstaller-hooks/hook-openlp.core.ui.media.py (+25/-0)
pyinstaller-hooks/hook-openlp.plugins.presentations.presentationplugin.py (+26/-0)
pyinstaller-hooks/hook-openlp.py (+31/-0)
pyinstaller-hooks/hook-ssl.py (+10/-0)
pyinstaller-hooks/rthook_ssl.py (+5/-0)
scripts/backup_georss.sh (+12/-0)
scripts/build_dev_deb.sh (+46/-0)
scripts/build_docs.sh (+39/-0)
scripts/build_nightly_deb.sh (+47/-0)
scripts/build_release_deb.sh (+19/-0)
scripts/deb_version.py (+40/-0)
scripts/dev_build.sh (+42/-0)
scripts/fix_bzr.py (+29/-0)
scripts/natsort.py (+35/-0)
scripts/nightly_build.sh (+78/-0)
scripts/notify_build.sh (+40/-0)
scripts/openlp_tweeter.py (+60/-0)
scripts/openlp_version.py (+57/-0)
scripts/openlptweet.py (+48/-0)
scripts/release_build.sh (+34/-0)
scripts/upload_build.sh (+59/-0)
windows/LICENSE.txt (+339/-0)
windows/OpenLP.iss.default (+185/-0)
windows/OpenLPPortable/App/Appinfo/Launcher/OpenLPPortable.ini (+10/-0)
windows/OpenLPPortable/App/Readme.txt (+3/-0)
windows/OpenLPPortable/Other/Source/LauncherLicense.txt (+339/-0)
windows/OpenLPPortable/Other/Source/OpenLPPortable.ini (+6/-0)
windows/OpenLPPortable/Other/Source/Readme.txt (+47/-0)
windows/OpenLPPortable/help.html (+160/-0)
windows/appinfo.ini.default (+32/-0)
windows/config.ini.default (+22/-0)
windows/openlp.conf (+26/-0)
windows/windows-builder.py (+649/-0)
lp:openlp/packaging
Phill (phill-ridout)
Changed in openlp:
importance: Undecided → Medium
Revision history for this message
Raoul Snyman (raoul-snyman) wrote :

Another ticket: http://support.openlp.org/scp/tickets.php?id=2830

Tomas Groth (tomasgroth)
Changed in openlp:
status: New → Confirmed
Revision history for this message
Tomas Groth (tomasgroth) wrote :

The problem is described here:
https://trac.macports.org/ticket/47805#comment:5
and here
http://bugs.python.org/issue23476
So the issue is specific to Mac OS X 10.10

To solve this it seems we need to wait for the next python release (3.4.4?) or manually patch python from macports.

Revision history for this message
Tomas Groth (tomasgroth) wrote :

To manually patch and build python 3.4 from macports, this patch: https://hg.python.org/cpython/rev/7f64437a707f/
must be used in this macport: https://trac.macports.org/browser/trunk/dports/lang/python34/Portfile

Revision history for this message
Raoul Snyman (raoul-snyman) wrote :

That's a whole lot of work that I'm not going to do unless it's 100% necessary. I'm going to wait for either openssl 1.0.2b or Python 3.4.4 unless we release 2.2 before then.

Revision history for this message
matysek (mzibricky) wrote :

Is this issue about that Apple removed in osx 10.10 some 1024-bit root certificates and this cause verification failure?

Could it work to fix this by bundlig own copy of root certificate and use it for ssl verification when connectiong to songselect from osx?

* use method ssl.SSLContext.load_verify_locations
* Later use python 3.4.4 or openssl when it is released?

Jonathan Springer (springermac)
Changed in openlp:
assignee: nobody → Jonathan Springer (springermac)
status: Confirmed → In Progress
Jonathan Springer (springermac)
Changed in openlp:
status: In Progress → Fix Committed
milestone: none → 2.1.6
Raoul Snyman (raoul-snyman)
Changed in openlp:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.