-
Notifications
You must be signed in to change notification settings - Fork 1.4k
Closed
Labels
C-bugSomething isn't workingSomething isn't working
Description
Summary
SSL certificate verification fails when making HTTPS requests using RustPython's requests library, even with proper certificate handling through certifi. This prevents secure HTTPS connections in RustPython applications.
Expected
The following code should successfully make an HTTPS request with proper SSL certificate verification:
import requests
from certifi import where
session = requests.Session()
session.verify = where()
response = session.get('https://openlibrary.org/api/books?bibkeys=ISBN:9780618640157&format=json&jscmd=data')
print(response.json())Actual
The code fails with an SSL certificate verification error:
SSLError: HTTPSConnectionPool(host='openlibrary.org', port=443): Max retries exceeded with url: /api/books?bibkeys=ISBN:9780618640157&format=json&jscmd=data (Caused by SSLError(SSLError(134, '[SSL routines] certificate verify failed (ssl.rs:1030)')))
Even with explicit SSL context configuration:
import ssl
import requests
from certifi import where
# Configure SSL context with certifi
ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
ssl_context.verify_mode = ssl.CERT_REQUIRED
ssl_context.load_verify_locations(cafile=where(), capath=None, cadata=None)
session = requests.Session()
session.verify = where()
response = session.get('https://openlibrary.org/api/books?bibkeys=ISBN:9780618640157&format=json&jscmd=data')The same error persists.
Environment
- RustPython version: 0.4.0
- Operating System: Linux 20.04.1-Ubuntu
- Dependencies:
- requests
- certifi
- urllib3
- charset-normalizer
Steps to Reproduce
- Install required packages:
#!/bin/bash
SITE_PACKAGES="python_packages/site-packages"
mkdir -p "$SITE_PACKAGES"
# Install pip and packages
curl -sSL https://bootstrap.pypa.io/get-pip.py -o get-pip.py
python3 get-pip.py --target="$SITE_PACKAGES"
python3 -m pip install --target="$SITE_PACKAGES" charset-normalizer urllib3 certifi requests- RustPython code:
use anyhow;
use rustpython_vm as vm;
use rustpython_stdlib;
use std::path::PathBuf;
pub async fn run() -> anyhow::Result<()> {
let mut settings = vm::Settings::default();
let base_path = PathBuf::from(env!("CARGO_MANIFEST_DIR"))
.join("src")
.join("experiments")
.join("e5_run_python")
.join("python_packages");
settings.path_list.push(base_path.join("Lib").to_string_lossy().to_string());
settings.path_list.push(base_path.join("site-packages").to_string_lossy().to_string());
let interpreter = vm::Interpreter::with_init(settings, |vm| {
vm.add_native_modules(rustpython_stdlib::get_module_inits());
});
// ... Python code execution
}Python Documentation
According to Python's SSL documentation:
-
ssl.SSLContextshould handle certificate verification:context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) context.verify_mode = ssl.CERT_REQUIRED context.load_verify_locations(cafile=certifi.where())
-
The
requestslibrary should automatically handle SSL verification whenverify=Trueor when provided with a certificate path:session = requests.Session() session.verify = certifi.where()
Related Issues
youknowone and arihant2math
Metadata
Metadata
Assignees
Labels
C-bugSomething isn't workingSomething isn't working