#32527 closed defect (fixed)

urllib needs a SSL context to work with openssl 3.x

Reported by: Thierry Monteil Owned by:
Priority: major Milestone: sage-9.5
Component: packages: standard Keywords:
Cc: Merged in:
Authors: Thierry Monteil Reviewers: Matthias Koeppe
Report Upstream: N/A Work issues:
Branch: 1d88693 (Commits, GitHub, GitLab) Commit: 1d88693ddf1758ae4fa7ccb6949161b52200e591
Dependencies: Stopgaps:

Status badges

Description (last modified by Thierry Monteil)

Whith OpenSSL 3.x installed from Sage, we get the following error:

sage: oeis(42)
<repr(<sage.databases.oeis.OEISSequence at 0x7f1fd4483e50>) failed: OSError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)>
Error fetching https://oeis.org/search?q=A000042&n=1&fmt=text.>

This is due to the fact that we do not pass any SSL context to urllib.

The current branch also force https in the URL that are fetched by Sage, except:

  • src/sage/finance/stock.py which is broken anyway #25473
  • src/sage/combinat/matrices/hadamard_matrix.py since http://neilsloane.com/hadamard/ does not provide https connections
  • src/sage/combinat/designs/ext_rep.py since neither http://designtheory.org nor http://www.maths.qmul.ac.uk/~lsoicher/designtheory.org/ provide https connections.

Change History (8)

comment:1 Changed 17 months ago by Matthias Köppe

I think this is the same problem that we faced in #29418/#30950 (for sage-system-python)

comment:2 Changed 17 months ago by Thierry Monteil

OK, will look at those tickets too.

Last edited 17 months ago by Thierry Monteil (previous) (diff)

comment:3 Changed 17 months ago by Thierry Monteil

Branch: u/tmonteil/urllib_needs_a_ssl_context_to_work_with_openssl_3_x

comment:4 Changed 17 months ago by Thierry Monteil

Commit: 01c63814b4756555805769a0281b16b18336d1b2
Description: modified (diff)
Status: newneeds_review

New commits:

01c6381#32527 : add a SSL context where needed

comment:5 Changed 17 months ago by git

Commit: 01c63814b4756555805769a0281b16b18336d1b21d88693ddf1758ae4fa7ccb6949161b52200e591

Branch pushed to git repo; I updated commit sha1. This was a forced push. New commits:

1d88693#32527 : add a SSL context where needed

comment:6 Changed 17 months ago by Matthias Köppe

Reviewers: Matthias Koeppe
Status: needs_reviewpositive_review

This seems to work well, tested locally with ./sage -tp --optional=sage,internet src/sage/arith/misc.py src/sage/combinat/designs/covering_design.py src/sage/databases/ src/sage/doctest/external.py src/sage/graphs/isgci.py src/sage/interfaces/mathematica.py src/sage/misc/ src/sage/repl

There are a bunch of failures

sage -t --random-seed=0 src/sage/databases/oeis.py  # 4 doctests failed
sage -t --random-seed=0 src/sage/databases/findstat.py  # 4 doctests failed

that come from absurdly rigid doctests. Fixing them is outside of the scope of this ticket.

comment:7 Changed 17 months ago by Thierry Monteil

Thanks for the review. Also tested on a bare VM with only Sage-shipped packages (including Python 3 and Openssl 3.0.0).

comment:8 Changed 16 months ago by Volker Braun

Branch: u/tmonteil/urllib_needs_a_ssl_context_to_work_with_openssl_3_x1d88693ddf1758ae4fa7ccb6949161b52200e591
Resolution: fixed
Status: positive_reviewclosed
Note: See TracTickets for help on using tickets.