Opened 17 months ago
Closed 16 months ago
#32527 closed defect (fixed)
urllib needs a SSL context to work with openssl 3.x
Reported by:  Thierry Monteil  Owned by:  

Priority:  major  Milestone:  sage9.5 
Component:  packages: standard  Keywords:  
Cc:  Merged in:  
Authors:  Thierry Monteil  Reviewers:  Matthias Koeppe 
Report Upstream:  N/A  Work issues:  
Branch:  1d88693 (Commits, GitHub, GitLab)  Commit:  1d88693ddf1758ae4fa7ccb6949161b52200e591 
Dependencies:  Stopgaps: 
Description (last modified by )
Whith OpenSSL 3.x installed from Sage, we get the following error:
sage: oeis(42) <repr(<sage.databases.oeis.OEISSequence at 0x7f1fd4483e50>) failed: OSError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)> Error fetching https://oeis.org/search?q=A000042&n=1&fmt=text.>
This is due to the fact that we do not pass any SSL context to urllib.
The current branch also force https in the URL that are fetched by Sage, except:
src/sage/finance/stock.py
which is broken anyway #25473src/sage/combinat/matrices/hadamard_matrix.py
sincehttp://neilsloane.com/hadamard/
does not provide https connectionssrc/sage/combinat/designs/ext_rep.py
since neitherhttp://designtheory.org
norhttp://www.maths.qmul.ac.uk/~lsoicher/designtheory.org/
provide https connections.
Change History (8)
comment:1 Changed 17 months ago by
comment:3 Changed 17 months ago by
Branch:  → u/tmonteil/urllib_needs_a_ssl_context_to_work_with_openssl_3_x 

comment:4 Changed 17 months ago by
Commit:  → 01c63814b4756555805769a0281b16b18336d1b2 

Description:  modified (diff) 
Status:  new → needs_review 
New commits:
01c6381  #32527 : add a SSL context where needed

comment:5 Changed 17 months ago by
Commit:  01c63814b4756555805769a0281b16b18336d1b2 → 1d88693ddf1758ae4fa7ccb6949161b52200e591 

Branch pushed to git repo; I updated commit sha1. This was a forced push. New commits:
1d88693  #32527 : add a SSL context where needed

comment:6 Changed 17 months ago by
Reviewers:  → Matthias Koeppe 

Status:  needs_review → positive_review 
This seems to work well, tested locally with ./sage tp optional=sage,internet src/sage/arith/misc.py src/sage/combinat/designs/covering_design.py src/sage/databases/ src/sage/doctest/external.py src/sage/graphs/isgci.py src/sage/interfaces/mathematica.py src/sage/misc/ src/sage/repl
There are a bunch of failures
sage t randomseed=0 src/sage/databases/oeis.py # 4 doctests failed sage t randomseed=0 src/sage/databases/findstat.py # 4 doctests failed
that come from absurdly rigid doctests. Fixing them is outside of the scope of this ticket.
comment:7 Changed 17 months ago by
Thanks for the review. Also tested on a bare VM with only Sageshipped packages (including Python 3 and Openssl 3.0.0).
comment:8 Changed 16 months ago by
Branch:  u/tmonteil/urllib_needs_a_ssl_context_to_work_with_openssl_3_x → 1d88693ddf1758ae4fa7ccb6949161b52200e591 

Resolution:  → fixed 
Status:  positive_review → closed 
I think this is the same problem that we faced in #29418/#30950 (for
sagesystempython
)