[yocto] Missing certificates

Gary Thomas gary at mlbassoc.com
Fri Jul 24 12:49:30 PDT 2015 

On 2015-07-24 13:30, Aníbal Limón wrote:
> Hi Gary,
>
> What version of python do you use?.
>
> Since 2.7.9 cert checking is enabled by default causing this kind of errors. [1]
>
> [1] https://www.python.org/dev/peps/pep-0476/
>
> Kind regards,
>      alimon

I'm using the stock python 2.7.9 from Poky/Yocto master:901be2cb69892595443ed41ab4be285932db15eb

Is there an answer for this that's a bit less intrusive?
Perhaps there could be a DISTRO or even IMAGE feature to
enable/disable this checking?

The pep you referenced mostly talks about why this was changed
and how to disable it - manually within the python code itself.
What I don't see is where/how/what to change/import to actually
let the full certificate checking happen.

>
> On 24/07/15 13:02, Gary Thomas wrote:
>> I was trying to run a simple fetch from python using
>>         url = 'https://raw.github.com/Itseez/opencv/master/samples/c/fruits.jpg'
>>         filedata = urllib2.urlopen(url).read()
>>
>> This failed:
>>   Traceback (most recent call last):
>>   File "./edge.py", line 36, in <module>
>>     filedata = urllib2.urlopen(url).read()
>>   File "/usr/lib/python2.7/urllib2.py", line 154, in urlopen
>>     return opener.open(url, data, timeout)
>>   File "/usr/lib/python2.7/urllib2.py", line 431, in open
>>     response = self._open(req, data)
>>   File "/usr/lib/python2.7/urllib2.py", line 449, in _open
>>     '_open', req)
>>   File "/usr/lib/python2.7/urllib2.py", line 409, in _call_chain
>>     result = func(*args)
>>   File "/usr/lib/python2.7/urllib2.py", line 1240, in https_open
>>     context=self._context)
>>   File "/usr/lib/python2.7/urllib2.py", line 1197, in do_open
>>     raise URLError(err)
>> urllib2.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)>
>>
>> I can see that it was looking for some certificates in /usr/lib/ssl/certs
>> but that directory is missing.
>>
>> Anyone know what I might be missing (or have misconfigured)?
>>
>> Thanks
>>

-- 
------------------------------------------------------------
Gary Thomas                 |  Consulting for the
MLB Associates              |    Embedded world
------------------------------------------------------------

More information about the yocto mailing list