<html>
<head>
<base href="https://bugs.documentfoundation.org/">
</head>
<body><span class="vcard"><a class="email" href="mailto:michael.stahl@cib.de" title="Michael Stahl (CIB) <michael.stahl@cib.de>"> <span class="fn">Michael Stahl (CIB)</span></a>
</span> changed
<a class="bz_bug_link
bz_status_UNCONFIRMED "
title="UNCONFIRMED - Python error 'certificate verify failed (_ssl.c:719)'"
href="https://bugs.documentfoundation.org/show_bug.cgi?id=125013">bug 125013</a>
<br>
<table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>What</th>
<th>Removed</th>
<th>Added</th>
</tr>
<tr>
<td style="text-align:right;">Whiteboard</td>
<td>
</td>
<td>QA:needsComment
</td>
</tr></table>
<p>
<div>
<b><a class="bz_bug_link
bz_status_UNCONFIRMED "
title="UNCONFIRMED - Python error 'certificate verify failed (_ssl.c:719)'"
href="https://bugs.documentfoundation.org/show_bug.cgi?id=125013#c4">Comment # 4</a>
on <a class="bz_bug_link
bz_status_UNCONFIRMED "
title="UNCONFIRMED - Python error 'certificate verify failed (_ssl.c:719)'"
href="https://bugs.documentfoundation.org/show_bug.cgi?id=125013">bug 125013</a>
from <span class="vcard"><a class="email" href="mailto:michael.stahl@cib.de" title="Michael Stahl (CIB) <michael.stahl@cib.de>"> <span class="fn">Michael Stahl (CIB)</span></a>
</span></b>
<pre><a class="bz_bug_link
bz_status_RESOLVED bz_closed"
title="RESOLVED FIXED - python: Win32: urllib on https URLs fails due to loading wrong OpenSSL libraries"
href="show_bug.cgi?id=109241">bug 109241</a> is about urllib not supporting https protocol at all, while if you
get a CERTIFICATE_VERIFY_FAILED error it clearly does try to use https, so it's
a different problem.
the 2 most likely reason why you get a CERTIFICATE_VERIFY_FAILED error is that
either the server certificate or one of its signing CA certificates is expired;
or the server certificates's CA certificate chain doesn't have a trusted root
in the bundled certificates that CPython uses, which i'd assume (but haven't
checked) are the bundled certificates of LO's OpenSSL library.
without knowing what the reason of the CERTIFICATE_VERIFY_FAILED error is, it's
hard to tell of course...
of course ideally urlib would use the operating system's CA store to verify
stuff instead of whatever OpenSSL bundles, which would give the user a UI tool
to add additional trusted CA certificates or remove default ones they don't
trust - but i have no idea if that is possible.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>