-
-
Notifications
You must be signed in to change notification settings - Fork 287
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Potential solution to SSL certificates issue on MacOS #320
base: master
Are you sure you want to change the base?
Conversation
On mac the certificates aren't found properly by `urlopen()` Can be resolved by `certifi.where()` as long as that's available. Currently this code isn't providing an error if not (nor added to the requirements)
fixes #318 |
I don't feel comfortable with Mac users installing imageio and then still seeing a warning every time that imageio gets imported, unless they install another package. I'd say we either make certifi a dependency, or display the warning only when urlopen is actually used (and at most once). @jni here's a chance to help by weighing in on this decision :D |
For reference, urlopen is used:
|
Yes, I understand that. Actually, this isn't quite working anyway (for a bizarre reason that I don't understand)... I tested the method by monkey patching your urllib (which is what I'll probably do to get around this in the psychopy package that I write) and that worked fine:
BUT when I then copy and paste that exact same code into imageio.core.util (as in the pull request) it no longer works!! I have no idea what that's about |
OK, I did have to resort to using Just to say though that switching to use the
So, it would be a fair bit of refactoring, but I think you'd get something more robust by having the right tool rather than writing requests code yourself! :-) For my own purposes I'll use a monkey patch, so I don't mind either way!
|
Would it be possible to use |
I did it in |
Ah, I see. Can we talk about that original idea of using certifi for a bit?
Do you have more on that?
Can you expand on that? Could it be related to (I'm planning on doing a release of imageio this week. With a bit of luck we can get a fix for this in ...) |
Not sure what else I can tell you. As I say, when I used a monkey-patch to replace your urlopen function the SSL errors went away. But when I moved the same certifi.where() code into your own function (as in the pull request) the SSL errors returned! I don't understand it. Best guess is that something else had subsequently changed the certificates or the value returned by certifi.where(). But it's beyond my pay grade ;-)
No, the cafile arg did exist in Py>2.7.9. I'm just saying that it seemed not to be very consistent (sometimes it worked and sometimes not and I couldn't work out why). The error wasn't about an incorrect call or anything; just that the certificates still weren't being used as expected so the SSL errors returned. |
By the way, I realised I had copy/pasted an error in the requests solution posted above (the file copy step at the end was inside the write-chunk loop by mistake). That's now fixed |
Thanks for the update! |
Thanks for the ping @almarklein! I'm over my head here, but from a usability perspective, I'd certainly like the ability to pass @peircej so are you saying that the certifi solution:
Personally I'm ok with this state of affairs. 😈 😛 |
No, that was just a guess of mine. Apparently, it just works intermittently ... I am hesitant to a solution that adds a requirement on |
I would respectfully start by adding an I.e. if the latest Python 2.7.x release doesn't have this issue on Mac OSX, maybe we respectfully ask Mac OS Python 2.7 users to update to the latest 2.7.x release, as we don't want to workaround things already fixed in latest CPython 2.7.x |
This wont be longer necessary for ffmpeg. Though it might still apply to the downloading of standard images I suppose? |
More ppl are running into this, e.g. #500. I think I'm ready to add |
On mac the certificates aren't found properly by
urlopen()
Can be resolved by
certifi.where()
as long as that's available. Currently this code isn't providing an error if not (nor added to the requirements)