New submission from Utku Gultopu: It seems like ssl module is not working for me:
(virtualenv) user@host:~$ python Python 3.6.0 (v3.6.0:41df79263a11, Dec 22 2016, 17:23:13) [GCC 4.2.1 (Apple Inc. build 5666) (dot 3)] on darwin Type "help", "copyright", "credits" or "license" for more information. >>> import ssl >>> import socket >>> context = ssl.create_default_context() >>> conn = context.wrap_socket(socket.socket(socket.AF_INET), >>> server_hostname="www.python.org") >>> conn.connect(("www.python.org", 443)) Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/ssl.py", line 1093, in connect self._real_connect(addr, False) File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/ssl.py", line 1084, in _real_connect self.do_handshake() File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/ssl.py", line 1061, in do_handshake self._sslobj.do_handshake() File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/ssl.py", line 683, in do_handshake self._sslobj.do_handshake() ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:749) >>> It seems like a problem with OpenSSL in Sierra itself. Because the following command does not work either: (virtualenv) user@host:~$ openssl s_client -connect www.python.org:443 CONNECTED(00000003) depth=1 /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA verify error:num=20:unable to get local issuer certificate verify return:0 --- Certificate chain 0 s:/businessCategory=Private Organization/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/serialNumber=3359300/street=16 Allen Rd/postalCode=03894-4801/C=US/ST=NH/L=Wolfeboro/O=Python Software Foundation/CN=www.python.org i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA --- Server certificate -----BEGIN CERTIFICATE----- MIIIWjCCB0KgAwIBAgIQCXCW7BLw16II/CMOsOFe/jANBgkqhkiG9w0BAQsFADB1 MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVk IFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTE2MDYyOTAwMDAwMFoXDTE4MDkyNzEy MDAwMFowgfgxHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYLKwYB BAGCNzwCAQMTAlVTMRkwFwYLKwYBBAGCNzwCAQITCERlbGF3YXJlMRAwDgYDVQQF EwczMzU5MzAwMRQwEgYDVQQJEwsxNiBBbGxlbiBSZDETMBEGA1UEERMKMDM4OTQt NDgwMTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk5IMRIwEAYDVQQHEwlXb2xmZWJv cm8xIzAhBgNVBAoTGlB5dGhvbiBTb2Z0d2FyZSBGb3VuZGF0aW9uMRcwFQYDVQQD Ew53d3cucHl0aG9uLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AMpgUlIza25mor2AW20yRs8uHtRJs0kXpMF2zATQjhYAgfpqjoKugoWBlMrLCFQj G/Aq8W7pT4WWHCb9Nv2QGdnIEapxi5HSfxc3b1HIRmJDdfxsc2Y4dATfgzIS4wNw jDM9tmYcMZMKZVdW4WxurQIka8r3tBFP944yAllRn8uuFVXSDYALkZOiiWxuMYKA q40hYrDhWO53uKk23HNBo5Kgfvcj3t0ZcMSkzekClxyxgyS1nnkNWIdEEMCP/FFU UXrQt0MEtkmfc++6Ps2SEiHL2T4MEqY8eE0ss6Mvmt+yzy8QsZOArrpxv7l8OwBO 5yB0LU3ByoQan1O/upeNclkCAwEAAaOCBGAwggRcMB8GA1UdIwQYMBaAFD3TUKXW oK3u80pgCmXTIdT4+NYPMB0GA1UdDgQWBBTL2ztKcGS38IxHEASJaOzwHuUqljCC AQsGA1UdEQSCAQIwgf+CDnd3dy5weXRob24ub3Jngg9kb2NzLnB5dGhvbi5vcmeC D2J1Z3MucHl0aG9uLm9yZ4IPd2lraS5weXRob24ub3Jngg1oZy5weXRob24ub3Jn gg9tYWlsLnB5dGhvbi5vcmeCD3B5cGkucHl0aG9uLm9yZ4IUcGFja2FnaW5nLnB5 dGhvbi5vcmeCEGxvZ2luLnB5dGhvbi5vcmeCEmRpc2N1c3MucHl0aG9uLm9yZ4IM dXMucHljb24ub3JnggdweXBpLmlvggxkb2NzLnB5cGkuaW+CCHB5cGkub3Jngg1k b2NzLnB5cGkub3Jngg9kb25hdGUucHlwaS5vcmcwDgYDVR0PAQH/BAQDAgWgMB0G A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5o dHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1ldi1zZXJ2ZXItZzEuY3JsMDSg MqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1ldi1zZXJ2ZXItZzEu Y3JsMEsGA1UdIAREMEIwNwYJYIZIAYb9bAIBMCowKAYIKwYBBQUHAgEWHGh0dHBz Oi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwBwYFZ4EMAQEwgYgGCCsGAQUFBwEBBHww ejAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMFIGCCsGAQUF BzAChkZodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyRXh0 ZW5kZWRWYWxpZGF0aW9uU2VydmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwggF9Bgor BgEEAdZ5AgQCBIIBbQSCAWkBZwB2AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3 zQ7IDdwQAAABVkgj4a8AAAQDAEcwRQIhAMhsxamO6hrRjfNmH4Yj/cnJo72cmTHm rSlEi0FHilNtAiB/tDiULYh6rf9H5eKmrV8PRsvFNSflBsQIIF1VejnWrwB2AGj2 mPgfZIK+OozuuSgdTPxxUV1nk9RE0QpnrLtPT/vEAAABVkgj4XYAAAQDAEcwRQIg Ygh+rvtk2KQd2CRaM+whfGgc6waZACSMgwzYVmOZr9sCIQDGs78IDIoPZhNBGfIK xXQdq8DwAjahQboXeJWx/AfAxQB1AFYUBpov18Ls0/XhvUSyPsdGdrm8mRFcwO+U mFXWidDdAAABVkgj4dkAAAQDAEYwRAIgMOOdrhZ0280XsmWuLt7fcFnwtRIu42j7 WmRrQ2NlJLUCIG5Z6vzlhvFNIhN67A0G/hrRH7hzJ13/elILZcjZYJQqMA0GCSqG SIb3DQEBCwUAA4IBAQCuDt1T9tBxAVYp2u10uONL6FTHQlgguQCiN5ANmjp6dUAq 2I1nCgZB9nxhGUFOsdiQ5DFDgJ0xTAgwF4nWAyXEHKjyacoaUOh3Zq7A62r5+0eE P3XDNKIN2TWF3+djFneND/uqqpDGo2bMdcm9l0dvktUP9xQXIZBBkOMJZfXSxh0/ 7H+bDizx+bq/5Dwv97fs770UCz5LqGRuIUaZQvBQblsP5QoBaKEYW5Hsmfu9FWbW 0qreV7KHFp7ONBSKFUefbG0Q37O8oTPr7JnMxTvdUcthJOLcN9IHo2StTzv3Wru0 5njv0zLw7zwePKc9YJ1YBLmLj7vPxyy/XoW8+8hI -----END CERTIFICATE----- subject=/businessCategory=Private Organization/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/serialNumber=3359300/street=16 Allen Rd/postalCode=03894-4801/C=US/ST=NH/L=Wolfeboro/O=Python Software Foundation/CN=www.python.org issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA --- No client certificate CA names sent --- SSL handshake has read 3524 bytes and written 456 bytes --- New, TLSv1/SSLv3, Cipher is AES128-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : AES128-SHA Session-ID: 239A88888D772216EDDD8C204996A901BAD27D50B929E6A626955472456077B6 Session-ID-ctx: Master-Key: FB1EAC13FFD2F42DA5BF0364E3A08A869DD129389374416B6574F6D852692888F991B79027143A81963FA7594FFB85BD Key-Arg : None Start Time: 1482618121 Timeout : 300 (sec) Verify return code: 0 (ok) --- Connecting to `www.python.org` (or any other secure site) works on web browsers. Also, `DigiCert High Assurance EV Root CA` exists in the System Roots section of Keychain. I guess the problem might be that ssl module does not use the Keychain, like `openssl` command. Regards ---------- assignee: christian.heimes components: SSL, macOS messages: 283976 nosy: christian.heimes, ned.deily, ronaldoussoren, ugultopu priority: normal severity: normal status: open title: SSL module problem on Python 3.6.0 and macOS Sierra type: behavior versions: Python 3.6 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue29065> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com