I’m building an application in python 3.3 which uses the requests library.
When I try to get a URL with SSL connection I want to verify it with verify = true.
This works perfectly when running my python scripts.
When I freeze the same scripts it crashes. It misses something and I really cant figure out how to integrate it in my frozen application.
I get the following error (which also triggers other errors, but I don’t post them here):
Traceback (most recent call last): File "C:Python33-32libsite-packagesrequestspackagesurllib3connectionpool.py", line 422, in urlopen body=body, headers=headers) File "C:Python33-32libsite-packagesrequestspackagesurllib3connectionpool.py", line 274, in _make_request conn.request(method, url, **httplib_request_kw) File "C:Python33-32libhttpclient.py", line 1049, in request self._send_request(method, url, body, headers) File "C:Python33-32libhttpclient.py", line 1087, in _send_request self.endheaders(body) File "C:Python33-32libhttpclient.py", line 1045, in endheaders self._send_output(message_body) File "C:Python33-32libhttpclient.py", line 890, in _send_output self.send(msg) File "C:Python33-32libhttpclient.py", line 828, in send self.connect() File "C:Python33-32libsite-packagesrequestspackagesurllib3connectionpool.py", line 105, in connect ssl_version=self.ssl_version) File "C:Python33-32libsite-packagesrequestspackagesurllib3util.py", line 281, in ssl_wrap_socket context.load_verify_locations(ca_certs) FileNotFoundError: [Errno 2] No such file or directory
It seems that ca_certs is missing. There is a file called cacert.pem in the requests library, but I don’t know if this is the missing file and how to import it since it seems to be not integrated into my final frozen package.
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
Looking at the requests source, it seems you can pass the path to the cacert.pem file as verify=path, instead of verify=True. So you don’t need to modify requests for it to work.
You can pass the path of a file to include in the include-files parameter of the cx_Freeze options (docs). You can find the path from requests, so something like this should work in the setup.py you use to freeze it:
import requests.certs
build_exe_options = {"include_files":[(requests.certs.where(),'cacert.pem')]}
#...
Method 2
As Thomas K said, you need to include a CA certificates file if you enable verification.
However, I found that at least for me, requests will look for [INSTALL PATH]library.zipcacert.pem which will fail.
I solved it by copying the cacert.pem as described
import requests.certs
build_exe_options = {"include_files":[(requests.certs.where(),'cacert.pem')]}
#...
and specified its path directly when performing a request:
requests.get(..., verify = '[INSTALL PATH]cacert.pem')
Method 3
You can also use enviroment variable “REQUESTS_CA_BUNDLE” (as said http://docs.python-requests.org/en/latest/user/advanced/#ssl-cert-verification)
It’s much simpler, than correct all your requests:
os.environ["REQUESTS_CA_BUNDLE"] = os.path.join(os.getcwd(), "cacert.pem")
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0