certifi or tornadoweb broken? What is happening here?

Nagy László Zsolt gandalf at shopzeus.com
Wed Oct 7 06:39:29 EDT 2015 

Here is an MWE:

import certifi
import tornado.ioloop
import tornado.httpclient

io_loop = tornado.ioloop.IOLoop.current()

def test():
    global io_loop
    url =
"https://www.saaspass.com/sd/rest/applications/xxxxxxxxxxxxxxxxx/tokens?password=xxxxxxxxxxxxxxxxx"
# Just a test application!
    http_client = tornado.httpclient.HTTPClient()
    request = tornado.httpclient.HTTPRequest(url = url, method = "GET",
ca_certs=certifi.where())
    response = http_client.fetch(request)
    print(response.body)



print("Certifi version:",certifi.__version__)

io_loop.add_callback(test)
io_loop.start() # forgive me, will never stop, but this is just a test


Here is what happens on Windows 7:

c:\Temp\aaa>py -3 test.py
Certifi version: 2015.09.06.2
ERROR:tornado.application:Exception in callback
functools.partial(<function wrap
.<locals>.null_wrapper at 0x00000000033AC598>)
Traceback (most recent call last):
  File "C:\Python35\lib\site-packages\tornado\ioloop.py", line 592, in
_run_call
back
    ret = callback()
  File "C:\Python35\lib\site-packages\tornado\stack_context.py", line
275, in nu
ll_wrapper
    return fn(*args, **kwargs)
  File "test.py", line 12, in test
    response = http_client.fetch(request)
  File "C:\Python35\lib\site-packages\tornado\httpclient.py", line 102,
in fetch

    self._async_client.fetch, request, **kwargs))
  File "C:\Python35\lib\site-packages\tornado\ioloop.py", line 445, in
run_sync
    return future_cell[0].result()
  File "C:\Python35\lib\site-packages\tornado\concurrent.py", line 215,
in resul
t
    raise_exc_info(self._exc_info)
  File "<string>", line 3, in raise_exc_info
tornado.httpclient.HTTPError: HTTP 400: Bad Request

And here is what happens on Ubuntu:

test at vps014:~$ python3 test.py
Certifi version: 2015.09.06.2
WARNING:tornado.general:SSL Error on 9 ('104.154.49.147', 443): [Errno
1] _ssl.c:392: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
ERROR:tornado.application:Exception in callback
functools.partial(<function null_wrapper at 0x7f4aacbd0a68>)
Traceback (most recent call last):
  File
"/usr/local/lib/python3.2/dist-packages/tornado-4.2.1-py3.2-linux-x86_64.egg/tornado/ioloop.py",
line 592, in _run_callback
    ret = callback()
  File
"/usr/local/lib/python3.2/dist-packages/tornado-4.2.1-py3.2-linux-x86_64.egg/tornado/stack_context.py",
line 275, in null_wrapper
    return fn(*args, **kwargs)
  File "test.py", line 12, in test
    response = http_client.fetch(request)
  File
"/usr/local/lib/python3.2/dist-packages/tornado-4.2.1-py3.2-linux-x86_64.egg/tornado/httpclient.py",
line 102, in fetch
    self._async_client.fetch, request, **kwargs))
  File
"/usr/local/lib/python3.2/dist-packages/tornado-4.2.1-py3.2-linux-x86_64.egg/tornado/ioloop.py",
line 445, in run_sync
    return future_cell[0].result()
  File
"/usr/local/lib/python3.2/dist-packages/tornado-4.2.1-py3.2-linux-x86_64.egg/tornado/concurrent.py",
line 215, in result
    raise_exc_info(self._exc_info)
  File "<string>", line 3, in raise_exc_info
  File
"/usr/local/lib/python3.2/dist-packages/tornado-4.2.1-py3.2-linux-x86_64.egg/tornado/stack_context.py",
line 314, in wrapped
    ret = fn(*args, **kwargs)
  File
"/usr/local/lib/python3.2/dist-packages/tornado-4.2.1-py3.2-linux-x86_64.egg/tornado/gen.py",
line 212, in <lambda>
    future, lambda future: callback(future.result()))
  File
"/usr/local/lib/python3.2/dist-packages/tornado-4.2.1-py3.2-linux-x86_64.egg/tornado/concurrent.py",
line 215, in result
    raise_exc_info(self._exc_info)
  File "<string>", line 3, in raise_exc_info
  File
"/usr/local/lib/python3.2/dist-packages/tornado-4.2.1-py3.2-linux-x86_64.egg/tornado/gen.py",
line 876, in run
    yielded = self.gen.throw(*exc_info)
  File
"/usr/local/lib/python3.2/dist-packages/tornado-4.2.1-py3.2-linux-x86_64.egg/tornado/tcpclient.py",
line 174, in connect
    server_hostname=host)
  File
"/usr/local/lib/python3.2/dist-packages/tornado-4.2.1-py3.2-linux-x86_64.egg/tornado/gen.py",
line 870, in run
    value = future.result()
  File
"/usr/local/lib/python3.2/dist-packages/tornado-4.2.1-py3.2-linux-x86_64.egg/tornado/concurrent.py",
line 215, in result
    raise_exc_info(self._exc_info)
  File "<string>", line 3, in raise_exc_info
  File
"/usr/local/lib/python3.2/dist-packages/tornado-4.2.1-py3.2-linux-x86_64.egg/tornado/iostream.py",
line 1243, in _do_ssl_handshake
    self.socket.do_handshake()
  File "/usr/lib/python3.2/ssl.py", line 458, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [Errno 1] _ssl.c:392: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed


The certifi package has the very same version on both systems. I have
compared the cacert.pem file provided by certifi on both systems and
they are identical. The URL is also identical.

What is happening here? How it is possible that the Ubuntu system gives
an SSL handshake error, but the Windows system does the SSL handshake -
using the same CA cert list?

Thanks

   Laszlo

More information about the Python-list mailing list