0

Unable to connect using example python code - CERTIFICATE_VE
Moderators: adafruit_support_bill, adafruit

Please be positive and constructive with your questions and comments.

Unable to connect using example python code - CERTIFICATE_VE

by haylcron on Wed Jan 16, 2019 12:41 am

I'm having trouble connecting to Adafruit IO when using the sample python code located here: https://github.com/adafruit/io-client-p ... bscribe.py

I've updated the key, username, and feed id fields.

When I run the program I get the following error:

Code: Select all | TOGGLE FULL SIZE
Traceback (most recent call last):
  File "main.py", line 55, in <module>
    client.connect()
  File "/<path to file>/src/venv/lib/python3.7/site-packages/Adafruit_IO/mqtt_client.py", line 141, in connect
    keepalive=keepalive, **kwargs)
  File "/<path to file>/src/venv/lib/python3.7/site-packages/paho/mqtt/client.py", line 839, in connect
    return self.reconnect()
  File "/<path to file>/src/venv/lib/python3.7/site-packages/paho/mqtt/client.py", line 994, in reconnect
    sock.do_handshake()
  File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/ssl.py", line 1108, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1045)


I understand that there is a certificate trust issue, but I don't know how to resolve that (and I'm curious why it came up using example code). Any help resolving this would be greatly appreciated.

haylcron
 
Posts: 11
Joined: Mon Oct 10, 2016 9:31 pm

Re: Unable to connect using example python code - CERTIFICAT

by franklin97355 on Wed Jan 16, 2019 2:29 am

What board are you using? This page might help

franklin97355
 
Posts: 20270
Joined: Mon Apr 21, 2008 2:33 pm
Location: Lacomb, OR.

Re: Unable to connect using example python code - CERTIFICAT

by haylcron on Wed Jan 16, 2019 9:54 am

I'm currently trying to run this on my Mac (Mojave). Once working, I'll be running it on a Raspberry Pi.

I saw that page last night, but nothing jumped out at me as useful in my particular scenario. Am I missing something?

haylcron
 
Posts: 11
Joined: Mon Oct 10, 2016 9:31 pm

Re: Unable to connect using example python code - CERTIFICAT

by brubell on Wed Jan 16, 2019 10:44 am

haylcron wrote:I'm currently trying to run this on my Mac (Mojave). Once working, I'll be running it on a Raspberry Pi.

I saw that page last night, but nothing jumped out at me as useful in my particular scenario. Am I missing something?


Are you running the latest (2.0.19 as of right now) Adafruit IO python client?

To check this from a terminal:

Code: Select all | TOGGLE FULL SIZE
$ python3
$ import Adafruit_IO
$ Adafruit_IO.__version__
'2.0.19'

brubell
 
Posts: 336
Joined: Fri Jul 17, 2015 10:33 pm

Re: Unable to connect using example python code - CERTIFICAT

by haylcron on Wed Jan 16, 2019 9:31 pm

Just checked and I am running the latest version - 2.0.19.

haylcron
 
Posts: 11
Joined: Mon Oct 10, 2016 9:31 pm

Re: Unable to connect using example python code - CERTIFICAT

by brubell on Thu Jan 17, 2019 10:48 am

haylcron wrote:Just checked and I am running the latest version - 2.0.19.

Are you connecting to Adafruit IO through a proxy (is your host computer connected to a proxy)?

Can you try connecting using a different WiFi network?

brubell
 
Posts: 336
Joined: Fri Jul 17, 2015 10:33 pm

Re: Unable to connect using example python code - CERTIFICAT

by haylcron on Thu Jan 17, 2019 11:00 am

No proxy configured on the Mac. I am going through a pi hole and saw api.segment.io was being blacklisted so I whitelisted it and still no luck. Tried disabling the Pi Hole entirely and still getting the same error message. I'll see if I can get access to another wifi network to try.

haylcron
 
Posts: 11
Joined: Mon Oct 10, 2016 9:31 pm

Re: Unable to connect using example python code - CERTIFICAT

by haylcron on Thu Jan 17, 2019 11:03 am

Just realized I could try my phone as a hot spot. Getting the same error when connected to my home wifi or the cell network via a hot spot.

haylcron
 
Posts: 11
Joined: Mon Oct 10, 2016 9:31 pm

Re: Unable to connect using example python code - CERTIFICAT

by haylcron on Thu Jan 17, 2019 11:11 pm

Update:

Tried the code on both my Windows 10 machine and my wife's older Mac. Both worked just fine. Upgraded my Mac to Python 3.7.2 to see if that was possibly the problem (I was on 3.7.0). Did not fix the issue. Blew away the directory and pulled from git again - no dice.

Seems there is something going on with my machine and the certificates. I'm at a loss for next steps.

haylcron
 
Posts: 11
Joined: Mon Oct 10, 2016 9:31 pm

Re: Unable to connect using example python code - CERTIFICAT

by haylcron on Thu Jan 17, 2019 11:25 pm

FIXED:

I manually downloaded python 3.7.2 and the install created a folder that included a file named "Install Certificates.command." I ran it and now I'm able to connect to IO just fine. What's puzzling is a clean brew install of python 3 on my wife's Mac, which has never had any dev work performed on it, works out of the box whereas the brew install on my machine had the cert issue.

Thanks for the help!

haylcron
 
Posts: 11
Joined: Mon Oct 10, 2016 9:31 pm

Re: Unable to connect using example python code - CERTIFICAT

by brubell on Fri Jan 18, 2019 10:25 am

haylcron wrote:FIXED:

I manually downloaded python 3.7.2 and the install created a folder that included a file named "Install Certificates.command." I ran it and now I'm able to connect to IO just fine. What's puzzling is a clean brew install of python 3 on my wife's Mac, which has never had any dev work performed on it, works out of the box whereas the brew install on my machine had the cert issue.

Thanks for the help!


No problem - good to know about this issue if it happens again for another user on here. I'm not sure it was the Python version, we use python3.6.3 on TravisCI run unit tests on releases for IO-Client-Python.

Have you tried bringing that `install certificates.command` to your machine and running it there?

brubell
 
Posts: 336
Joined: Fri Jul 17, 2015 10:33 pm

Re: Unable to connect using example python code - CERTIFICAT

by abachman on Fri Jan 18, 2019 11:30 am

haylcron,


Is it possible you installed any "enterprise" networking utilities or VPN software or anything? Maybe something to do with corporate intranet?

It sounds like some piece of software fiddled with your system certificates and added a self-signed cert. Probably not a huge risk if you can figure out what it was and you trust that company, but it may mean whoever it is is able to listen in on any other secure (TLS-protected) traffic in software that isn't complaining (like Chrome or Safari).

You can look through your system certificates with the "Keychain Access" app:
Screen Shot 2019-01-18 at 10.23.27 AM.png
Screen Shot 2019-01-18 at 10.23.27 AM.png (88.87 KiB) Viewed 103 times


Not sure what you should look for, but something may stick out :/


- adam b.

abachman
 
Posts: 278
Joined: Mon Feb 01, 2010 12:48 pm

Re: Unable to connect using example python code - CERTIFICAT

by haylcron on Sat Jan 19, 2019 11:59 am

brubell wrote:
haylcron wrote:FIXED:

I manually downloaded python 3.7.2 and the install created a folder that included a file named "Install Certificates.command." I ran it and now I'm able to connect to IO just fine. What's puzzling is a clean brew install of python 3 on my wife's Mac, which has never had any dev work performed on it, works out of the box whereas the brew install on my machine had the cert issue.

Thanks for the help!


No problem - good to know about this issue if it happens again for another user on here. I'm not sure it was the Python version, we use python3.6.3 on TravisCI run unit tests on releases for IO-Client-Python.

Have you tried bringing that `install certificates.command` to your machine and running it there?


Running it on my machine is what fixed the issue. What's odd is I didn't have to run it on my other machines to make it work. I think there's something funky going on with my certificates...

haylcron
 
Posts: 11
Joined: Mon Oct 10, 2016 9:31 pm

Please be positive and constructive with your questions and comments.