Forum Archive

Since IOS 15 requests always gives me an SSL Certificate Error.

kami
Oct 03, 2021 - 14:58

Hi,

after updating to IOS 15 i get always a SSL: CERTIFICATE_VERIFY_FAILED error.

with requests.Session() as s:
r= s.get('https://URL)

Only adding verify=False helps. Can someone tell me how to add the certificate?

Thanks a lot.

BG kami

fs42
Oct 04, 2021 - 06:09

Same SSL certificate errors here using “requests()”.

Have not tried “verify=false” yet… but even if it works, that is NOT a solution!

Please update (your great tool!!!) Pythonista to work with the (changed location/API?) trusted certificates/CAs!

Thanks, Frank.

JonB
Oct 04, 2021 - 08:58

Can you open stash, and run
pip install certifi

then force quit pythonista, and try again.

fs42
Oct 04, 2021 - 21:16

"pip install certifi" from within stash worked!

Seems that it allows "requests" to find the right collection of trusted CAs again - no more need for "verify=False".

JonB thanks for the suggestion!

Although... pythonista should still be updated for this though... please...

Regards, Frank.

kaan191
Oct 08, 2021 - 10:56

This worked for my http calls using the requests library

However, I have an asynchronous program making requests with the aiohttp library. These still throw the SSL Certificate errors...

Cannot connect to host ****** ssl:default [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:749)]

I'm not sure it has to do with iOS 15... my phone isn't upgraded yet and it's throwing the same errors. Most likely to do with this: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/

>>> aiohttp.__version__
'3.7.4.post0'
>>> requests.__version__
'2.26.0'
>>> certifi.__version__
'2021.05.30'
JonB
Oct 09, 2021 - 02:23

Aiohttp uses the default device cacert. Which might be old (this might be the hard coded one that came with pythonista, I forget if it uses actual device cacerts)

Aiohttp can be set to a different ssl context -- session.get() takes an ssl argument.

context = ssl.create_default_context(cafile=certifi.where())
...
session = aiohttp.ClientSession()
session.get(url, ssl=context)

I think you can also pass ssl_context to a TCPConnector, so it gets used to all requests:
```
conn = aiohttp.TCPConnector(ssl_context=ssl_context)
session = aiohttp.ClientSession(connector=conn)

kaan191
Nov 01, 2021 - 14:23

Thanks @JonB , worked a total charm!

osamu
Apr 25, 2022 - 01:51

@JonB
It also worked for geocode nominatim query. Thanks 🙏