jrwren | anyone have issues with python/requests... actually all of ubuntu... not supporting LetsEncrypt root certs? python/requests/curl fails for me, but on my mac the same root cert works. | 02:11 |
---|---|---|
jrwren | I get * TLSv1.2 (OUT), TLS alert, handshake failure (552): | 02:11 |
jrwren | * error:1414D172:SSL routines:tls12_check_peer_sigalg:wrong signature type | 02:11 |
cmaloney | Which version of python / requests? | 02:14 |
jrwren | python 3.8, not sure about requests. | 02:21 |
jrwren | but it seems to be system wide as curl is also effected. | 02:21 |
jrwren | can anyone compare this file on tehir system? | 02:21 |
jrwren | 2a02:840:1:1:1::1 | 02:21 |
jrwren | 200348 Jun 3 22:15 /etc/ssl/certs/ca-certificates.crt | 02:21 |
jrwren | gah, I thought maybe it was ipv6, but no, evne on ipv4 same error. | 02:21 |
jrwren | my only guess is ca-certifactes.crt is no good. | 02:21 |
jrwren | ca-certificates is already the newest version (20190110ubuntu1.1). | 02:25 |
jrwren | that does seem too old. | 02:25 |
jrwren | hrm... or not... despite the version it is from June of 2020 | 02:26 |
cmaloney | Does it work on other sites? | 02:31 |
jrwren | yes | 02:37 |
jrwren | i'm thinking it is this, but the fix didn't work for me. | 02:37 |
jrwren | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900984 | 02:37 |
jrwren | yeah, adding --ciphers DEFAULT@SECLEVEL=1 to the curl command makes it pass, but I've no idea how to set default openssl client ciphers | 02:41 |
jrwren | well, curl is excellent, so ciphers = in ~/.curlrc works great, but that doesn't fix requests. | 02:43 |
jrwren | https://github.com/psf/requests/issues/4775 | 02:44 |
jrwren | https://askubuntu.com/questions/1233186/ubuntu-20-04-how-to-set-lower-ssl-security-level WINS | 02:48 |
jrwren | well that was really interesting | 02:51 |
cmaloney | Wow, that's fun. :) | 11:56 |
jrwren | it really was. I'm glad I solved it. | 12:10 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!