Skip to content

Unable to access HTTPS URLs on Windows securely #1581

New issue
New issue
Closed
Closed
Unable to access HTTPS URLs on Windows securely#1581
Labels
bugSomething isn't workingnewNeeds triage. Comments are welcome!
@jaraco

Description

@jaraco
jaraco
opened on May 30, 2024

Checklist

  • I've searched for similar issues.
  • I'm using the latest version of HTTPie.

Minimal reproduction code and steps

  1. Install httpie using pipx install httpie
  2. https google.com

Current result


https: error: SSLError: HTTPSConnectionPool(host='google.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)'))) while doing a GET request to URL: https://google.com/

Expected result

The resource should be loaded (ideally securely). It should be easy to use. Error messages should be informative and give the user direction on how to remedy the problem. Install docs should provide guidance on how to remedy the situation.

Debug output

Please re-run the command with --debug, then copy the entire command & output and paste both below:

 ~ # https --debug google.com
HTTPie 3.2.2
Requests 2.32.3
Pygments 2.18.0
Python 3.12.2 (tags/v3.12.2:6abddd9, Feb  6 2024, 21:26:36) [MSC v.1937 64 bit (AMD64)]
C:\Users\jaraco\AppData\Local\pipx\pipx\venvs\httpie\Scripts\python.exe
Windows 11

<Environment {'apply_warnings_filter': <function Environment.apply_warnings_filter at 0x000002248A99AA20>,
 'args': Namespace(),
 'as_silent': <function Environment.as_silent at 0x000002248A99A8E0>,
 'colors': 256,
 'config': {'default_options': []},
 'config_dir': WindowsPath('C:/Users/jaraco/AppData/Roaming/httpie'),
 'devnull': <property object at 0x000002248A946020>,
 'is_windows': True,
 'log_error': <function Environment.log_error at 0x000002248A99A980>,
 'program_name': 'https',
 'quiet': 0,
 'rich_console': <functools.cached_property object at 0x000002248A974260>,
 'rich_error_console': <functools.cached_property object at 0x000002248A975400>,
 'show_displays': True,
 'stderr': <colorama.ansitowin32.StreamWrapper object at 0x000002248A024D10>,
 'stderr_isatty': True,
 'stdin': <_io.TextIOWrapper name='<stdin>' mode='r' encoding='utf-8'>,
 'stdin_encoding': 'utf-8',
 'stdin_isatty': True,
 'stdout': <colorama.ansitowin32.StreamWrapper object at 0x000002248A881310>,
 'stdout_encoding': 'utf-8',
 'stdout_isatty': True}>

<PluginManager {'adapters': [],
 'auth': [<class 'httpie.plugins.builtin.BasicAuthPlugin'>,
          <class 'httpie.plugins.builtin.DigestAuthPlugin'>,
          <class 'httpie.plugins.builtin.BearerAuthPlugin'>],
 'converters': [],
 'formatters': [<class 'httpie.output.formatters.headers.HeadersFormatter'>,
                <class 'httpie.output.formatters.json.JSONFormatter'>,
                <class 'httpie.output.formatters.xml.XMLFormatter'>,
                <class 'httpie.output.formatters.colors.ColorFormatter'>]}>

>>> requests.request(**{'auth': None,
 'data': RequestJSONDataDict(),
 'headers': <HTTPHeadersDict('User-Agent': b'HTTPie/3.2.2')>,
 'method': 'get',
 'params': <generator object MultiValueOrderedDict.items at 0x000002248B38F790>,
 'url': 'https://google.com'})


https: error: SSLError: HTTPSConnectionPool(host='google.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)'))) while doing a GET request to URL: https://google.com/


Traceback (most recent call last):
  File "C:\Users\jaraco\AppData\Local\pipx\pipx\venvs\httpie\Lib\site-packages\urllib3\connectionpool.py", line 467, in _make_request
    self._validate_conn(conn)
  File "C:\Users\jaraco\AppData\Local\pipx\pipx\venvs\httpie\Lib\site-packages\urllib3\connectionpool.py", line 1099, in _validate_conn
    conn.connect()
  File "C:\Users\jaraco\AppData\Local\pipx\pipx\venvs\httpie\Lib\site-packages\urllib3\connection.py", line 653, in connect      
    sock_and_verified = _ssl_wrap_socket_and_match_hostname(
                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\jaraco\AppData\Local\pipx\pipx\venvs\httpie\Lib\site-packages\urllib3\connection.py", line 806, in _ssl_wrap_socket_and_match_hostname
    ssl_sock = ssl_wrap_socket(
               ^^^^^^^^^^^^^^^^
  File "C:\Users\jaraco\AppData\Local\pipx\pipx\venvs\httpie\Lib\site-packages\urllib3\util\ssl_.py", line 465, in ssl_wrap_socket
    ssl_sock = _ssl_wrap_socket_impl(sock, context, tls_in_tls, server_hostname)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\jaraco\AppData\Local\pipx\pipx\venvs\httpie\Lib\site-packages\urllib3\util\ssl_.py", line 509, in _ssl_wrap_socket_impl
    return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Python312\Lib\ssl.py", line 455, in wrap_socket
    return self.sslsocket_class._create(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Python312\Lib\ssl.py", line 1042, in _create
    self.do_handshake()
  File "C:\Python312\Lib\ssl.py", line 1320, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Users\jaraco\AppData\Local\pipx\pipx\venvs\httpie\Lib\site-packages\urllib3\connectionpool.py", line 793, in urlopen  
    response = self._make_request(
               ^^^^^^^^^^^^^^^^^^^
  File "C:\Users\jaraco\AppData\Local\pipx\pipx\venvs\httpie\Lib\site-packages\urllib3\connectionpool.py", line 491, in _make_request
    raise new_e
urllib3.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "C:\Users\jaraco\AppData\Local\pipx\pipx\venvs\httpie\Lib\site-packages\requests\adapters.py", line 667, in send
    resp = conn.urlopen(
           ^^^^^^^^^^^^^
  File "C:\Users\jaraco\AppData\Local\pipx\pipx\venvs\httpie\Lib\site-packages\urllib3\connectionpool.py", line 847, in urlopen  
    retries = retries.increment(
              ^^^^^^^^^^^^^^^^^^
  File "C:\Users\jaraco\AppData\Local\pipx\pipx\venvs\httpie\Lib\site-packages\urllib3\util\retry.py", line 515, in increment
    raise MaxRetryError(_pool, url, reason) from reason  # type: ignore[arg-type]
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='google.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)')))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "<frozen runpy>", line 198, in _run_module_as_main
  File "<frozen runpy>", line 88, in _run_code
  File "C:\Users\jaraco\.local\bin\https.exe\__main__.py", line 7, in <module>
  File "C:\Users\jaraco\AppData\Local\pipx\pipx\venvs\httpie\Lib\site-packages\httpie\__main__.py", line 9, in main
    exit_status = main()
                  ^^^^^^
  File "C:\Users\jaraco\AppData\Local\pipx\pipx\venvs\httpie\Lib\site-packages\httpie\core.py", line 162, in main
    return raw_main(
           ^^^^^^^^^
  File "C:\Users\jaraco\AppData\Local\pipx\pipx\venvs\httpie\Lib\site-packages\httpie\core.py", line 136, in raw_main
    handle_generic_error(propagated_exc, annotation=annotation)
  File "C:\Users\jaraco\AppData\Local\pipx\pipx\venvs\httpie\Lib\site-packages\httpie\core.py", line 100, in raw_main
    exit_status = main_program(
                  ^^^^^^^^^^^^^
  File "C:\Users\jaraco\AppData\Local\pipx\pipx\venvs\httpie\Lib\site-packages\httpie\core.py", line 213, in program
    for message in messages:
  File "C:\Users\jaraco\AppData\Local\pipx\pipx\venvs\httpie\Lib\site-packages\httpie\client.py", line 113, in collect_messages  
    response = requests_session.send(
               ^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\jaraco\AppData\Local\pipx\pipx\venvs\httpie\Lib\site-packages\requests\sessions.py", line 703, in send
    r = adapter.send(request, **kwargs)
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\jaraco\AppData\Local\pipx\pipx\venvs\httpie\Lib\site-packages\requests\adapters.py", line 698, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='google.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)')))

Additional information, screenshots, or code examples

In #792, another user had this issue and the recommendation was to bypass the security checks. If that's the recommended approach, and httpie want's to be a human-friendly CLI, it should just fall back to an insecure connection. Even better would be to provide the kinds of friendly experiences like Firefox or Edge provide and enable proper certificate validation of trusted roots.

I did try installing certifi, hoping that would improve the situation (pipx inject httpie certifi) but that did not help.

I did also try installing httpie using the recommended chocolatey installer, but that failed due to #1580.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingnewNeeds triage. Comments are welcome!

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions