SSL ERROR CERTIFICATE_VERIFY_FAILED when trying to download bokeh sample data

Hi all,

I am trying to download the bokeh sample data from an alpine docker container and I am facing the following SSL error.

host:~$ bokeh sampledata

Using data directory: /home/nbuser/.bokeh/data

ERROR:<urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed

(_ssl.c:645)>

I did not find any solution to my problem on the internet, thus I am asking the bokeh community here.

Some more information about my environment below : I am running alpine linux 3.4 in a docker container with following software installed :

  • Python 3.5.2
  • OpenSSL 1.0.2j 26 Sep 2016
  • ca-certificates 20160104 r4
  • pip 8.1.2 from /usr/lib/python3.5/site-packages (python 3.5)
  • pip3 list =
  • bokeh (0.12.3)
  • certifi (2016.9.26)
  • cffi (1.8.3)
  • cryptography (1.5.2)
  • Cython (0.25.1)
  • decorator (4.0.10)
  • entrypoints (0.2.2)
  • idna (2.1)
  • ipykernel (4.5.0)
  • ipython (5.1.0)
  • ipython-genutils (0.1.0)
  • ipywidgets (5.2.2)
  • Jinja2 (2.8)
  • jsonschema (2.5.1)
  • jupyter (1.0.0)
  • jupyter-client (4.4.0)
  • jupyter-console (5.0.0)
  • jupyter-core (4.2.0)
  • MarkupSafe (0.23)
  • mistune (0.7.3)
  • nbconvert (4.2.0)
  • nbformat (4.1.0)
  • notebook (4.2.3)
  • numpy (1.11.2)
  • pandas (0.19.0)
  • pexpect (4.2.1)
  • pickleshare (0.7.4)
  • pip (8.1.2)
  • prompt-toolkit (1.0.8)
  • ptyprocess (0.5.1)
  • pyasn1 (0.1.9)
  • pycparser (2.17)
  • Pygments (2.1.3)
  • pyOpenSSL (16.2.0)
  • python-dateutil (2.5.3)
  • pytz (2016.7)
  • PyYAML (3.12)
  • pyzmq (16.0.0)
  • qtconsole (4.2.1)
  • requests (2.11.1)
  • setuptools (20.10.1)
  • simplegeneric (0.8.1)
  • six (1.10.0)
  • terminado (0.6)
  • tornado (4.4.2)
  • traitlets (4.3.1)
  • wcwidth (0.1.7)
  • widgetsnbextension (1.2.6)

Running bokeh from a jupyter notebook

import bokeh.sampledata;

bokeh.sampledata.download();

Using data directory: /home/nbuser/.bokeh/data


SSLError Traceback (most recent call last)

/usr/lib/python3.5/urllib/request.py in do_open(self, http_class, req, **http_conn_args)

1253 try:

-> 1254 h.request(req.get_method(), req.selector, req.data, headers)

1255 except OSError as err: # timeout error

/usr/lib/python3.5/http/client.py in request(self, method, url, body, headers)

1105 “”“Send a complete request to the server.”""

-> 1106 self._send_request(method, url, body, headers)

1107

/usr/lib/python3.5/http/client.py in _send_request(self, method, url, body, headers)

1150 body = _encode(body, ‘body’)

-> 1151 self.endheaders(body)

1152

/usr/lib/python3.5/http/client.py in endheaders(self, message_body)

1101 raise CannotSendHeader()

-> 1102 self._send_output(message_body)

1103

/usr/lib/python3.5/http/client.py in _send_output(self, message_body)

933 

–> 934 self.send(msg)

935         if message_body is not None:

/usr/lib/python3.5/http/client.py in send(self, data)

876             if self.auto_open:

–> 877 self.connect()

878             else:

/usr/lib/python3.5/http/client.py in connect(self)

1259 self.sock = self._context.wrap_socket(self.sock,

-> 1260 server_hostname=server_hostname)

1261 if not self._context.check_hostname and self._check_hostname:

/usr/lib/python3.5/ssl.py in wrap_socket(self, sock, server_side, do_handshake_on_connect, suppress_ragged_eofs, server_hostname)

376                          server_hostname=server_hostname,

–> 377 _context=self)

378 

/usr/lib/python3.5/ssl.py in init(self, sock, keyfile, certfile, server_side, cert_reqs, ssl_version, ca_certs, do_handshake_on_connect, family, type, proto, fileno, suppress_ragged_eofs, npn_protocols, ciphers, server_hostname, _context)

751                         raise ValueError("do_handshake_on_connect should not be specified for non-blocking sockets")

–> 752 self.do_handshake()

753 

/usr/lib/python3.5/ssl.py in do_handshake(self, block)

987                 self.settimeout(None)

–> 988 self._sslobj.do_handshake()

989         finally:

/usr/lib/python3.5/ssl.py in do_handshake(self)

632         """Start the SSL/TLS handshake."""

–> 633 self._sslobj.do_handshake()

634         if self.context.check_hostname:

SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)

During handling of the above exception, another exception occurred:

URLError Traceback (most recent call last)

in ()

  1 import bokeh.sampledata;
  2 

----> 3 bokeh.sampledata.download();

/usr/lib/python3.5/site-packages/bokeh/sampledata/init.py in download(progress)

 79 
 80     for base_url, file_name in files:

—> 81 _getfile(base_url, file_name, data_dir, progress=progress)

 82 
 83 def _getfile(base_url, file_name, data_dir, progress=True):

/usr/lib/python3.5/site-packages/bokeh/sampledata/init.py in _getfile(base_url, file_name, data_dir, progress)

 85     file_path = join(data_dir, file_name)
 86 

—> 87 url = urlopen(file_url)

 88 
 89     with open(file_path, 'wb') as file:

/usr/lib/python3.5/urllib/request.py in urlopen(url, data, timeout, cafile, capath, cadefault, context)

161     else:
162         opener = _opener

–> 163 return opener.open(url, data, timeout)

164 
165 def install_opener(opener):

/usr/lib/python3.5/urllib/request.py in open(self, fullurl, data, timeout)

464             req = meth(req)
465 

–> 466 response = self._open(req, data)

467 
468         # post-process response

/usr/lib/python3.5/urllib/request.py in _open(self, req, data)

482         protocol = req.type
483         result = self._call_chain(self.handle_open, protocol, protocol +

–> 484 ‘_open’, req)

485         if result:
486             return result

/usr/lib/python3.5/urllib/request.py in _call_chain(self, chain, kind, meth_name, *args)

442         for handler in handlers:
443             func = getattr(handler, meth_name)

–> 444 result = func(*args)

445             if result is not None:
446                 return result

/usr/lib/python3.5/urllib/request.py in https_open(self, req)

1295 def https_open(self, req):

1296 return self.do_open(http.client.HTTPSConnection, req,

-> 1297 context=self._context, check_hostname=self._check_hostname)

1298

1299 https_request = AbstractHTTPHandler.do_request_

/usr/lib/python3.5/urllib/request.py in do_open(self, http_class, req, **http_conn_args)

1254 h.request(req.get_method(), req.selector, req.data, headers)

1255 except OSError as err: # timeout error

-> 1256 raise URLError(err)

1257 r = h.getresponse()

1258 except:

URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)>

Seems it is something to deal with the docker container hostname or name resolution inside the SSL resolution process but I was not able to figure out what the problem is.

Any ideas ?

NB: I was able to run the bookeh sampledata command succesfully from the host (the host of docker container). Thus it might be a misconfiguration of the docker container itself.

Thanks for your help.

Hi,

I'm not able to reproduce this problem myself, and unfortunately it is beyond the scope of my network knowledge and experience. I will try to get an opinion from one of the CIO network admins and post back.

Thanks,

Bryan

···

On Nov 1, 2016, at 3:34 PM, [email protected] wrote:

Hi all,

I am trying to download the bokeh sample data from an alpine docker container and I am facing the following SSL error.

host:~$ bokeh sampledata
Using data directory: /home/nbuser/.bokeh/data
ERROR:<urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
(_ssl.c:645)>

I did not find any solution to my problem on the internet, thus I am asking the bokeh community here.
Some more information about my environment below : I am running alpine linux 3.4 in a docker container with following software installed :
  • Python 3.5.2
  • OpenSSL 1.0.2j 26 Sep 2016
  • ca-certificates 20160104 r4
  • pip 8.1.2 from /usr/lib/python3.5/site-packages (python 3.5)
  • pip3 list =
    • bokeh (0.12.3)
    • certifi (2016.9.26)
    • cffi (1.8.3)
    • cryptography (1.5.2)
    • Cython (0.25.1)
    • decorator (4.0.10)
    • entrypoints (0.2.2)
    • idna (2.1)
    • ipykernel (4.5.0)
    • ipython (5.1.0)
    • ipython-genutils (0.1.0)
    • ipywidgets (5.2.2)
    • Jinja2 (2.8)
    • jsonschema (2.5.1)
    • jupyter (1.0.0)
    • jupyter-client (4.4.0)
    • jupyter-console (5.0.0)
    • jupyter-core (4.2.0)
    • MarkupSafe (0.23)
    • mistune (0.7.3)
    • nbconvert (4.2.0)
    • nbformat (4.1.0)
    • notebook (4.2.3)
    • numpy (1.11.2)
    • pandas (0.19.0)
    • pexpect (4.2.1)
    • pickleshare (0.7.4)
    • pip (8.1.2)
    • prompt-toolkit (1.0.8)
    • ptyprocess (0.5.1)
    • pyasn1 (0.1.9)
    • pycparser (2.17)
    • Pygments (2.1.3)
    • pyOpenSSL (16.2.0)
    • python-dateutil (2.5.3)
    • pytz (2016.7)
    • PyYAML (3.12)
    • pyzmq (16.0.0)
    • qtconsole (4.2.1)
    • requests (2.11.1)
    • setuptools (20.10.1)
    • simplegeneric (0.8.1)
    • six (1.10.0)
    • terminado (0.6)
    • tornado (4.4.2)
    • traitlets (4.3.1)
    • wcwidth (0.1.7)
    • widgetsnbextension (1.2.6)

Running bokeh from a jupyter notebook

import bokeh.sampledata;
bokeh.sampledata.download();

Using data directory: /home/nbuser/.bokeh/data
---------------------------------------------------------------------------
SSLError Traceback (most recent call last)
/usr/lib/python3.5/urllib/request.py in do_open(self, http_class, req, **http_conn_args)
   1253 try:
-> 1254 h.request(req.get_method(), req.selector, req.data, headers)
   1255 except OSError as err: # timeout error

/usr/lib/python3.5/http/client.py in request(self, method, url, body, headers)
   1105 """Send a complete request to the server."""
-> 1106 self._send_request(method, url, body, headers)
   1107

/usr/lib/python3.5/http/client.py in _send_request(self, method, url, body, headers)
   1150 body = _encode(body, 'body')
-> 1151 self.endheaders(body)
   1152

/usr/lib/python3.5/http/client.py in endheaders(self, message_body)
   1101 raise CannotSendHeader()
-> 1102 self._send_output(message_body)
   1103

/usr/lib/python3.5/http/client.py in _send_output(self, message_body)
    933
--> 934 self.send(msg)
    935 if message_body is not None:

/usr/lib/python3.5/http/client.py in send(self, data)
    876 if self.auto_open:
--> 877 self.connect()
    878 else:

/usr/lib/python3.5/http/client.py in connect(self)
   1259 self.sock = self._context.wrap_socket(self.sock,
-> 1260 server_hostname=server_hostname)
   1261 if not self._context.check_hostname and self._check_hostname:

/usr/lib/python3.5/ssl.py in wrap_socket(self, sock, server_side, do_handshake_on_connect, suppress_ragged_eofs, server_hostname)
    376 server_hostname=server_hostname,
--> 377 _context=self)
    378

/usr/lib/python3.5/ssl.py in __init__(self, sock, keyfile, certfile, server_side, cert_reqs, ssl_version, ca_certs, do_handshake_on_connect, family, type, proto, fileno, suppress_ragged_eofs, npn_protocols, ciphers, server_hostname, _context)
    751 raise ValueError("do_handshake_on_connect should not be specified for non-blocking sockets")
--> 752 self.do_handshake()
    753

/usr/lib/python3.5/ssl.py in do_handshake(self, block)
    987 self.settimeout(None)
--> 988 self._sslobj.do_handshake()
    989 finally:

/usr/lib/python3.5/ssl.py in do_handshake(self)
    632 """Start the SSL/TLS handshake."""
--> 633 self._sslobj.do_handshake()
    634 if self.context.check_hostname:

SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)

During handling of the above exception, another exception occurred:

URLError Traceback (most recent call last)
<ipython-input-1-1673400b2a17> in <module>()
      1 import bokeh.sampledata;
      2
----> 3 bokeh.sampledata.download();

/usr/lib/python3.5/site-packages/bokeh/sampledata/__init__.py in download(progress)
     79
     80 for base_url, file_name in files:
---> 81 _getfile(base_url, file_name, data_dir, progress=progress)
     82
     83 def _getfile(base_url, file_name, data_dir, progress=True):

/usr/lib/python3.5/site-packages/bokeh/sampledata/__init__.py in _getfile(base_url, file_name, data_dir, progress)
     85 file_path = join(data_dir, file_name)
     86
---> 87 url = urlopen(file_url)
     88
     89 with open(file_path, 'wb') as file:

/usr/lib/python3.5/urllib/request.py in urlopen(url, data, timeout, cafile, capath, cadefault, context)
    161 else:
    162 opener = _opener
--> 163 return opener.open(url, data, timeout)
    164
    165 def install_opener(opener):

/usr/lib/python3.5/urllib/request.py in open(self, fullurl, data, timeout)
    464 req = meth(req)
    465
--> 466 response = self._open(req, data)
    467
    468 # post-process response

/usr/lib/python3.5/urllib/request.py in _open(self, req, data)
    482 protocol = req.type
    483 result = self._call_chain(self.handle_open, protocol, protocol +
--> 484 '_open', req)
    485 if result:
    486 return result

/usr/lib/python3.5/urllib/request.py in _call_chain(self, chain, kind, meth_name, *args)
    442 for handler in handlers:
    443 func = getattr(handler, meth_name)
--> 444 result = func(*args)
    445 if result is not None:
    446 return result

/usr/lib/python3.5/urllib/request.py in https_open(self, req)
   1295 def https_open(self, req):
   1296 return self.do_open(http.client.HTTPSConnection, req,
-> 1297 context=self._context, check_hostname=self._check_hostname)
   1298
   1299 https_request = AbstractHTTPHandler.do_request_

/usr/lib/python3.5/urllib/request.py in do_open(self, http_class, req, **http_conn_args)
   1254 h.request(req.get_method(), req.selector, req.data, headers)
   1255 except OSError as err: # timeout error
-> 1256 raise URLError(err)
   1257 r = h.getresponse()
   1258 except:

URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)>

Seems it is something to deal with the docker container hostname or name resolution inside the SSL resolution process but I was not able to figure out what the problem is.

Any ideas ?

NB: I was able to run the bookeh sampledata command succesfully from the host (the host of docker container). Thus it might be a misconfiguration of the docker container itself.

Thanks for your help.

--
You received this message because you are subscribed to the Google Groups "Bokeh Discussion - Public" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit https://groups.google.com/a/continuum.io/d/msgid/bokeh/64e09dcf-4f1f-45d7-b855-0fd12ff386f1%40continuum.io.
For more options, visit https://groups.google.com/a/continuum.io/d/optout.

Thanks for your answer bryan.

Let me know if you have any info.

BR,

Ivan

···

Le mardi 1 novembre 2016 21:44:12 UTC+1, Bryan Van de ven a écrit :

Hi,

I’m not able to reproduce this problem myself, and unfortunately it is beyond the scope of my network knowledge and experience. I will try to get an opinion from one of the CIO network admins and post back.

Thanks,

Bryan

On Nov 1, 2016, at 3:34 PM, [email protected] wrote:

Hi all,

I am trying to download the bokeh sample data from an alpine docker container and I am facing the following SSL error.

host:~$ bokeh sampledata

Using data directory: /home/nbuser/.bokeh/data

ERROR:<urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed

(_ssl.c:645)>

I did not find any solution to my problem on the internet, thus I am asking the bokeh community here.

Some more information about my environment below : I am running alpine linux 3.4 in a docker container with following software installed :
• Python 3.5.2

    • OpenSSL 1.0.2j  26 Sep 2016
    • ca-certificates 20160104 r4
    • pip 8.1.2 from /usr/lib/python3.5/site-packages (python 3.5)
    • pip3 list =
            •   bokeh (0.12.3)
            •   certifi (2016.9.26)
            •   cffi (1.8.3)
            •   cryptography (1.5.2)
            •   Cython (0.25.1)
            •   decorator (4.0.10)
            •   entrypoints (0.2.2)
            •   idna (2.1)
            •   ipykernel (4.5.0)
            •   ipython (5.1.0)
            •   ipython-genutils (0.1.0)
            •   ipywidgets (5.2.2)
            •   Jinja2 (2.8)
            •   jsonschema (2.5.1)
            •   jupyter (1.0.0)
            •   jupyter-client (4.4.0)
            •   jupyter-console (5.0.0)
            •   jupyter-core (4.2.0)
            •   MarkupSafe (0.23)
            •   mistune (0.7.3)
            •   nbconvert (4.2.0)
            •   nbformat (4.1.0)
            •   notebook (4.2.3)
            •   numpy (1.11.2)
            •   pandas (0.19.0)
            •   pexpect (4.2.1)
            •   pickleshare (0.7.4)
            •   pip (8.1.2)
            •   prompt-toolkit (1.0.8)
            •   ptyprocess (0.5.1)
            •   pyasn1 (0.1.9)
            •   pycparser (2.17)
            •   Pygments (2.1.3)
            •   pyOpenSSL (16.2.0)
            •   python-dateutil (2.5.3)
            •   pytz (2016.7)
            •   PyYAML (3.12)
            •   pyzmq (16.0.0)
            •   qtconsole (4.2.1)
            •   requests (2.11.1)
            •   setuptools (20.10.1)
            •   simplegeneric (0.8.1)
            •   six (1.10.0)
            •   terminado (0.6)
            •   tornado (4.4.2)
            •   traitlets (4.3.1)
            •   wcwidth (0.1.7)
            •   widgetsnbextension (1.2.6)

Running bokeh from a jupyter notebook

import bokeh.sampledata;

bokeh.sampledata.download();

Using data directory: /home/nbuser/.bokeh/data


SSLError Traceback (most recent call last)

/usr/lib/python3.5/urllib/request.py in do_open(self, http_class, req, **http_conn_args)

1253 try:

-> 1254 h.request(req.get_method(), req.selector, req.data, headers)

1255 except OSError as err: # timeout error

/usr/lib/python3.5/http/client.py in request(self, method, url, body, headers)

1105 “”“Send a complete request to the server.”""

-> 1106 self._send_request(method, url, body, headers)

1107

/usr/lib/python3.5/http/client.py in _send_request(self, method, url, body, headers)

1150 body = _encode(body, ‘body’)

-> 1151 self.endheaders(body)

1152

/usr/lib/python3.5/http/client.py in endheaders(self, message_body)

1101 raise CannotSendHeader()

-> 1102 self._send_output(message_body)

1103

/usr/lib/python3.5/http/client.py in _send_output(self, message_body)

933

–> 934 self.send(msg)

935         if message_body is not None:

/usr/lib/python3.5/http/client.py in send(self, data)

876             if self.auto_open:

–> 877 self.connect()

878             else:

/usr/lib/python3.5/http/client.py in connect(self)

1259 self.sock = self._context.wrap_socket(self.sock,

-> 1260 server_hostname=server_hostname)

1261 if not self._context.check_hostname and self._check_hostname:

/usr/lib/python3.5/ssl.py in wrap_socket(self, sock, server_side, do_handshake_on_connect, suppress_ragged_eofs, server_hostname)

376                          server_hostname=server_hostname,

–> 377 _context=self)

378

/usr/lib/python3.5/ssl.py in init(self, sock, keyfile, certfile, server_side, cert_reqs, ssl_version, ca_certs, do_handshake_on_connect, family, type, proto, fileno, suppress_ragged_eofs, npn_protocols, ciphers, server_hostname, _context)

751                         raise ValueError("do_handshake_on_connect should not be specified for non-blocking sockets")

–> 752 self.do_handshake()

753

/usr/lib/python3.5/ssl.py in do_handshake(self, block)

987                 self.settimeout(None)

–> 988 self._sslobj.do_handshake()

989         finally:

/usr/lib/python3.5/ssl.py in do_handshake(self)

632         """Start the SSL/TLS handshake."""

–> 633 self._sslobj.do_handshake()

634         if self.context.check_hostname:

SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)

During handling of the above exception, another exception occurred:

URLError Traceback (most recent call last)

in ()

  1 import bokeh.sampledata;
  2

----> 3 bokeh.sampledata.download();

/usr/lib/python3.5/site-packages/bokeh/sampledata/init.py in download(progress)

 79
 80     for base_url, file_name in files:

—> 81 _getfile(base_url, file_name, data_dir, progress=progress)

 82
 83 def _getfile(base_url, file_name, data_dir, progress=True):

/usr/lib/python3.5/site-packages/bokeh/sampledata/init.py in _getfile(base_url, file_name, data_dir, progress)

 85     file_path = join(data_dir, file_name)
 86

—> 87 url = urlopen(file_url)

 88
 89     with open(file_path, 'wb') as file:

/usr/lib/python3.5/urllib/request.py in urlopen(url, data, timeout, cafile, capath, cadefault, context)

161     else:
162         opener = _opener

–> 163 return opener.open(url, data, timeout)

164
165 def install_opener(opener):

/usr/lib/python3.5/urllib/request.py in open(self, fullurl, data, timeout)

464             req = meth(req)
465

–> 466 response = self._open(req, data)

467
468         # post-process response

/usr/lib/python3.5/urllib/request.py in _open(self, req, data)

482         protocol = req.type
483         result = self._call_chain(self.handle_open, protocol, protocol +

–> 484 ‘_open’, req)

485         if result:
486             return result

/usr/lib/python3.5/urllib/request.py in _call_chain(self, chain, kind, meth_name, *args)

442         for handler in handlers:
443             func = getattr(handler, meth_name)

–> 444 result = func(*args)

445             if result is not None:
446                 return result

/usr/lib/python3.5/urllib/request.py in https_open(self, req)

1295 def https_open(self, req):

1296 return self.do_open(http.client.HTTPSConnection, req,

-> 1297 context=self._context, check_hostname=self._check_hostname)

1298
1299 https_request = AbstractHTTPHandler.do_request_

/usr/lib/python3.5/urllib/request.py in do_open(self, http_class, req, **http_conn_args)

1254 h.request(req.get_method(), req.selector, req.data, headers)

1255 except OSError as err: # timeout error

-> 1256 raise URLError(err)

1257 r = h.getresponse()

1258 except:

URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)>

Seems it is something to deal with the docker container hostname or name resolution inside the SSL resolution process but I was not able to figure out what the problem is.

Any ideas ?

NB: I was able to run the bookeh sampledata command succesfully from the host (the host of docker container). Thus it might be a misconfiguration of the docker container itself.

Thanks for your help.


You received this message because you are subscribed to the Google Groups “Bokeh Discussion - Public” group.

To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].

To post to this group, send email to [email protected].

To view this discussion on the web visit https://groups.google.com/a/continuum.io/d/msgid/bokeh/64e09dcf-4f1f-45d7-b855-0fd12ff386f1%40continuum.io.

For more options, visit https://groups.google.com/a/continuum.io/d/optout.

Ivan,

So after looking at the download function, I was reminded that the data files are all on Amazon S3 buckets. Amazon definitely have good certs. My colleagues concur, suggest maybe there is some proxy in between you and S3 that is causing problems?

Thanks,

Bryan

···

On Nov 1, 2016, at 4:05 PM, [email protected] wrote:

Thanks for your answer bryan.

Let me know if you have any info.

BR,
Ivan

Le mardi 1 novembre 2016 21:44:12 UTC+1, Bryan Van de ven a écrit :
Hi,

I'm not able to reproduce this problem myself, and unfortunately it is beyond the scope of my network knowledge and experience. I will try to get an opinion from one of the CIO network admins and post back.

Thanks,

Bryan

> On Nov 1, 2016, at 3:34 PM, [email protected] wrote:
>
> Hi all,
>
> I am trying to download the bokeh sample data from an alpine docker container and I am facing the following SSL error.
>
> host:~$ bokeh sampledata
> Using data directory: /home/nbuser/.bokeh/data
> ERROR:<urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
> (_ssl.c:645)>
>
> I did not find any solution to my problem on the internet, thus I am asking the bokeh community here.
> Some more information about my environment below : I am running alpine linux 3.4 in a docker container with following software installed :
> • Python 3.5.2
> • OpenSSL 1.0.2j 26 Sep 2016
> • ca-certificates 20160104 r4
> • pip 8.1.2 from /usr/lib/python3.5/site-packages (python 3.5)
> • pip3 list =
> • bokeh (0.12.3)
> • certifi (2016.9.26)
> • cffi (1.8.3)
> • cryptography (1.5.2)
> • Cython (0.25.1)
> • decorator (4.0.10)
> • entrypoints (0.2.2)
> • idna (2.1)
> • ipykernel (4.5.0)
> • ipython (5.1.0)
> • ipython-genutils (0.1.0)
> • ipywidgets (5.2.2)
> • Jinja2 (2.8)
> • jsonschema (2.5.1)
> • jupyter (1.0.0)
> • jupyter-client (4.4.0)
> • jupyter-console (5.0.0)
> • jupyter-core (4.2.0)
> • MarkupSafe (0.23)
> • mistune (0.7.3)
> • nbconvert (4.2.0)
> • nbformat (4.1.0)
> • notebook (4.2.3)
> • numpy (1.11.2)
> • pandas (0.19.0)
> • pexpect (4.2.1)
> • pickleshare (0.7.4)
> • pip (8.1.2)
> • prompt-toolkit (1.0.8)
> • ptyprocess (0.5.1)
> • pyasn1 (0.1.9)
> • pycparser (2.17)
> • Pygments (2.1.3)
> • pyOpenSSL (16.2.0)
> • python-dateutil (2.5.3)
> • pytz (2016.7)
> • PyYAML (3.12)
> • pyzmq (16.0.0)
> • qtconsole (4.2.1)
> • requests (2.11.1)
> • setuptools (20.10.1)
> • simplegeneric (0.8.1)
> • six (1.10.0)
> • terminado (0.6)
> • tornado (4.4.2)
> • traitlets (4.3.1)
> • wcwidth (0.1.7)
> • widgetsnbextension (1.2.6)
>
> Running bokeh from a jupyter notebook
>
>
> import bokeh.sampledata;
> bokeh.sampledata.download();
>
> Using data directory: /home/nbuser/.bokeh/data
> ---------------------------------------------------------------------------
> SSLError Traceback (most recent call last)
> /usr/lib/python3.5/urllib/request.py in do_open(self, http_class, req, **http_conn_args)
> 1253 try:
> -> 1254 h.request(req.get_method(), req.selector, req.data, headers)
> 1255 except OSError as err: # timeout error
>
> /usr/lib/python3.5/http/client.py in request(self, method, url, body, headers)
> 1105 """Send a complete request to the server."""
> -> 1106 self._send_request(method, url, body, headers)
> 1107
>
> /usr/lib/python3.5/http/client.py in _send_request(self, method, url, body, headers)
> 1150 body = _encode(body, 'body')
> -> 1151 self.endheaders(body)
> 1152
>
> /usr/lib/python3.5/http/client.py in endheaders(self, message_body)
> 1101 raise CannotSendHeader()
> -> 1102 self._send_output(message_body)
> 1103
>
> /usr/lib/python3.5/http/client.py in _send_output(self, message_body)
> 933
> --> 934 self.send(msg)
> 935 if message_body is not None:
>
> /usr/lib/python3.5/http/client.py in send(self, data)
> 876 if self.auto_open:
> --> 877 self.connect()
> 878 else:
>
> /usr/lib/python3.5/http/client.py in connect(self)
> 1259 self.sock = self._context.wrap_socket(self.sock,
> -> 1260 server_hostname=server_hostname)
> 1261 if not self._context.check_hostname and self._check_hostname:
>
> /usr/lib/python3.5/ssl.py in wrap_socket(self, sock, server_side, do_handshake_on_connect, suppress_ragged_eofs, server_hostname)
> 376 server_hostname=server_hostname,
> --> 377 _context=self)
> 378
>
> /usr/lib/python3.5/ssl.py in __init__(self, sock, keyfile, certfile, server_side, cert_reqs, ssl_version, ca_certs, do_handshake_on_connect, family, type, proto, fileno, suppress_ragged_eofs, npn_protocols, ciphers, server_hostname, _context)
> 751 raise ValueError("do_handshake_on_connect should not be specified for non-blocking sockets")
> --> 752 self.do_handshake()
> 753
>
> /usr/lib/python3.5/ssl.py in do_handshake(self, block)
> 987 self.settimeout(None)
> --> 988 self._sslobj.do_handshake()
> 989 finally:
>
> /usr/lib/python3.5/ssl.py in do_handshake(self)
> 632 """Start the SSL/TLS handshake."""
> --> 633 self._sslobj.do_handshake()
> 634 if self.context.check_hostname:
>
> SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)
>
> During handling of the above exception, another exception occurred:
>
> URLError Traceback (most recent call last)
> <ipython-input-1-1673400b2a17> in <module>()
> 1 import bokeh.sampledata;
> 2
> ----> 3 bokeh.sampledata.download();
>
> /usr/lib/python3.5/site-packages/bokeh/sampledata/__init__.py in download(progress)
> 79
> 80 for base_url, file_name in files:
> ---> 81 _getfile(base_url, file_name, data_dir, progress=progress)
> 82
> 83 def _getfile(base_url, file_name, data_dir, progress=True):
>
> /usr/lib/python3.5/site-packages/bokeh/sampledata/__init__.py in _getfile(base_url, file_name, data_dir, progress)
> 85 file_path = join(data_dir, file_name)
> 86
> ---> 87 url = urlopen(file_url)
> 88
> 89 with open(file_path, 'wb') as file:
>
> /usr/lib/python3.5/urllib/request.py in urlopen(url, data, timeout, cafile, capath, cadefault, context)
> 161 else:
> 162 opener = _opener
> --> 163 return opener.open(url, data, timeout)
> 164
> 165 def install_opener(opener):
>
> /usr/lib/python3.5/urllib/request.py in open(self, fullurl, data, timeout)
> 464 req = meth(req)
> 465
> --> 466 response = self._open(req, data)
> 467
> 468 # post-process response
>
> /usr/lib/python3.5/urllib/request.py in _open(self, req, data)
> 482 protocol = req.type
> 483 result = self._call_chain(self.handle_open, protocol, protocol +
> --> 484 '_open', req)
> 485 if result:
> 486 return result
>
> /usr/lib/python3.5/urllib/request.py in _call_chain(self, chain, kind, meth_name, *args)
> 442 for handler in handlers:
> 443 func = getattr(handler, meth_name)
> --> 444 result = func(*args)
> 445 if result is not None:
> 446 return result
>
> /usr/lib/python3.5/urllib/request.py in https_open(self, req)
> 1295 def https_open(self, req):
> 1296 return self.do_open(http.client.HTTPSConnection, req,
> -> 1297 context=self._context, check_hostname=self._check_hostname)
> 1298
> 1299 https_request = AbstractHTTPHandler.do_request_
>
> /usr/lib/python3.5/urllib/request.py in do_open(self, http_class, req, **http_conn_args)
> 1254 h.request(req.get_method(), req.selector, req.data, headers)
> 1255 except OSError as err: # timeout error
> -> 1256 raise URLError(err)
> 1257 r = h.getresponse()
> 1258 except:
>
> URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)>
>
>
> Seems it is something to deal with the docker container hostname or name resolution inside the SSL resolution process but I was not able to figure out what the problem is.
>
> Any ideas ?
>
> NB: I was able to run the bookeh sampledata command succesfully from the host (the host of docker container). Thus it might be a misconfiguration of the docker container itself.
>
> Thanks for your help.
>
> --
> You received this message because you are subscribed to the Google Groups "Bokeh Discussion - Public" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
> To post to this group, send email to [email protected].
> To view this discussion on the web visit https://groups.google.com/a/continuum.io/d/msgid/bokeh/64e09dcf-4f1f-45d7-b855-0fd12ff386f1%40continuum.io.
> For more options, visit https://groups.google.com/a/continuum.io/d/optout.

--
You received this message because you are subscribed to the Google Groups "Bokeh Discussion - Public" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit https://groups.google.com/a/continuum.io/d/msgid/bokeh/129e8601-a1cc-4130-95fd-874e512d372c%40continuum.io.
For more options, visit https://groups.google.com/a/continuum.io/d/optout.

You are right thus I have made a few tests in order to figure out what’s happening.

A little bit of context : I am running an alpine linux (v3.4) docker container on a windows 8 host.

  1. Test 1 : I have installed bokeh on my windows host and I was able to get the sampledata from s3, no certificate validation problem
  2. Test 2 : The same from my alpine linux container, problem is still there
  3. Test 3 : I have built a centos7 docker container, same problem as the alpine linux container
    My 2 cents is that it comes from the network configuration of the docker container. I am investigating and kee you in touch if I find something intersting.

Thanks for your help.

···

Le mercredi 2 novembre 2016 14:34:44 UTC+1, Bryan Van de ven a écrit :

Ivan,

So after looking at the download function, I was reminded that the data files are all on Amazon S3 buckets. Amazon definitely have good certs. My colleagues concur, suggest maybe there is some proxy in between you and S3 that is causing problems?

Thanks,

Bryan

On Nov 1, 2016, at 4:05 PM, [email protected] wrote:

Thanks for your answer bryan.

Let me know if you have any info.

BR,

Ivan

Le mardi 1 novembre 2016 21:44:12 UTC+1, Bryan Van de ven a écrit :

Hi,

I’m not able to reproduce this problem myself, and unfortunately it is beyond the scope of my network knowledge and experience. I will try to get an opinion from one of the CIO network admins and post back.

Thanks,

Bryan

On Nov 1, 2016, at 3:34 PM, [email protected] wrote:

Hi all,

I am trying to download the bokeh sample data from an alpine docker container and I am facing the following SSL error.

host:~$ bokeh sampledata
Using data directory: /home/nbuser/.bokeh/data
ERROR:<urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
(_ssl.c:645)>

I did not find any solution to my problem on the internet, thus I am asking the bokeh community here.
Some more information about my environment below : I am running alpine linux 3.4 in a docker container with following software installed :
• Python 3.5.2
• OpenSSL 1.0.2j 26 Sep 2016
• ca-certificates 20160104 r4
• pip 8.1.2 from /usr/lib/python3.5/site-packages (python 3.5)
• pip3 list =
• bokeh (0.12.3)
• certifi (2016.9.26)
• cffi (1.8.3)
• cryptography (1.5.2)
• Cython (0.25.1)
• decorator (4.0.10)
• entrypoints (0.2.2)
• idna (2.1)
• ipykernel (4.5.0)
• ipython (5.1.0)
• ipython-genutils (0.1.0)
• ipywidgets (5.2.2)
• Jinja2 (2.8)
• jsonschema (2.5.1)
• jupyter (1.0.0)
• jupyter-client (4.4.0)
• jupyter-console (5.0.0)
• jupyter-core (4.2.0)
• MarkupSafe (0.23)
• mistune (0.7.3)
• nbconvert (4.2.0)
• nbformat (4.1.0)
• notebook (4.2.3)
• numpy (1.11.2)
• pandas (0.19.0)
• pexpect (4.2.1)
• pickleshare (0.7.4)
• pip (8.1.2)
• prompt-toolkit (1.0.8)
• ptyprocess (0.5.1)
• pyasn1 (0.1.9)
• pycparser (2.17)
• Pygments (2.1.3)
• pyOpenSSL (16.2.0)
• python-dateutil (2.5.3)
• pytz (2016.7)
• PyYAML (3.12)
• pyzmq (16.0.0)
• qtconsole (4.2.1)
• requests (2.11.1)
• setuptools (20.10.1)
• simplegeneric (0.8.1)
• six (1.10.0)
• terminado (0.6)
• tornado (4.4.2)
• traitlets (4.3.1)
• wcwidth (0.1.7)
• widgetsnbextension (1.2.6)

Running bokeh from a jupyter notebook

import bokeh.sampledata;
bokeh.sampledata.download();

Using data directory: /home/nbuser/.bokeh/data

SSLError Traceback (most recent call last)
/usr/lib/python3.5/urllib/request.py in do_open(self, http_class, req, **http_conn_args)
1253 try:
-> 1254 h.request(req.get_method(), req.selector, req.data, headers)
1255 except OSError as err: # timeout error

/usr/lib/python3.5/http/client.py in request(self, method, url, body, headers)
1105 “”“Send a complete request to the server.”""
-> 1106 self._send_request(method, url, body, headers)
1107

/usr/lib/python3.5/http/client.py in _send_request(self, method, url, body, headers)
1150 body = _encode(body, ‘body’)
-> 1151 self.endheaders(body)
1152

/usr/lib/python3.5/http/client.py in endheaders(self, message_body)
1101 raise CannotSendHeader()
-> 1102 self._send_output(message_body)
1103

/usr/lib/python3.5/http/client.py in _send_output(self, message_body)
933
–> 934 self.send(msg)
935 if message_body is not None:

/usr/lib/python3.5/http/client.py in send(self, data)
876 if self.auto_open:
–> 877 self.connect()
878 else:

/usr/lib/python3.5/http/client.py in connect(self)
1259 self.sock = self._context.wrap_socket(self.sock,
-> 1260 server_hostname=server_hostname)
1261 if not self._context.check_hostname and self._check_hostname:

/usr/lib/python3.5/ssl.py in wrap_socket(self, sock, server_side, do_handshake_on_connect, suppress_ragged_eofs, server_hostname)
376 server_hostname=server_hostname,
–> 377 _context=self)
378

/usr/lib/python3.5/ssl.py in init(self, sock, keyfile, certfile, server_side, cert_reqs, ssl_version, ca_certs, do_handshake_on_connect, family, type, proto, fileno, suppress_ragged_eofs, npn_protocols, ciphers, server_hostname, _context)
751 raise ValueError(“do_handshake_on_connect should not be specified for non-blocking sockets”)
–> 752 self.do_handshake()
753

/usr/lib/python3.5/ssl.py in do_handshake(self, block)
987 self.settimeout(None)
–> 988 self._sslobj.do_handshake()
989 finally:

/usr/lib/python3.5/ssl.py in do_handshake(self)
632 “”“Start the SSL/TLS handshake.”""
–> 633 self._sslobj.do_handshake()
634 if self.context.check_hostname:

SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)

During handling of the above exception, another exception occurred:

URLError Traceback (most recent call last)
in ()
1 import bokeh.sampledata;
2
----> 3 bokeh.sampledata.download();

/usr/lib/python3.5/site-packages/bokeh/sampledata/init.py in download(progress)
79
80 for base_url, file_name in files:
—> 81 _getfile(base_url, file_name, data_dir, progress=progress)
82
83 def _getfile(base_url, file_name, data_dir, progress=True):

/usr/lib/python3.5/site-packages/bokeh/sampledata/init.py in _getfile(base_url, file_name, data_dir, progress)
85 file_path = join(data_dir, file_name)
86
—> 87 url = urlopen(file_url)
88
89 with open(file_path, ‘wb’) as file:

/usr/lib/python3.5/urllib/request.py in urlopen(url, data, timeout, cafile, capath, cadefault, context)
161 else:
162 opener = _opener
–> 163 return opener.open(url, data, timeout)
164
165 def install_opener(opener):

/usr/lib/python3.5/urllib/request.py in open(self, fullurl, data, timeout)
464 req = meth(req)
465
–> 466 response = self._open(req, data)
467
468 # post-process response

/usr/lib/python3.5/urllib/request.py in _open(self, req, data)
482 protocol = req.type
483 result = self._call_chain(self.handle_open, protocol, protocol +
–> 484 ‘_open’, req)
485 if result:
486 return result

/usr/lib/python3.5/urllib/request.py in _call_chain(self, chain, kind, meth_name, *args)
442 for handler in handlers:
443 func = getattr(handler, meth_name)
–> 444 result = func(*args)
445 if result is not None:
446 return result

/usr/lib/python3.5/urllib/request.py in https_open(self, req)
1295 def https_open(self, req):
1296 return self.do_open(http.client.HTTPSConnection, req,
-> 1297 context=self._context, check_hostname=self.check_hostname)
1298
1299 https_request = AbstractHTTPHandler.do_request

/usr/lib/python3.5/urllib/request.py in do_open(self, http_class, req, **http_conn_args)
1254 h.request(req.get_method(), req.selector, req.data, headers)
1255 except OSError as err: # timeout error
-> 1256 raise URLError(err)
1257 r = h.getresponse()
1258 except:

URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)>

Seems it is something to deal with the docker container hostname or name resolution inside the SSL resolution process but I was not able to figure out what the problem is.

Any ideas ?

NB: I was able to run the bookeh sampledata command succesfully from the host (the host of docker container). Thus it might be a misconfiguration of the docker container itself.

Thanks for your help.


You received this message because you are subscribed to the Google Groups “Bokeh Discussion - Public” group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit https://groups.google.com/a/continuum.io/d/msgid/bokeh/64e09dcf-4f1f-45d7-b855-0fd12ff386f1%40continuum.io.
For more options, visit https://groups.google.com/a/continuum.io/d/optout.


You received this message because you are subscribed to the Google Groups “Bokeh Discussion - Public” group.

To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].

To post to this group, send email to [email protected].

To view this discussion on the web visit https://groups.google.com/a/continuum.io/d/msgid/bokeh/129e8601-a1cc-4130-95fd-874e512d372c%40continuum.io.

For more options, visit https://groups.google.com/a/continuum.io/d/optout.