Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Max retries exceeded with url: /auth #57

Open
ooker777 opened this issue Sep 20, 2023 · 4 comments
Open

Max retries exceeded with url: /auth #57

ooker777 opened this issue Sep 20, 2023 · 4 comments

Comments

@ooker777
Copy link

During using gkeepapi, I occasionally meet this error:

requests.exceptions.SSLError: HTTPSConnectionPool(host='android.clients.google.com', port=443): Max retries exceeded with url: /auth (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1000)')))

I suppose this is the problem of this library, so I ask it here. Is it correct? If so, how to fix it?

Here is the full error:

/usr/lib/python3/dist-packages/urllib3/util/ssl_.py:372: SNIMissingWarning: An HTTPS request has been made, but the SNI (Server Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  warnings.warn(
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 665, in urlopen
    httplib_response = self._make_request(
                       ^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 376, in _make_request
    self._validate_conn(conn)
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 996, in _validate_conn
    conn.connect()
  File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 366, in connect
    self.sock = ssl_wrap_socket(
                ^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 383, in ssl_wrap_socket
    return context.wrap_socket(sock)
           ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/ssl.py", line 455, in wrap_socket
    return self.sslsocket_class._create(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/ssl.py", line 1046, in _create
    self.do_handshake()
  File "/usr/lib/python3.12/ssl.py", line 1317, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1000)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/requests/adapters.py", line 439, in send
    resp = conn.urlopen(
           ^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 719, in urlopen
    retries = retries.increment(
              ^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 436, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='android.clients.google.com', port=443): Max retries exceeded with url: /auth (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1000)')))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "//tranky.py", line 23, in <module>
    keep.login(id, pw)
  File "/usr/local/lib/python3.12/dist-packages/gkeepapi/__init__.py", line 697, in login
    ret = auth.login(email, password, device_id)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/dist-packages/gkeepapi/__init__.py", line 54, in login
    res = gpsoauth.perform_master_login(self._email, password, self._device_id)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/dist-packages/gpsoauth/__init__.py", line 143, in perform_master_login
    return _perform_auth_request(data, proxy)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/dist-packages/gpsoauth/__init__.py", line 86, in _perform_auth_request
    res = session.post(AUTH_URL, data=data, verify=True)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 583, in post
    return self.request('POST', url, data=data, json=json, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 535, in request
    resp = self.send(prep, **send_kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 648, in send
    r = adapter.send(request, **kwargs)
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/requests/adapters.py", line 514, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='android.clients.google.com', port=443): Max retries exceeded with url: /auth (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1000)')))
@simon-weber
Copy link
Owner

That SNIMissingWarning makes me think there's an issue with your system python's tls setup. Usually that has to do with how you installed python or openssl, or maybe the versions of related python packages (like requests or urllib3).

@ooker777
Copy link
Author

I got this when I use python 12rc on Ubuntu 20.04 (docker). When I change to python 11 it's solved

@sammko
Copy link

sammko commented May 29, 2024

Adding context.load_default_certs() to

gpsoauth/gpsoauth/__init__.py

Lines 69 to 80 in e08bb6e

def init_poolmanager(self, *args: Any, **kwargs: Any) -> None:
"""
Secure settings from ssl.create_default_context(), but without
ssl.OP_NO_TICKET which causes Google to return 403 Bad
Authentication.
"""
context = SSLContext()
if SSL_DEFAULT_CIPHERS:
context.set_ciphers(SSL_DEFAULT_CIPHERS)
context.verify_mode = ssl.CERT_REQUIRED
context.options &= ~ssl.OP_NO_TICKET # pylint: disable=E1101
self.poolmanager = PoolManager(*args, ssl_context=context, **kwargs)

fixes the issue for me. I'm not sure why this is not an issue universally, the SSLContext simply has an empty certificate store upon initialisation on my machine. Python 3.12.3

>>> import ssl
>>> s = ssl.SSLContext()
>>> s.cert_store_stats()
{'x509': 0, 'crl': 0, 'x509_ca': 0}
>>> s.load_default_certs()
>>> s.cert_store_stats()
{'x509': 147, 'crl': 0, 'x509_ca': 147}
>>>

@simon-weber
Copy link
Owner

Hm. I don't see any harm in adding load_default_certs. I'm also not sure why it's not a bigger problem to have them go unloaded.

@KapJI KapJI mentioned this issue Jun 8, 2024
Closed
@ejpenney ejpenney mentioned this issue Jun 8, 2024
Merged
@watkins-matt watkins-matt mentioned this issue Jun 9, 2024
Closed
@viertel97 viertel97 mentioned this issue Jun 9, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sammko @simon-weber @ooker777