httpx: SSL handshake failed on verifying the certificate

im using charlesproxy for debugging each requests. Proxy ip and cert is from charlesproxy

My code:

import httpx
client = httpx.Client(proxies={
    "http": "http://192.168.1.78:8888",
    "https": "http://192.168.1.78:8888",

})


client_cer = r'C:\Users\localhost\Documents\123.pem'
request = client.get("http://whoer.net",verify=client_cer)

output


SSL handshake failed on verifying the certificate
protocol: <asyncio.sslproto.SSLProtocol object at 0x0000020CDCD7E470>
transport: <_SelectorSocketTransport fd=768 read=polling write=<idle, bufsize=0>>
Traceback (most recent call last):
  File "C:\Users\localhost\AppData\Local\Programs\Python\Python37\lib\asyncio\sslproto.py", line 625, in _on_handshake_complete
    raise handshake_exc
  File "C:\Users\localhost\AppData\Local\Programs\Python\Python37\lib\asyncio\sslproto.py", line 189, in feed_ssldata
    self._sslobj.do_handshake()
  File "C:\Users\localhost\AppData\Local\Programs\Python\Python37\lib\ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1056)
SSL error in data received
protocol: <asyncio.sslproto.SSLProtocol object at 0x0000020CDCD7E470>
transport: <_SelectorSocketTransport closing fd=768 read=idle write=<idle, bufsize=0>>
Traceback (most recent call last):
  File "C:\Users\localhost\AppData\Local\Programs\Python\Python37\lib\asyncio\sslproto.py", line 526, in data_received
    ssldata, appdata = self._sslpipe.feed_ssldata(data)
  File "C:\Users\localhost\AppData\Local\Programs\Python\Python37\lib\asyncio\sslproto.py", line 189, in feed_ssldata
    self._sslobj.do_handshake()
  File "C:\Users\localhost\AppData\Local\Programs\Python\Python37\lib\ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1056)
Traceback (most recent call last):
  File "C:/Users/localhost/PycharmProjects/TribalW_Test_Env/Basic/tests/httpx/proxy_test.py", line 11, in <module>
    request = client.get("http://whoer.net",headers=headers,verify=client_cer)
  File "C:\Users\localhost\AppData\Local\Programs\Python\Python37\lib\site-packages\httpx\client.py", line 818, in get
    proxies=proxies,
  File "C:\Users\localhost\AppData\Local\Programs\Python\Python37\lib\site-packages\httpx\client.py", line 729, in request
    proxies=proxies,
  File "C:\Users\localhost\AppData\Local\Programs\Python\Python37\lib\site-packages\httpx\client.py", line 760, in send
    async_response = concurrency_backend.run(coroutine, *args, **kwargs)
  File "C:\Users\localhost\AppData\Local\Programs\Python\Python37\lib\site-packages\httpx\concurrency\asyncio.py", line 241, in run
    return self.loop.run_until_complete(coroutine(*args, **kwargs))
  File "C:\Users\localhost\AppData\Local\Programs\Python\Python37\lib\asyncio\base_events.py", line 584, in run_until_complete
    return future.result()
  File "C:\Users\localhost\AppData\Local\Programs\Python\Python37\lib\site-packages\httpx\client.py", line 230, in _get_response
    return await get_response(request)
  File "C:\Users\localhost\AppData\Local\Programs\Python\Python37\lib\site-packages\httpx\middleware\redirect.py", line 41, in __call__
    return await self(next_request, get_response)
  File "C:\Users\localhost\AppData\Local\Programs\Python\Python37\lib\site-packages\httpx\middleware\redirect.py", line 31, in __call__
    response = await get_response(request)
  File "C:\Users\localhost\AppData\Local\Programs\Python\Python37\lib\site-packages\httpx\client.py", line 191, in get_response
    request, verify=verify, cert=cert, timeout=timeout
  File "C:\Users\localhost\AppData\Local\Programs\Python\Python37\lib\site-packages\httpx\dispatch\proxy_http.py", line 243, in send
    request=request, verify=verify, cert=cert, timeout=timeout
  File "C:\Users\localhost\AppData\Local\Programs\Python\Python37\lib\site-packages\httpx\dispatch\connection_pool.py", line 118, in send
    connection = await self.acquire_connection(origin=request.url.origin)
  File "C:\Users\localhost\AppData\Local\Programs\Python\Python37\lib\site-packages\httpx\dispatch\proxy_http.py", line 92, in acquire_connection
    return await self.tunnel_connection(origin)
  File "C:\Users\localhost\AppData\Local\Programs\Python\Python37\lib\site-packages\httpx\dispatch\proxy_http.py", line 110, in tunnel_connection
    await self.tunnel_start_tls(origin, connection)
  File "C:\Users\localhost\AppData\Local\Programs\Python\Python37\lib\site-packages\httpx\dispatch\proxy_http.py", line 194, in tunnel_start_tls
    timeout=timeout,
  File "C:\Users\localhost\AppData\Local\Programs\Python\Python37\lib\site-packages\httpx\concurrency\asyncio.py", line 216, in start_tls
    timeout=timeout.connect_timeout,
  File "C:\Users\localhost\AppData\Local\Programs\Python\Python37\lib\asyncio\tasks.py", line 416, in wait_for
    return fut.result()
  File "C:\Users\localhost\AppData\Local\Programs\Python\Python37\lib\asyncio\base_events.py", line 1134, in start_tls
    await waiter
  File "C:\Users\localhost\AppData\Local\Programs\Python\Python37\lib\asyncio\sslproto.py", line 526, in data_received
    ssldata, appdata = self._sslpipe.feed_ssldata(data)
  File "C:\Users\localhost\AppData\Local\Programs\Python\Python37\lib\asyncio\sslproto.py", line 189, in feed_ssldata
    self._sslobj.do_handshake()
  File "C:\Users\localhost\AppData\Local\Programs\Python\Python37\lib\ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1056)

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 19 (10 by maintainers)

Most upvoted comments

Figured it out! PR will be incoming soon! 😃

+2
sethmlarson on Sep 24, 2019

I had a quick look at this, it seems verify is not passed into the proxy dispatchers on the client.get call but it is on Client.__init__. On initialization the Client defaults to verify=True and the proxies are setup accordingly which causes the self-signed cetificate error.

We can fix that but in the meantime a solution might be:

import httpx
client_cer = r'C:\Users\localhost\Documents\123.pem'
client = httpx.Client(proxies={
    "http": "http://192.168.1.78:8888",
    "https": "http://192.168.1.78:8888",
}, verify=client_cer)

request = client.get("http://whoer.net")

@GnubiBORED can you give that a try?

+1
yeraydiazdiaz on Nov 6, 2019

Hmm, you should be seeing some debug messages. Do you have the latest version of HTTPX installed? (Try python -m pip freeze and paste the output)

Maybe try setx HTTPX_DEBUG=1 then run the python command?

+1
sethmlarson on Sep 24, 2019
Read more comments on GitHub
← httpx: Should error responses raise an HTTPError by default?
httpx: Test client usage question: how to trigger lifespan startup and shutdown ? →