PyAPNs2: Receiving [SSL: CA_MD_TOO_WEAK] ca md too weak (_ssl.c:3880) error when trying to send push notification.
I have never used APNS before so I’m pretty much in the dark about what’s causing this issue, but from the stack trace I can conclude that the error originates from ssl library. Is this somehow fixable locally by using different ssl version (if yes, how?) or maybe it is the bug in the library itself?
Traceback (most recent call last): File "/usr/local/lib/python3.7/site-packages/django/core/handlers/exception.py", line 34, in inner response = get_response(request) File "/usr/local/lib/python3.7/site-packages/django/core/handlers/base.py", line 115, in _get_response response = self.process_exception_by_middleware(e, request) File "/usr/local/lib/python3.7/site-packages/django/core/handlers/base.py", line 113, in _get_response response = wrapped_callback(request, *callback_args, **callback_kwargs) File "/usr/local/lib/python3.7/site-packages/django/views/decorators/csrf.py", line 54, in wrapped_view return view_func(*args, **kwargs) File "/usr/local/lib/python3.7/site-packages/django/views/generic/base.py", line 71, in view return self.dispatch(request, *args, **kwargs) File "/usr/local/lib/python3.7/site-packages/rest_framework/views.py", line 505, in dispatch response = self.handle_exception(exc) File "/usr/local/lib/python3.7/site-packages/rest_framework/views.py", line 465, in handle_exception self.raise_uncaught_exception(exc) File "/usr/local/lib/python3.7/site-packages/rest_framework/views.py", line 476, in raise_uncaught_exception raise exc File "/usr/local/lib/python3.7/site-packages/rest_framework/views.py", line 502, in dispatch response = handler(request, *args, **kwargs) File "/code/api/views/views.py", line 65, in get client = APNsClient(key_path, use_sandbox=False, use_alternative_port=False) File "/usr/local/lib/python3.7/site-packages/apns2/client.py", line 56, in __init__ self.__credentials = CertificateCredentials(credentials, password) # type: Credentials File "/usr/local/lib/python3.7/site-packages/apns2/credentials.py", line 37, in __init__ ssl_context = init_context(cert=cert_file, cert_password=password) File "/usr/local/lib/python3.7/site-packages/hyper/tls.py", line 131, in init_context context.load_cert_chain(cert, password=cert_password) ssl.SSLError: [SSL: CA_MD_TOO_WEAK] ca md too weak (_ssl.c:3880)
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Comments: 15 (1 by maintainers)
@naitik-aubergine noted in the other repo:
Ah! My apologies - and thank you 😃
Starting from November 2020 Apple will no longer support cert-based authentication and will only support JWT APNS communication.
This will answer your question in more details: https://github.com/Develatio/django-walletpass/issues/1#issuecomment-608358900
Check out this: https://developer.apple.com/library/archive/documentation/NetworkingInternet/Conceptual/RemoteNotificationsPG/APNSOverview.html#//apple_ref/doc/uid/TP40008194-CH8-SW1 Specifically section called “Provider-to-APNs Connection Trust”
And this: https://developer.apple.com/documentation/usernotifications/setting_up_a_remote_notification_server/establishing_a_token-based_connection_to_apns
I think I have solved it. https://github.com/jazzband/django-push-notifications/issues/532. Editing /etc/ssl/openssl.cnf worked or at least the error has changed.