SSLError when using pybankid with BankID Test environment

Question

SSLError when using pybankid with BankID Test environment

dotchetter opened this issue 2 years ago · comments

pybankid version: 0.12.0
Python version: 3.8
Operating System: Linux CentOS

Description

It's been working well for months, but now suddenly it throws an SSLError when trying to use BankID for test with pybankid.

I've installed the certificate from https://www.bankid.com/utvecklare/test, but the same error still
occurrs.
The setup has been working before, last time I checked it was around March 2022.

Describe what you were trying to get done.

I was trying to use BankID's test environment with pybankid, by using the 'authenticate' method on the BankIDJSONClient.

What I Did

Installed the latest TLS Certificate from BankID, for the test environment

Paste the command(s) you ran and the output.
[Tue Oct 11 10:28:47.586665 2022] [wsgi:error] [pid 967:tid 139798451377920] [remote 10.0.0.2:44356]   File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py", line 670, in urlopen
[Tue Oct 11 10:28:47.586734 2022] [wsgi:error] [pid 967:tid 139798451377920] [remote 10.0.0.2:44356]     httplib_response = self._make_request(
[Tue Oct 11 10:28:47.586800 2022] [wsgi:error] [pid 967:tid 139798451377920] [remote 10.0.0.2:44356]   File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py", line 426, in _make_request
[Tue Oct 11 10:28:47.586900 2022] [wsgi:error] [pid 967:tid 139798451377920] [remote 10.0.0.2:44356]     six.raise_from(e, None)
[Tue Oct 11 10:28:47.586964 2022] [wsgi:error] [pid 967:tid 139798451377920] [remote 10.0.0.2:44356]   File "<string>", line 3, in raise_from
[Tue Oct 11 10:28:47.587083 2022] [wsgi:error] [pid 967:tid 139798451377920] [remote 10.0.0.2:44356]   File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py", line 421, in _make_request
[Tue Oct 11 10:28:47.587148 2022] [wsgi:error] [pid 967:tid 139798451377920] [remote 10.0.0.2:44356]     httplib_response = conn.getresponse()
[Tue Oct 11 10:28:47.587211 2022] [wsgi:error] [pid 967:tid 139798451377920] [remote 10.0.0.2:44356]   File "/usr/local/lib/python3.8/http/client.py", line 1347, in getresponse
[Tue Oct 11 10:28:47.587274 2022] [wsgi:error] [pid 967:tid 139798451377920] [remote 10.0.0.2:44356]     response.begin()
[Tue Oct 11 10:28:47.587335 2022] [wsgi:error] [pid 967:tid 139798451377920] [remote 10.0.0.2:44356]   File "/usr/local/lib/python3.8/http/client.py", line 307, in begin
[Tue Oct 11 10:28:47.587396 2022] [wsgi:error] [pid 967:tid 139798451377920] [remote 10.0.0.2:44356]     version, status, reason = self._read_status()
[Tue Oct 11 10:28:47.587462 2022] [wsgi:error] [pid 967:tid 139798451377920] [remote 10.0.0.2:44356]   File "/usr/local/lib/python3.8/http/client.py", line 268, in _read_status
[Tue Oct 11 10:28:47.587526 2022] [wsgi:error] [pid 967:tid 139798451377920] [remote 10.0.0.2:44356]     line = str(self.fp.readline(_MAXLINE + 1), "iso-8859-1")
[Tue Oct 11 10:28:47.587588 2022] [wsgi:error] [pid 967:tid 139798451377920] [remote 10.0.0.2:44356]   File "/usr/local/lib/python3.8/socket.py", line 669, in readinto
[Tue Oct 11 10:28:47.587649 2022] [wsgi:error] [pid 967:tid 139798451377920] [remote 10.0.0.2:44356]     return self._sock.recv_into(b)
[Tue Oct 11 10:28:47.587710 2022] [wsgi:error] [pid 967:tid 139798451377920] [remote 10.0.0.2:44356]   File "/usr/local/lib/python3.8/ssl.py", line 1241, in recv_into
[Tue Oct 11 10:28:47.587769 2022] [wsgi:error] [pid 967:tid 139798451377920] [remote 10.0.0.2:44356]     return self.read(nbytes, buffer)
[Tue Oct 11 10:28:47.587829 2022] [wsgi:error] [pid 967:tid 139798451377920] [remote 10.0.0.2:44356]   File "/usr/local/lib/python3.8/ssl.py", line 1099, in read
[Tue Oct 11 10:28:47.587887 2022] [wsgi:error] [pid 967:tid 139798451377920] [remote 10.0.0.2:44356]     return self._sslobj.read(len, buffer)
[Tue Oct 11 10:28:47.587946 2022] [wsgi:error] [pid 967:tid 139798451377920] [remote 10.0.0.2:44356] ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:2623)

Denys Halenok · Answer 1 · Tue Oct 11 2022 17:27:58 GMT+0800 (China Standard Time)

I've faced the same issue which I reported here - #42. It's basically due to pybankid (v0.12.0) using an outdated test certificate. I've made a PR to update the test certificate which was merged, but not deployed to PyPI.

Simon Olofsson · Answer 2 · Tue Oct 11 2022 18:08:18 GMT+0800 (China Standard Time)

Thanks for the response @dhalenok. I suppose we can close this as a duplicate.

Henrik Blidh · Answer 3 · Tue Oct 11 2022 23:18:44 GMT+0800 (China Standard Time)

This was now released in version 0.13.1 to PyPI. Thank you for noticing it!

Simon Olofsson · Answer 4 · Wed Oct 12 2022 17:01:32 GMT+0800 (China Standard Time)

I'm still having the same issue after upgrading to 0.13.1.
Is it working for you, using the bankid test environment?

Henrik Blidh · Answer 5 · Wed Oct 12 2022 21:27:12 GMT+0800 (China Standard Time)

Did you fetch the new certificate before trying? Something like this:

import os
from bankid.certutils import create_bankid_test_server_cert_and_key

paths = create_bankid_test_server_cert_and_key(os.path.expanduser("~"))
print(paths)

Simon Olofsson · Answer 6 · Wed Oct 12 2022 22:33:22 GMT+0800 (China Standard Time)

Ah, I seem to have confused the container environment with the one on the host.
My bad - and thanks for a quick reply!