Win Conda nested asn1 error

mpetrasinovic · Post by **mpetrasinovic** » Tue Jun 02, 2020 8:21 am

Syres wrote: ↑Tue Jun 02, 2020 8:13 am Please see my updated post above, this now makes sense, sorry I thought you'd only had the problem with the latest Conda build.

I followed your post and error is gone. Did you find the cause of the error and is it possible to prevent it in the future releases?

Syres · Post by **Syres** » Tue Jun 02, 2020 8:34 am

mpetrasinovic wrote: ↑Tue Jun 02, 2020 8:21 am I followed your post and error is gone. Did you find the cause of the error and is it possible to prevent it in the future releases?

Yes I now know what the root cause is, any or some certificates that are loaded from the windows store that contain 'MUP Republike Srbije' will cause the failure. The file I attached is not the finished version but I am putting that together with the appropriate comments referring back to this thread.

I will propose that @sgrogan can add a line towards the end of the large batch file used to make the Conda build to replace the standard ssl.py with the one I produce. It may be rejected on the basis that the file is not part of FreeCAD core but I can only ask.

mpetrasinovic · Post by **mpetrasinovic** » Tue Jun 02, 2020 8:47 am

Syres wrote: ↑Tue Jun 02, 2020 8:34 am Yes I now know what the root cause is, any or some certificates that are loaded from the windows store that contain 'MUP Republike Srbije' will cause the failure.

I can confirm that this 'MUP Republike Srbije' certificates are the cause of this. I just found it in multiple places. It would be great if we can add this to the core, thank you!

Syres · Post by **Syres** » Tue Jun 02, 2020 9:10 am

sgrogan wrote: ↑Mon Jun 01, 2020 9:30 pm A quick look at what I have locally shows that the Conda 0.18.4 build uses openssl 1.1.1d and the latest dev version I have uses 1.1.1g

I've updated the ssl.py in the post from 08:19 BST with one that's more polished, proper comments and a list that can be easily updated if needed in the future. This is Windows Conda specific so if it can only be added to your batch file that produces the Conda build towards the end so it doesn't get overwritten but rename the existing one first so if/when openssl gets upgraded and it's not immediately apparent then the user can put the default version back relatively easily. It is definitely the src\bin\Lib\ssl.py as there's another one in capital letters in another folder but I verified which one was actually in use. Now whether this is going to raise it's head in the AppImage or Mac at a future date I'm not sure but at least we have an idea how to workaround it.

edit: Added rename existing file

looo · Post by **looo** » Tue Jun 02, 2020 9:17 am

Syres wrote: ↑Tue Jun 02, 2020 8:34 am
mpetrasinovic wrote: ↑Tue Jun 02, 2020 8:21 am I followed your post and error is gone. Did you find the cause of the error and is it possible to prevent it in the future releases?
Yes I now know what the root cause is, any or some certificates that are loaded from the windows store that contain 'MUP Republike Srbije' will cause the failure. The file I attached is not the finished version but I am putting that together with the appropriate comments referring back to this thread.

I will propose that @sgrogan can add a line towards the end of the large batch file used to make the Conda build to replace the standard ssl.py with the one I produce. It may be rejected on the basis that the file is not part of FreeCAD core but I can only ask.

I just tried to look for a "SSL_CERT_FILE" variable on a windows conda environment, and this variable is not set. So we cannot use the same approach as we did for appimage and osx to solve this issue. But I guess you already came to the same conclusion.

Syres · Post by **Syres** » Tue Jun 02, 2020 9:26 am

looo wrote: ↑Tue Jun 02, 2020 9:17 am I just tried to look for a "SSL_CERT_FILE" variable on a windows conda environment, and this variable is not set. So we cannot use the same approach as we did for appimage and osx to solve this issue. But I guess you already came to the same conclusion.

Certificates on Windows aren't my specialist subject let alone other platforms so all a learning curve, thanks.

PedjaS · Post by **PedjaS** » Wed Jun 03, 2020 5:15 pm

Just to sign in as another one with this problem.

As sugested here, I replaced SERVER_AUTH with CLIENT_AUTH and it fixed it.

looo · Post by **looo** » Wed Jun 03, 2020 10:04 pm

I found this here:
https://github.com/jupyter/notebook/issues/4245

edit: I didn't see that this was already mentioned in this topic, sry.

mpetrasinovic · Post by **mpetrasinovic** » Thu Jun 04, 2020 7:31 am

Can we make some warning for these certificates? I am sure that this will happen again and I just want to save time to those facing the same issue.

Syres · Post by **Syres** » Thu Jun 04, 2020 7:51 am

mpetrasinovic wrote: ↑Thu Jun 04, 2020 7:31 am Can we make some warning for these certificates? I am sure that this will happen again and I just want to save time to those facing the same issue.

For medium to longterm issues, we would require a moderator to update Known Issues https://forum.freecadweb.org/viewtopic.php?f=3&t=30573 topic but let's get some feedback positive or negative as to whether the solution/workaround can be implemented.

Win Conda nested asn1 error

Re: Win Conda nested asn1 error

Re: Win Conda nested asn1 error

Re: Win Conda nested asn1 error

Re: Win Conda nested asn1 error

Re: Win Conda nested asn1 error

Re: Win Conda nested asn1 error

Re: Win Conda nested asn1 error

Re: Win Conda nested asn1 error

Re: Win Conda nested asn1 error

Re: Win Conda nested asn1 error