SSL: CERTIFICATE_VERIFY_FAILED when trying to download artifact from maven repository


#1

I’m in the process of trying to add windows support for travis for the graalvm/mx repo: https://github.com/graalvm/mx/pull/174

So far it’s going pretty well, but I seem to be running into a problem where we’re trying to download a .jar file from maven central, but it’s failing to verify the SSL certificate: https://travis-ci.org/graalvm/mx/jobs/457224527#L4450

Note that this works fine when running on my local machine, or on linux: https://travis-ci.org/graalvm/mx/builds/457224524

The build script required to reproduce is:

os: windows
language: shell
before_install:
  - choco install python2 -y
  - export PATH=$PATH:/c/Python27
script: python -c 'import urllib2; print urllib2.urlopen("https://repo1.maven.org/maven2/org/jacoco/org.jacoco.core/0.7.9/org.jacoco.core-0.7.9.jar")'

Which is showing the following error:

urllib2.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)>

I think this is being caused by a missing SSL certificate in the windows environment?

I’m not sure how I should install such a certificate, most of the tutorials I’ve found tell me to use the GUI tool, but I don’t think that’s an option, since the travis script uses shell commands. As far as I can tell the command line tool to do the same is certutil, but I don’t know what the right incantation is.

I’m very inexperienced with dealing with SSL certificates, so my questions are:

  • Am I even looking in the right place?
  • How should I add the SSL certificate for the URL I’m trying to access?

Thanks


I’ve tried turning off verification by setting PYTHONHTTPSVERIFY=0 in before_install, but I’m still getting the same error.

Seems similar to: https://github.com/travis-ci/travis-ci/issues/4757 Which seems to have been a container issue. Something about TLSv1.2 not being accessible?