HTTPS via urllib2 - Error

Angus · July 21, 2016, 4:40am

hi all,

I am trying to send an HTTPS GET request via a button-release script, but get an error which I don’t understand how to work around. I’ve tried looking online and on the forum with no success, except that it appears to be some issue with how Python handles the SSL certificates.

I’ve successfully tested the HTTPS GET request via the URL bar of Internet Explorer on the same machine, and can also successfully send GET requests to HTTP URLs via my script.

Ignition Version: 7.8.3
Operating System: Windows Server 2012

Code

Import urllib2 f = urllib2.urlopen("someURL") print f.read()

When tested on a simple HTTP URL, the website contents appear in the Output Console.

Error
When tested on HTTPS URLs, the following appears in the output console:

[code]Traceback (most recent call last):
File “event:mouseReleased”, line 2, in
File “C:\Users\ignition.ignition\cache\gw10.4.2.202_8088_8043_main\C0\pylib\urllib2.py”, line 124, in urlopen
return _opener.open(url, data)
File “C:\Users\ignition.ignition\cache\gw10.4.2.202_8088_8043_main\C0\pylib\urllib2.py”, line 381, in open
response = self._open(req, data)
File “C:\Users\ignition.ignition\cache\gw10.4.2.202_8088_8043_main\C0\pylib\urllib2.py”, line 398, in _open
result = self._call_chain(self.handle_open, protocol, protocol +
File “C:\Users\ignition.ignition\cache\gw10.4.2.202_8088_8043_main\C0\pylib\urllib2.py”, line 360, in _call_chain
result = func(*args)
File “C:\Users\ignition.ignition\cache\gw10.4.2.202_8088_8043_main\C0\pylib\urllib2.py”, line 1126, in https_open
return self.do_open(httplib.HTTPSConnection, req)
File “C:\Users\ignition.ignition\cache\gw10.4.2.202_8088_8043_main\C0\pylib\urllib2.py”, line 1093, in do_open
raise URLError(err)
urllib2.URLError: <urlopen error (-1, ‘SSL handshake exception: Differences between the SSL socket behaviour of cpython vs. jython are explained on the wiki: http://wiki.python.org/jython/NewSocketModule#SSL_Support’)>

Ignition v7.8.3 (b2016061017)
Java: Oracle Corporation 1.8.0_92 [/code]

I guess I’m wondering, what’s going on here, and how can I make it work?

Thanks in advance for any responses.

Kevin.Herron · July 21, 2016, 1:25pm

Try using the system.net.httpGet scripting function. It has a boolean parameter for bypassing certificate validation, which may be the issue you’re having: docs.inductiveautomation.com:84 … et.httpGet

Angus · July 25, 2016, 6:50am

hi Kevin,

thanks for your response. I’ve tried the “system.net.httpGe” function with partial success - another error has appeared when attempting to bypass the certificate validation. Does anyone know how to get around this, or could point me in the right direction?

Using just the URL, or bypassCertValidation=1, it works. The first time it prompts that the certificate is not valid and isn’t trusted (I think because in this case the server owner issued their own certificate), with the option to proceed. After proceeding once the prompt does not occur until the designer is closed and launched again.
Using bypassCertValidation=0 to this particular URL, the following error is produced:

[code]Traceback (most recent call last):
File “event:mouseReleased”, line 1, in
IOError: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints

at org.python.core.Py.fromIOException(Py.java:215)
at org.python.core.Py.IOError(Py.java:178)
at com.inductiveautomation.ignition.common.script.builtin.AbstractNetUtilities.httpGet(AbstractNetUtilities.java:260)
at sun.reflect.GeneratedMethodAccessor56.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.python.core.PyReflectedFunction.__call__(PyReflectedFunction.java:186)
at com.inductiveautomation.ignition.common.script.ScriptManager$ReflectedInstanceFunction.__call__(ScriptManager.java:427)
at org.python.core.PyObject.__call__(PyObject.java:320)
at org.python.pycode._pyx13.f$0(<event:mouseReleased>:6)
at org.python.pycode._pyx13.call_function(<event:mouseReleased>)
at org.python.core.PyTableCode.call(PyTableCode.java:165)
at org.python.core.PyCode.call(PyCode.java:18)
at org.python.core.Py.runCode(Py.java:1275)
at com.inductiveautomation.ignition.common.script.ScriptManager.runCode(ScriptManager.java:623)
at com.inductiveautomation.factorypmi.application.binding.action.ActionAdapter.runActions(ActionAdapter.java:168)
at com.inductiveautomation.factorypmi.application.binding.action.ActionAdapter.invoke(ActionAdapter.java:265)
at com.inductiveautomation.factorypmi.application.binding.action.RelayInvocationHandler.invoke(RelayInvocationHandler.java:55)
at com.sun.proxy.$Proxy28.mouseReleased(Unknown Source)
at java.awt.AWTEventMulticaster.mouseReleased(Unknown Source)
at java.awt.Component.processMouseEvent(Unknown Source)
at javax.swing.JComponent.processMouseEvent(Unknown Source)
at java.awt.Component.processEvent(Unknown Source)
at java.awt.Container.processEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Window.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
at java.awt.EventQueue.access$500(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue$4.run(Unknown Source)
at java.awt.EventQueue$4.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.run(Unknown Source)

Ignition v7.8.3 (b2016061017)
Java: Oracle Corporation 1.8.0_92[/code]

However, using both bypassCertValidation=0 and 1 to some other randomly selected https site, “https://www.hurl.it/”, does not result in any prompts or errors. The contents are returned correctly in both cases.

EDIT:

Testing against “https://self-signed.badssl.com” produces the appropriate prompts when testing the certificate, and has no problems when not testing the certificate. IE, the website results are returned with no error.

I suppose this means that the problem is something strange at the server end. I’d appreciate any ideas on what that might be, but looks like it may not be an issue with Ignition.

Thanks in advance for any replies,

Angus

Sulivann_BROUTIN · January 23, 2019, 2:35pm

Hello,

Did you figure what was the problem ? I have something similar here and cannot figure where is the problem ?

Regards.

guanghui · April 17, 2019, 1:35am

Have you resolved this problem? Could you give some help ?
Regards!

silverbacknet · April 17, 2019, 8:33am

You might consider using httplib instead, as:

import httplib
con = httplib.HTTPSConnection('host',443,context=ssl._create_unverified_context())
con.request('GET', '/url')
data = con.getresponse().read()

Somewhat painful, but this is the only built-in way to bypass all certificate checks in Python 2.