Win Conda nested asn1 error

This subforum is specifically to discuss packaging issues on different platforms (windows, mac, linux), and using different packaging systems (conda, etc...)
User avatar
mpetrasinovic
Posts: 106
Joined: Sat Feb 22, 2020 10:19 am
Location: Belgrade, Serbia
Contact:

Win Conda nested asn1 error

Post by mpetrasinovic »

I tried a few times Windows Conda build and every time a got the following error for AddonManager.

Code: Select all

Init:      Initializing C:\Program Files\FreeCAD_0.19.21329-Win-Conda_vc14.x-x86_64\Mod\AddonManager... failed
----------------------------------------------------------------------------------------------------
Traceback (most recent call last):
  File "<string>", line 125, in InitApplications
  File "<string>", line 6, in <module>
  File "C:\Program Files\FreeCAD_0.19.21329-Win-Conda_vc14.x-x86_64\Mod\AddonManager\AddonManager.py", line 47, in <module>
    import addonmanager_utilities as utils
  File "C:\Program Files\FreeCAD_0.19.21329-Win-Conda_vc14.x-x86_64\Mod\AddonManager\addonmanager_utilities.py", line 44, in <module>
    ssl_ctx = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
  File "C:\Program Files\FreeCAD_0.19.21329-Win-Conda_vc14.x-x86_64\bin\lib\ssl.py", line 750, in create_default_context
    context.load_default_certs(purpose)
  File "C:\Program Files\FreeCAD_0.19.21329-Win-Conda_vc14.x-x86_64\bin\lib\ssl.py", line 574, in load_default_certs
    self._load_windows_store_certs(storename, purpose)
  File "C:\Program Files\FreeCAD_0.19.21329-Win-Conda_vc14.x-x86_64\bin\lib\ssl.py", line 566, in _load_windows_store_certs
    self.load_verify_locations(cadata=certs)
ssl.SSLError: nested asn1 error (_ssl.c:4114)
----------------------------------------------------------------------------------------------------
During initialization the error "nested asn1 error (_ssl.c:4114)" occurred in C:\Program Files\FreeCAD_0.19.21329-Win-Conda_vc14.x-x86_64\Mod\AddonManager\InitGui.py
OS: Windows 10 (10.0)
Word size of OS: 64-bit
Word size of FreeCAD: 64-bit
Version: 0.19.21329 (Git)
Build type: Release
Branch: master
Hash: 2330eef823b32ac412d839031cc174353a76b013
Python version: 3.8.2
Qt version: 5.12.5
Coin version: 4.0.0
OCC version: 7.4.0
Locale: Serbian/Serbia (sr_RS)
Syres
Veteran
Posts: 2893
Joined: Thu Aug 09, 2018 11:14 am

Re: Win Conda nested asn1 error

Post by Syres »

mpetrasinovic wrote: Mon Jun 01, 2020 8:42 am every time a got the following error for AddonManager.
I'm guessing there is another piece of software/setting on your box that requires Client Authentication rather than Server. Therefore you just need to change line 44 in src\Mod\AddonManager\addonmanager_utilities.py from:

Code: Select all

        ssl_ctx = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
to:

Code: Select all

        ssl_ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
There was a discussion about the pros and cons of fixing this setting for all platforms and so far I'm only aware of two Windows users (including yourself) who have had to change it.
User avatar
mpetrasinovic
Posts: 106
Joined: Sat Feb 22, 2020 10:19 am
Location: Belgrade, Serbia
Contact:

Re: Win Conda nested asn1 error

Post by mpetrasinovic »

Syres wrote: Mon Jun 01, 2020 8:53 am I'm guessing there is another piece of software/setting on your box that requires Client Authentication rather than Server.
That's it, it works now. I don't have this problem with LP build that is strange to me.
Syres wrote: Mon Jun 01, 2020 8:53 am There was a discussion about the pros and cons of fixing this setting for all platforms and so far I'm only aware of two Windows users (including yourself) who have had to change it.
Can we implement this as a fallback then?
Syres
Veteran
Posts: 2893
Joined: Thu Aug 09, 2018 11:14 am

Re: Win Conda nested asn1 error

Post by Syres »

mpetrasinovic wrote: Mon Jun 01, 2020 9:10 am I don't have this problem with LP build that is strange to me.
Never make two changes at once (previously used to be a Problem Manager :D)


sgrogan wrote: ping
looo wrote: ping
Has there been a change/addition to the Conda build that may not have been to the LP build that would cause the SSL authentication (SERVER) to fail? I really don't want to go over this discussion https://forum.freecadweb.org/viewtopic.php?f=3&t=42825 again if we can avoid it.
User avatar
mpetrasinovic
Posts: 106
Joined: Sat Feb 22, 2020 10:19 am
Location: Belgrade, Serbia
Contact:

Re: Win Conda nested asn1 error

Post by mpetrasinovic »

Syres wrote: Mon Jun 01, 2020 9:26 am Never make two changes at once (previously used to be a Problem Manager :D)
I am not sure what you mean by two changes at once :) I did not change anything. When I download the latest Conda and LP builds I have this error with Conda but there is no error with LP build.
User avatar
sgrogan
Veteran
Posts: 6499
Joined: Wed Oct 22, 2014 5:02 pm

Re: Win Conda nested asn1 error

Post by sgrogan »

Syres wrote: Mon Jun 01, 2020 9:26 am Has there been a change/addition to the Conda build that may not have been to the LP build that would cause the SSL authentication (SERVER) to fail? I really don't want to go over this discussion https://forum.freecadweb.org/viewtopic.php?f=3&t=42825 again if we can avoid it.
Not intentionally but Conda's dependency manager will always try to use the latest compatible version of packages.
A quick look at what I have locally shows that the Conda 0.18.4 build uses openssl 1.1.1d and the latest dev version I have uses 1.1.1g
I think the Addons manager is using _ssl.pyd from the bin/DLLs directory? I guess I need to check also the Py3.8 build on Conda also.

I believe for the Libpack apeltauer just uses the official PY3.6.x binaries. I don't know how this is handled with Conda which is PY3.8.x
"fight the good fight"
User avatar
sgrogan
Veteran
Posts: 6499
Joined: Wed Oct 22, 2014 5:02 pm

Re: Win Conda nested asn1 error

Post by sgrogan »

mpetrasinovic wrote: Mon Jun 01, 2020 6:57 pm I am not sure what you mean by two changes at once :) I did not change anything. When I download the latest Conda and LP builds I have this error with Conda but there is no error with LP build.
All versions of FreeCAD share user.cfg and system.cfg located in %appdata%/FreeCAD
So switching between versions/builds may or may not be involved in something saved there.
"fight the good fight"
Syres
Veteran
Posts: 2893
Joined: Thu Aug 09, 2018 11:14 am

Re: Win Conda nested asn1 error

Post by Syres »

mpetrasinovic wrote: Mon Jun 01, 2020 6:57 pm ping
Would you mind just quickly changing the line back from CLIENT_AUTH to SERVER_AUTH and then please retest. If it still fails then please leave the addonmanager_utilities.py with the SERVER_AUTH and rename src\bin\Lib\ssl.py and replace with the one attached. I found a Github thread from February 2019 where jupyter notebook users had to ignore certificates issued by Serbia.

Edit: Further investigation may have found a solution though not ideal.
Edit2: Updated attached file
Attachments
ssl.py
(50.01 KiB) Downloaded 223 times
Last edited by Syres on Tue Jun 02, 2020 9:11 am, edited 1 time in total.
User avatar
mpetrasinovic
Posts: 106
Joined: Sat Feb 22, 2020 10:19 am
Location: Belgrade, Serbia
Contact:

Re: Win Conda nested asn1 error

Post by mpetrasinovic »

Syres wrote: Tue Jun 02, 2020 7:19 am Would you mind just quickly changing the line back from CLIENT_AUTH to SERVER_AUTH and then please retest. Yesterday afternoon I could replicate the fault with the Conda build but today I cannot, as if there's something else going on that's out of the FreeCAD community's control.
I tried several times in the last few months and I always get this error with the Conda build, LP build was always fine.
Syres
Veteran
Posts: 2893
Joined: Thu Aug 09, 2018 11:14 am

Re: Win Conda nested asn1 error

Post by Syres »

mpetrasinovic wrote: Tue Jun 02, 2020 8:07 am I tried several times in the last few months and I always get this error with the Conda build, LP build was always fine.
Please see my updated post above, this now makes sense, sorry I thought you'd only had the problem with the latest Conda build.
Post Reply