Any clues to fixing my SSL failure?

geoffrey.x.king · July 7, 2022, 10:22pm

I’m using: SWI-Prolog version : threaded, 64 bits, version 8.4.2 on Windows.

I want the code to:
make a http_open call that doesn’t fail with an SSL error.

But what I’m getting is:
error(ssl_error(1416F086,SSL routines,tls_process_server_certificate,certificate verify failed),_356)

My code looks like this:

:- use_module(library(http/http_open)).
:- use_module(library(http/http_ssl_plugin)).

%% boring code removed.
http_open(URL,
		      In,
		      [authorization(basic('blah@domain',Password))]), 
	    json_read_dict(In, J), 
	    close(In),

Two other key points:

curl works doing the exact same thing from the same windows machine.
it previously worked - I have no idea if the failure mode is due to a change in - corporate infrastructure, swi-prolog, or libraries.

Thanks.

drspro · July 8, 2022, 6:55am

i have the same error with certain versions curl works and the browser too. It was stated that the most recent swipl release has fixes for SSL. I havent tried that yet, I use Without https in the mean time

brebs · July 8, 2022, 7:12am

Got a reproducible example using a public website?

Add -v to the curl command, for more info.

Can get info on SSL certs using e.g. online checker and openssl s_client.

jan · July 8, 2022, 8:27am

On Windows, SWI-Prolog gets its certificates from the OS, AFAIK. Curl may come with bundled certificates? Roughly there are two ways out: get the right certificate and add it to the Windows set or add it explicitly using the Prolog OpenSSL API or disable certificate checking altogether. Most of the options are described with ssl_context/3.

geoffrey.x.king · July 11, 2022, 1:19am

Thanks folks, that’s enough to get me started.

giank · November 30, 2023, 8:45pm

Hello, I ran into this problem when trying to execute a sparql query with pyswip. The error is the same as pointed out by the original poster:
pyswip.prolog.PrologError: Caused by: '<...truncated...>'.Returned: 'error(ssl_error(1416F086, SSL routines, tls_process_server_certificate, certificate verify failed), _262)'.
I just want to disable certificate checking. I’m currently learning Prolog day by day but i don’t have any idea about how to do it. I don’t know anything about ssl certificates and stuff like this. Thank you in advance.

jan · November 30, 2023, 9:10pm

You can bypass the certificate validation using the option cert_verify_hook(cert_accept_any). Unfortunately though, sparql_client/3 does not pass this on the the HTTP client. I pushed a fix for that (ADDED: sparql_query/3: pass SSL options to the SSL context. · SWI-Prolog/packages-semweb@3341f31 · GitHub). You can make the patch by hand on the file in your Prolog library.

It does strike me a bit odd to try to use Prolog to run an HTTP query for Python Python is capable of doing that itself …

Topic		Replies	Views
Package install errors - How to resolve after SWI-Prolog changed to using HTTPS Nice to know	2	2843	July 1, 2019
Swi webserver and ssl General	4	599	August 20, 2020
SSL client issue (likely because of Let's encrypt CA change) General	5	382	October 1, 2021
Swi pro http server, use http_get from swi- library on other machine General	0	305	May 27, 2022
Pack_list certificate verify failed Pack	5	1015	December 22, 2020

Any clues to fixing my SSL failure?

Related topics