Any clues to fixing my SSL failure?

I’m using: SWI-Prolog version : threaded, 64 bits, version 8.4.2 on Windows.

I want the code to:
make a http_open call that doesn’t fail with an SSL error.

But what I’m getting is:
error(ssl_error(1416F086,SSL routines,tls_process_server_certificate,certificate verify failed),_356)

My code looks like this:

:- use_module(library(http/http_open)).
:- use_module(library(http/http_ssl_plugin)).

%% boring code removed.
http_open(URL,
		      In,
		      [authorization(basic('blah@domain',Password))]), 
	    json_read_dict(In, J), 
	    close(In),

Two other key points:

  1. curl works doing the exact same thing from the same windows machine.
  2. it previously worked - I have no idea if the failure mode is due to a change in - corporate infrastructure, swi-prolog, or libraries.

Thanks.

i have the same error with certain versions curl works and the browser too. It was stated that the most recent swipl release has fixes for SSL. I havent tried that yet, I use Without https in the mean time

Got a reproducible example using a public website?

Add -v to the curl command, for more info.

Can get info on SSL certs using e.g. online checker and openssl s_client.

On Windows, SWI-Prolog gets its certificates from the OS, AFAIK. Curl may come with bundled certificates? Roughly there are two ways out: get the right certificate and add it to the Windows set or add it explicitly using the Prolog OpenSSL API or disable certificate checking altogether. Most of the options are described with ssl_context/3.

1 Like

Thanks folks, that’s enough to get me started.

Hello, I ran into this problem when trying to execute a sparql query with pyswip. The error is the same as pointed out by the original poster:
pyswip.prolog.PrologError: Caused by: '<...truncated...>'.Returned: 'error(ssl_error(1416F086, SSL routines, tls_process_server_certificate, certificate verify failed), _262)'.
I just want to disable certificate checking. I’m currently learning Prolog day by day but i don’t have any idea about how to do it. I don’t know anything about ssl certificates and stuff like this. Thank you in advance.

You can bypass the certificate validation using the option cert_verify_hook(cert_accept_any). Unfortunately though, sparql_client/3 does not pass this on the the HTTP client. I pushed a fix for that (ADDED: sparql_query/3: pass SSL options to the SSL context. · SWI-Prolog/packages-semweb@3341f31 · GitHub). You can make the patch by hand on the file in your Prolog library.

It does strike me a bit odd to try to use Prolog to run an HTTP query for Python :slight_smile: Python is capable of doing that itself …