We Keep Coding

Using pygbag to package PyGame for web results in SSL error

Instead of packaging my PyGame game into an .exe using PyInstaller, I am attempting to use the new Python library pygbag to package the game using web assembly to share on a site like itch.io.
I followed a tutorial to try to get a local test in my browser on port 8000... 1) inserted the asyncio code into my game code 2) ran pygbag from the terminal on the specified directory.
Pygbag does some of the build, but then it hits this SSL error. Any thoughts? Thanks.
WARNING: web.get(https://pygame-web.github.io/archives/0.5/default.tmpl) : <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:997)>
retrying in 5 seconds
On MacOS 11.6.7; Python 3.10.8; pygbag 0.5.0; pygame 2.1.2
ctrl-c quitting, I see another SSL error:
WARNING: web.get(https://pygame-web.github.io/archives/0.5/favicon.png) : <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:997)>
retrying in 5 seconds
crtl-c quitting again gets it to stop completely.

There was an "Install Certificates.command" file in Applications/Python 3.10/. I double clicked to run it and that solved my problem.
certificate verify failed: unable to get local issuer certificate

"There was a problem confirming the ssl certificate" when doing pip install on a local artifactory repository

I could use some guidance on what needs to be put in place for resolving this SSL issue to an artifactory server when running
pip install. Is this "self signed certificate" supposed to be replaced by a specific one provided by that server?
Could not fetch URL [our.artifactory.server.name]/simple/hercl/:
There was a problem confirming the ssl certificate: HTTPSConnectionPool
(host='[our.artifactory.server.name]', port=443):
Max retries exceeded with url:
/api/pypi/our.artifactory.server.name-local/simple/hercl/ (Caused by SSLError(SSLCertVerificationError(1,
'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed:
self signed certificate in certificate chain (_ssl.c:1131)'))) - skipping

Credited to pip.pypa.io:
Starting with v1.3, pip provides SSL certificate verification over
HTTP, to prevent man-in-the-middle attacks against PyPI downloads.
This does not use the system certificate store but instead uses a
bundled CA certificate store. The default bundled CA certificate store
certificate store may be overridden by using --cert option or by using
PIP_CERT, REQUESTS_CA_BUNDLE, or CURL_CA_BUNDLE environment variables.
In regards to the SSL issue, it depends whether you insist on SSL enforcement, if not, you may use an existing flag to ignore this by appending --trusted-host <server_name> ,in the example below: --trusted-host artifactory.
Some suggestions raised to overcome this issue are suggested here as well: pip install fails with "connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)"
Do note, prior to using artifactory as a caching/proxy server for Pypi packages, you should configure the pip.conf and .pypirc files according to the SetMeUp instructions: https://www.jfrog.com/confluence/display/JFROG/PyPI+Repositories#PyPIRepositories-ResolvingfromArtifactoryUsingpip
For example:
pip.conf:
[global]
index-url = http://artifactory:8081/artifactory/api/pypi/pypi-virtual/simple
.pypirc:
[distutils]
index-servers =
virtual
local
remote
devpi
[virtual]
repository: http://artifactory:8081/artifactory/api/pypi/pypi-virtual
username: admin
password: ***
[local]
repository: http://artifactory:8081/artifactory/api/pypi/pypi-local
username: admin
password: ***
[remote]
repository: http://artifactory:8081/artifactory/api/pypi/pypi-org-remote
username: admin
password: ***
[devpi]
repository: http://localhost:3141/admin/dev
username: admin
password: ***

How to disable SSL certificate verification in Twine?

When I tried to push a new package to my company's artifactory :
python -m twine upload --repository-url https:///artifactory/api/pypi/gdp_pypi dist/*
I got an error on SSL.
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:841)
Any way to disable the SSL verification?

I just tried the solution by another post:
Disable Python requests SSL validation for an imported module
Simply setting environment variable CURL_CA_BUNDLE to an empty string did the job!
$ export CURL_CA_BUNDLE=""

Client unable to verify SSL certificate even when verification is disabled

I am disabling certificate verification using the following command:
getsessionkey = requests.post(AUTH_URL, headers=headers, data=data, verify=False)
I use above command in a script that calls an API to retrieve data from it. When I run my script, I have the following error:
SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727)
I understand from that error that the script could not verify the distant's API certificate. But I am explicitely disabling the verification, I am at loss as to how to interpret this.
If the problem cannot be resolved, how can I add my certificate to the certificate truststore?
P.S: Disabling certificate verification has always worked for me so far. I started to have the error above since a recent security update.
Thanks for helping.

How to avoid certificate verification issues?

I'm trying to push to a Bitbucket Mercurial repository but I keep hitting the same problem:
ruihpacheco at descartes in ~/chi/aaa/cpp/ninja (default)
$ hg push
pushing to https://rhpacheco#bitbucket.org/rhpacheco/databaseclient
abort: error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)
I've already tried what's on the website but it doesn't seem to work. Any suggestions?

With this in your .hgrc file:
[hostsecurity]
bitbucket.org:fingerprints = sha1:3F:D3:C5:17:23:3C:CD:F5:2D:17:76:06:93:7E:EE:97:42:21:14:AA
Do you get the same error?