Invalid and/or missing SSL certificate when using Google App Engine

64
votes

UPDATE: Please, if anyone can help: Google is waiting for inputs and examples of this problem on their bug tracking tool. If you have reproducible steps for this issue, please share them on: https://code.google.com/p/googleappengine/issues/detail?id=10937

I'm trying to fetch data from the StackExchange API using a Google App Engine backend. As you may know, some of StackExchange's APIs are site-specific, requiring developers to run queries against every site the user is registered in.

So, here's my backend code for fetching timeline data from these sites. The feed_info_site variable holds the StackExchange site name (such as 'security', 'serverfault', etc.).

    data = json.loads(urllib.urlopen("%sme/timeline?%s" % 
        (self.API_BASE_URL, urllib.urlencode({"pagesize": 100, 
        "fromdate": se_since_timestamp, "filter": "!9WWBR
        (nmw", "site": feed_info_site, "access_token": 
    decrypt(self.API_ACCESS_TOKEN_SECRET, self.access_token), "key": 
self.API_APP_KEY}))).read())
for item in data['items']:
    ... # code for parsing timeline items

When running this query on all sites except Stack Overflow, everything works OK. What's weird is, when the feed_info_site variable is set to 'stackoverflow', I get the following error from Google App Engine:

    HTTPException: Invalid and/or missing SSL certificate for URL: 
https://api.stackexchange.com/2.2/me/timeline?
filter=%219WWBR%28nmw&access_token=
    <ACCESS_TOKEN_REMOVED>&fromdate=1&pagesize=100&key=
<API_KEY_REMOVED>&site=stackoverflow

Of course, if I run the same query in Safari, I get the JSON results I'm expecting from the API. So the problem really lies in Google's URLfetch service. I found several topics here on Stack Overflow related to similar HTTPS/SSL exceptions, but no accepted answer solved my problems. I tried removing cacerts.txt files. I also tried making the call with validate_certificate=False, with no success.

I think the problem is not strictly related to HTTPS/SSL. If so, how would you explain that changing a single API parameter would make the request to fail?

2
google-app-enginesslurlfetch
Might have been fixed by Google since v1.9.7 but I have to check for it. code.google.com/p/googleappengine/issues/detail?id=10937Romain
I am having a very similar problem, but when visiting browserid.org/verify Anyone who has feedback, it'd be much appreciated! It'd be great to know how to do this without disabling SSL certificates.John Zeller
Well my particular problem was solved by replacing browserid.org/verify with verifier.login.persona.org/verifyJohn Zeller
Wondering if you already looked for anything in the response headers.bhantol
Are you still using urllib.open directly or the urlfetch.fetch API? I have experienced situations where urlfetch must have done some extra magic underneath the covers because it worked and urllib didn't.dlebech

2 Answers

1
votes
  1. Wait for the next update to the app engine (scheduled one soon) then update.
  2. Replace browserid.org/verify with another service (verifier.loogin.persona.org/verify is a good service hosted by Mozilla what could be used)
  3. Make sure cacerts.txt doesnt exist (looks like you have sorted but just in-case :-) )
  4. Attempt again Good luck! -Brendan
0
votes

I was facing the same error, google has updated the app engine now, error resolved, please check the updated docs.