Skip to content

Commit 5af3157

Browse files
artemlosartemlos
committed
Update README.md
1 parent bf9d5ea commit 5af3157

File tree

1 file changed

+28
-0
lines changed

1 file changed

+28
-0
lines changed

README.md

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -239,3 +239,31 @@ This error occurs when the timestamp for the expiration date received from the s
239239
While Cryptolens requires a period (defaulted to 30) during the creation of a new license, this does not mark the license as time-limited. You can learn more about it [here](https://help.cryptolens.io/web-interface/keys-that-dont-expire). In essence, a license is treated as time-limited by either enforcing this in the Python code (e.g. if F1=true, the license is time-limited and so we check the expiration date against the current date, to see that it is still valid) or on the server side. On the server side, you can, for example, set up a feature that will automatically block expired licenses. You can read more about it [here](https://help.cryptolens.io/faq/index#blocking-expired-licenses).
240240

241241
In sum, to solve this issue, you can either follow one of the methods described above or set the period to a smaller value.
242+
243+
#### Could not contact the server. Error message: <urlopen error [SSL: CERTIFICATE_VERIFY _FAILED] certificate verify failed: unable to get local issuer certificate (ssl.c:1125)>
244+
245+
This error is thrown when the urllib library (a built in library in Python that we use to send HTTP requests) is unable to locate the CA files on the client machine. From our experience, this error occurs exclusively on Macs where the Python SDK is incorrectly installed.
246+
247+
To solve this temporarily for **testing purposes**, you could temporary disable SSL verifications as described in [here](SSL-verification), however, we do not recommend this in a production scenario. Instead, a better solution is to fix the root cause why the Python environment cannot find the CA files.
248+
249+
This can be fixed in at least two ways:
250+
251+
##### Using certifi
252+
Before calling any of the API methods (e.g. Key.activate), you can add the following code:
253+
254+
```python
255+
import certifi
256+
os.environ['SSL_CERT_FILE'] = certifi.where()
257+
```
258+
259+
Please note that this requires `certifi` package to be installed.
260+
261+
##### Running a script in the Python environment
262+
An alternative is to run script in their environment that should fix the issue. You can read more about it in this thread: https://github.com/Cryptolens/cryptolens-python/issues/65
263+
264+
##### Summary
265+
The key takeaway is that it is better to address the issue with missing CA on the user side, since this issue will typically be user-specific. If that is not possible, you can use the code above to manually set the path to CA files. Although we have mentioned turning off SSL verification temporarily, it should not be used in production. `Key.activate` takes care of signature verification internally, but some other methods do not.
266+
267+
268+
269+

0 commit comments

Comments
 (0)