[mythtv-users] Important: Changes to Metadata lookup in March 2021
Jay Foster
jayf0ster at roadrunner.com
Sun Feb 28 19:19:02 UTC 2021
On 2/28/21 12:13 AM, Stephen Worthington wrote:
> On Sat, 27 Feb 2021 18:26:53 -0800, you wrote:
>
>> No joy here. I updated to a recent ca-certificates package, but the
>> issue persists. I can access the https://tvmaze.com website using
>> firefox with no problem and view the site certificate which has a common
>> name of tvmaze.com. However, for some reason, the tvmaze.py script is
>> trying to use tvlive.tvmaze.info instead, which does not match.
>> Jay
> Firefox uses its own internal certificate store, not the system wide
> one.
> _______________________________________________
> mythtv-users mailing list
> mythtv-users at mythtv.org
> http://lists.mythtv.org/mailman/listinfo/mythtv-users
> http://wiki.mythtv.org/Mailing_List_etiquette
> MythTV Forums: https://forum.mythtv.org
I'm not so sure this is a CA certificate issue. Smells more like a
wrong URL (hostname) issue. I can use "wget https://api.tvmaze.com",
which works just fine. I think this is an HTTPS SNI issue where the
incorrect hostname is not being presented to the server resulting in the
certificate CN mismatch (urllib3 issue).
jay at mythbox:~$ /usr/share/mythtv/metadata/Television/tvmaze.py -l en -a
US -M Monk
/usr/local/lib/python2.7/dist-packages/urllib3/util/ssl_.py:339:
SNIMissingWarning: An HTTPS request has been made, but the SNI (Subject
Name Indication) extension to TLS is not available on this platform.
This may cause the server to present an incorrect TLS certificate, which
can cause validation failures. You can upgrade to a newer version of
Python to solve this. For more information, see
https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
SNIMissingWarning
/usr/local/lib/python2.7/dist-packages/urllib3/util/ssl_.py:137:
InsecurePlatformWarning: A true SSLContext object is not available. This
prevents urllib3 from configuring SSL appropriately and may cause
certain SSL connections to fail. You can upgrade to a newer version of
Python to solve this. For more information, see
https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
InsecurePlatformWarning
ERROR: <class 'requests.exceptions.SSLError'> :
HTTPSConnectionPool(host='api.tvmaze.com', port=443): Max retries
exceeded with url: /search/shows?q=Monk (Caused by
SSLError(CertificateError("hostname 'api.tvmaze.com' doesn't match
'tvlive.tvmaze.info'",),))
jay at mythbox:~$
Back in September, 2017, I previously updated the metadata bindings to
support the TVDB API v2 (https://www.mythtv.org/wiki/TheTVDB_API_v2). As
part of this, I updated/installed the following packages from Ubuntu
xenial (16.04):
python-future_0.15.2-1_all.deb
python-requests-cache_0.4.10-1_all.deb
python-requests_2.9.1-3_all.deb
python-urllib3_1.13.1-2_all.deb (this package actually installs version
1.22).
Are these versions adequate for the new tvmaze bindings? I am
suspicious of something wrong with urllib3 or requests. I also have two
versions of urllib3 installed (one in /usr/lib and one in
/usr/local/lib). The one in /usr/local/lib was installed for the TVDB
API v2 issue and is the one being used by tvmaze.py (somehow).
I upgraded these packages (in /usr/local/lib) using "pip install
--upgrade <package>" for urllib3, chardet, requests, requests-cache,
python-dateutil, and future. Each was successful, yet I get the same
warnings and error with tvmaze.py. Has anyone gotten tvmaze.py to work
with 0.28 or older? This is on Ubuntu trusty (14.04).
Jay
More information about the mythtv-users
mailing list