[clamav-users] cvdupdate certificate verify failed
Moyes, Steven
Steven.Moyes at transunion.com
Fri Jul 16 08:10:28 UTC 2021
Hi,
I've been trying to resolve this for a few weeks and would really appreciate any help.
A few details:
OS: RHEL7.9
ClamAV 0.103.2/26231
Connection goes through an authenticated proxy
ca-certificates-2020.2.41-70.0.el7_8.noarch is installed
Manually imported certificates from Mozilla version 05.07.2021
It does this on the first attempt
2021-07-16 08:47:56 cvdupdate-1.0.2 DEBUG Checking for a newer version of cvdupdate.
2021-07-16 08:47:57 cvdupdate-1.0.2 DEBUG cvdupdate is up-to-date: 1.0.2.
2021-07-16 08:47:57 cvdupdate-1.0.2 DEBUG Checking available versions via DNS TXT entry query of current.cvd.clamav.net
2021-07-16 08:47:57 cvdupdate-1.0.2 DEBUG Checking main.cvd for update from https://database.clamav.net/main.cvd
2021-07-16 08:47:57 cvdupdate-1.0.2 DEBUG Checking main.cvd version via DNS TXT advertisement.
2021-07-16 08:47:57 cvdupdate-1.0.2 DEBUG main.cvd version advertised by DNS: 61
2021-07-16 08:47:57 cvdupdate-1.0.2 DEBUG Downloading CDIFFs first...
2021-07-16 08:47:57 cvdupdate-1.0.2 DEBUG Checking for main-60.cdiff
2021-07-16 08:47:57 urllib3.connectionpool DEBUG Starting new HTTPS connection (1): database.clamav.net:443
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 696, in urlopen
self._prepare_proxy(conn)
File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 964, in _prepare_proxy
conn.connect()
File "/usr/local/lib/python3.6/site-packages/urllib3/connection.py", line 421, in connect
tls_in_tls=tls_in_tls,
File "/usr/local/lib/python3.6/site-packages/urllib3/util/ssl_.py", line 450, in ssl_wrap_socket
sock, context, tls_in_tls, server_hostname=server_hostname
File "/usr/local/lib/python3.6/site-packages/urllib3/util/ssl_.py", line 493, in _ssl_wrap_socket_impl
return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/lib64/python3.6/ssl.py", line 365, in wrap_socket
_context=self, _session=session)
File "/usr/lib64/python3.6/ssl.py", line 776, in __init__
self.do_handshake()
File "/usr/lib64/python3.6/ssl.py", line 1036, in do_handshake
self._sslobj.do_handshake()
File "/usr/lib64/python3.6/ssl.py", line 648, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:877)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/requests/adapters.py", line 449, in send
timeout=timeout
File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 756, in urlopen
method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]
File "/usr/local/lib/python3.6/site-packages/urllib3/util/retry.py", line 574, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='database.clamav.net', port=443): Max retries exceeded with url: /main-60.cdiff (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:877)'),))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/bin/cvd", line 11, in <module>
sys.exit(cli())
File "/usr/local/lib/python3.6/site-packages/click/core.py", line 1137, in __call__
return self.main(*args, **kwargs)
File "/usr/local/lib/python3.6/site-packages/click/core.py", line 1062, in main
rv = self.invoke(ctx)
File "/usr/local/lib/python3.6/site-packages/click/core.py", line 1668, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/usr/local/lib/python3.6/site-packages/click/core.py", line 1404, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/usr/local/lib/python3.6/site-packages/click/core.py", line 763, in invoke
return __callback(*args, **kwargs)
File "/usr/local/lib/python3.6/site-packages/click/decorators.py", line 26, in new_func
return f(get_current_context(), *args, **kwargs)
File "/usr/local/lib/python3.6/site-packages/cvdupdate/__main__.py", line 259, in update_alias
ctx.forward(db_update)
File "/usr/local/lib/python3.6/site-packages/click/core.py", line 784, in forward
return __self.invoke(__cmd, *args, **kwargs)
File "/usr/local/lib/python3.6/site-packages/click/core.py", line 763, in invoke
return __callback(*args, **kwargs)
File "/usr/local/lib/python3.6/site-packages/cvdupdate/__main__.py", line 101, in db_update
errors = m.db_update(db, debug_mode)
File "/usr/local/lib/python3.6/site-packages/cvdupdate/cvdupdate.py", line 911, in db_update
status = update(db)
File "/usr/local/lib/python3.6/site-packages/cvdupdate/cvdupdate.py", line 897, in update
return self._download_cvd(db, advertised_version)
File "/usr/local/lib/python3.6/site-packages/cvdupdate/cvdupdate.py", line 664, in _download_cvd
'User-Agent': f'CVDUPDATE/{self.version} ({self.config["uuid"]})',
File "/usr/local/lib/python3.6/site-packages/requests/api.py", line 76, in get
return request('get', url, params=params, **kwargs)
File "/usr/local/lib/python3.6/site-packages/requests/api.py", line 61, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/local/lib/python3.6/site-packages/requests/sessions.py", line 542, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python3.6/site-packages/requests/sessions.py", line 655, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python3.6/site-packages/requests/adapters.py", line 514, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='database.clamav.net', port=443): Max retries exceeded with url: /main-60.cdiff (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:877)'),))
Thanks in advance.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 476 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20210716/2d100ec1/attachment.sig>
More information about the clamav-users
mailing list