Certificate issue for sample data download

muratmaga · May 4, 2021, 6:28pm

We have this on going issue with sample data not being available when we run Slicer on our Linux servers at work:

Switch to module: "SampleData" Requesting download MR-head.nrrd from https://github.com/Slicer/SlicerTestingData/releases/download/SHA256/cc211f0dfd9a05ca3841ce1141b292898b2dd2d3f08286affadf823a7e58df93 ... Download failed: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:847)>

On the same server (and in the same command line session), I can start firefox and paste the exact url and download the data. There is no http_proxy or any other variable set. The admin asked this:

“Does slicer have its own certificate store? Or does it have a flag to say which certificate store to use?”

I do not know the answer to this question. Any ideas?

jcfr · May 4, 2021, 6:52pm

We indeed generate own certificate bundle.
See Slicer/Base/QTCore/Resources/Certs at main · Slicer/Slicer · GitHub

Which version of Slicer is problematic ?

muratmaga · May 4, 2021, 7:04pm

This was with the latest stable, but as far as I know every version had the issue.

jcfr · May 4, 2021, 7:15pm

Which operating system ? Is the issue specific to macOS ?

Slicer version	Operating System	Type of build	SampleData download working
4.13.0 / r29885	Windows	Preview installer	yes
4.13.0 / r29874	Linux	Local Developer build	yes

muratmaga · May 4, 2021, 7:42pm

This is on Linux. However, the issue is specific to our Linux environment, I think.

jcfr · May 4, 2021, 7:49pm

the issue is specific to our Linux environment

It would be great to sort this out.

Few hints:

Does Slicer pick up a different version of OpenSSL ?
Is the env. variable SSL_CERT_FILE set to a valid bundle ?

github.com

Slicer/Slicer/blob/0094e9a35bd266cc8b0e677858dabce797c9928f/SuperBuild/python_configure_python_launcher.cmake#L68-L71


      
            list(APPEND PYTHONLAUNCHER_ENVVARS_BUILD
              "SSL_CERT_FILE=<APPLAUNCHER_DIR>/../../Slicer-build/${Slicer_SHARE_DIR}/Slicer.crt"
              )
          endif()

github.com

Slicer/Slicer/blob/0094e9a35bd266cc8b0e677858dabce797c9928f/SuperBuild/python_configure_python_launcher.cmake#L114-L118


      
          if(PYTHON_ENABLE_SSL)
            list(APPEND PYTHONLAUNCHER_ENVVARS_INSTALLED
              "SSL_CERT_FILE=<APPLAUNCHER_DIR>/../${Slicer_SHARE_DIR}/Slicer.crt"
              )
          endif()

muratmaga · May 4, 2021, 9:38pm

This is what I get from the command prompt prior to launching Slicer:

    amaga@pplhpc1ood01:/gpfs/home/amaga/Desktop$ ldconfig -p |grep -i ssl
    	libssl3.so (libc6,x86-64) => /lib64/libssl3.so
    	libssl.so.10 (libc6,x86-64) => /lib64/libssl.so.10
    	libssl.so (libc6,x86-64) => /lib64/libssl.so
    	libevent_openssl-2.0.so.5 (libc6,x86-64) => /lib64/libevent_openssl-2.0.so.5

setting

export SSL_CERT_FILE=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem

has no effect.

muratmaga · May 5, 2021, 6:37pm

Nor setting the SSL_CERT_FILE variable to the Slicer.crt in Slicer install directory.

Topic		Replies	Views
SSL error with the sample data module (Linux only) Support	4	698	October 16, 2019
Sample Data Download failed Support	2	208	November 10, 2023
Slicer fails to download custom sample data Development python , extensions	25	831	April 7, 2023
Error downloading Liver CT sample image Support	7	396	March 11, 2023
Sample Data Load Complete, Still Won't Appear Support	8	521	July 6, 2020

Certificate issue for sample data download

Related topics