Certificate issue for sample data download

We have this on going issue with sample data not being available when we run Slicer on our Linux servers at work:

Switch to module: "SampleData" <b>Requesting download</b> <i>MR-head.nrrd</i> from https://github.com/Slicer/SlicerTestingData/releases/download/SHA256/cc211f0dfd9a05ca3841ce1141b292898b2dd2d3f08286affadf823a7e58df93 ... <font color="red"><b> Download failed: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:847)></b></font>

On the same server (and in the same command line session), I can start firefox and paste the exact url and download the data. There is no http_proxy or any other variable set. The admin asked this:

“Does slicer have its own certificate store? Or does it have a flag to say which certificate store to use?”

I do not know the answer to this question. Any ideas?

We indeed generate own certificate bundle.
See Slicer/Base/QTCore/Resources/Certs at main · Slicer/Slicer · GitHub

Which version of Slicer is problematic ?

This was with the latest stable, but as far as I know every version had the issue.

Which operating system ? Is the issue specific to macOS ?

Slicer version Operating System Type of build SampleData download working
4.13.0 / r29885 Windows Preview installer :white_check_mark: yes
4.13.0 / r29874 Linux Local Developer build :white_check_mark: yes

This is on Linux. However, the issue is specific to our Linux environment, I think.

the issue is specific to our Linux environment

It would be great to sort this out.

Few hints:

  • Does Slicer pick up a different version of OpenSSL ?
  • Is the env. variable SSL_CERT_FILE set to a valid bundle ?

This is what I get from the command prompt prior to launching Slicer:

    amaga@pplhpc1ood01:/gpfs/home/amaga/Desktop$ ldconfig -p |grep -i ssl
    	libssl3.so (libc6,x86-64) => /lib64/libssl3.so
    	libssl.so.10 (libc6,x86-64) => /lib64/libssl.so.10
    	libssl.so (libc6,x86-64) => /lib64/libssl.so
    	libevent_openssl-2.0.so.5 (libc6,x86-64) => /lib64/libevent_openssl-2.0.so.5

setting

export SSL_CERT_FILE=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem

has no effect.

Nor setting the SSL_CERT_FILE variable to the Slicer.crt in Slicer install directory.