#195 Pymol gives error on fetching from any https site when build with python 2.7.14

[Carlos Familia]

Pymol gives error on getting data from any https site. To reproduce you can try "fetch 89594, type=cid" or try to install a plugin from the internet, ​https://raw.githubusercontent.com/ADplugin/ADplugin/master/autodock.py for instance.

For the structure fetch it says it cannot load the structure.
Fot the plugin download it gives the following error:

Plugin-Error: <urlopen error [SSL:CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)>

I have been looking around in the pymol code and made some changes, that roll back for the previous behaviour, however it does not check the certificates. I am not sure if you want to implement it like this or a more safee approach. Nevertheless the code needing changes is here identified:

--- modules/pymol/internal.py   2017-03-09 00:40:30.000000000 +0000
+++ internal.py 2017-10-23 17:28:36.000000000 +0100
@@ -3,6 +3,7 @@

 import os
 import sys
+import ssl
 cmd = sys.modules["pymol.cmd"]
 from pymol import _cmd
 import threading
@@ -316,9 +317,10 @@
         if not is_string(finfo):
             handle = finfo
         elif '://' in finfo:
+            context = ssl._create_unverified_context()
             req = urllib2.Request(finfo,
                     headers={'User-Agent': 'PyMOL/' + _self.get_version()[0]})
-            handle = urllib2.urlopen(req)
+            handle = urllib2.urlopen(req, context=context)
         else:
             handle = open(finfo, 'rb')
         contents = handle.read()

--- modules/pymol/plugins/repository.py 2017-04-26 14:08:45.000000000 +0100
+++ plugins/repository.py   2017-10-23 17:32:35.000000000 +0100
@@ -11,6 +11,7 @@
 from __future__ import print_function

 import sys
+import ssl
 if sys.version_info[0] > 2:
     import urllib.request as urllib2
     from urllib.parse import urlparse
@@ -31,9 +32,9 @@
     not change that.
     '''
     from . import pref_get

+    context = ssl._create_unverified_context()
     timeout = pref_get('network_timeout', 10.0)
-    return urllib2.urlopen(url, timeout=timeout)
+    return urllib2.urlopen(url, timeout=timeout, context=context)

 def urlreadstr(url, encoding='iso-8859-1'):

[Thomas Holder]

I've seen this error when ssl libraries were not installed correctly. I can't reproduce this on my current test systems (e.g. Arch Linux with Python 2.7.14). What operating system do you use? Any proxy or firewall in use?

Without patching, does fetching work after pasting this into the PyMOL command line?

import ssl
ssl._https_verify_certificates(enable=False)

Or by exporting PYTHONHTTPSVERIFY=0 from the environment befor launching PyMOL?

PYTHONHTTPSVERIFY=0 pymol

[Carlos Familia]

MacOS High Sierra with Python 2.7.14 installed via MacPorts

[Carlos Familia]

I've run the second command on the console and it worked (on the non patched pymol), however i couldn't test the first command as after the first command was run it always worked, even after restarting the console, restarting the computer and reinstalling pymol.

[Thomas Holder]

Thanks for testing. Note that fetch caches the downloaded file in fetch_path (current directory by default) https://pymolwiki.org/index.php/Fetch_Path

Using load with an https:// URL is a good alternative test (no caching):

load https://files.rcsb.org/download/1UBQ.pdb

Also works for me on MacOS Sierra (10.12) with MacPorts.