Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Iris and Wine dataset download fails with Bad Certificate #39

Closed
jakesgordon opened this issue Jul 23, 2023 · 3 comments · Fixed by #40
Closed

Iris and Wine dataset download fails with Bad Certificate #39

jakesgordon opened this issue Jul 23, 2023 · 3 comments · Fixed by #40

Comments

@jakesgordon
Copy link

I don't know if there's much you can do about it but trying to download the Iris or Wine datasets fails with a bad certificate error. All the other datasets download correctly.
I think there might actually be an issue with the certificate at archive.ics.uci.edu analysis here

I created a clean empty elixir project with scidata as a single dependency and got the following errors:

iex(3)> Scidata.Iris.download           

15:06:37.693 [notice] TLS :client: In state :wait_cert_cr at ssl_handshake.erl:2126 generated CLIENT ALERT: Fatal - Bad Certificate

** (RuntimeError) {:failed_connect, [{:to_address, {~c"archive.ics.uci.edu", 443}}, {:inet, [:inet], {:tls_alert, {:bad_certificate, ~c"TLS client: In state wait_cert_cr at ssl_handshake.erl:2126 generated CLIENT ALERT: Fatal - Bad Certificate\n"}}}]}
    (scidata 0.1.10) lib/scidata/utils.ex:54: Scidata.Utils.run!/1
    (scidata 0.1.10) lib/scidata/utils.ex:12: Scidata.Utils.get!/2
    (scidata 0.1.10) lib/scidata/iris.ex:50: Scidata.Iris.download/1
    iex:3: (file)
iex(3)> Scidata.Wine.download

15:08:45.423 [notice] TLS :client: In state :wait_cert_cr at ssl_handshake.erl:2126 generated CLIENT ALERT: Fatal - Bad Certificate

** (RuntimeError) {:failed_connect, [{:to_address, {~c"archive.ics.uci.edu", 443}}, {:inet, [:inet], {:tls_alert, {:bad_certificate, ~c"TLS client: In state wait_cert_cr at ssl_handshake.erl:2126 generated CLIENT ALERT: Fatal - Bad Certificate\n"}}}]}
    (scidata 0.1.10) lib/scidata/utils.ex:54: Scidata.Utils.run!/1
    (scidata 0.1.10) lib/scidata/utils.ex:12: Scidata.Utils.get!/2
    (scidata 0.1.10) lib/scidata/wine.ex:59: Scidata.Wine.download/1
    iex:3: (file)
@wojtekmach
Copy link
Contributor

Yeah it might be specific to Erlang SSL implementation. I was able to reproduce this:

iex> :httpc.request("https://archive.ics.uci.edu/static/public/53/iris.zip")

08:39:49.591 [notice] TLS :client: In state :wait_cert_cr at ssl_handshake.erl:2126 generated CLIENT ALERT: Fatal - Bad Certificate

{:error,
 {:failed_connect,
  [
    {:to_address, {~c"archive.ics.uci.edu", 443}},
    {:inet, [:inet],
     {:tls_alert,
      {:bad_certificate,
       ~c"TLS client: In state wait_cert_cr at ssl_handshake.erl:2126 generated CLIENT ALERT: Fatal - Bad Certificate\n"}}}
  ]}}

or:

iex> :httpc.request(:get, {"https://archive.ics.uci.edu/static/public/53/iris.zip", []}, [], [])

08:38:38.619 [notice] TLS :client: In state :wait_cert_cr at ssl_handshake.erl:2126 generated CLIENT ALERT: Fatal - Bad Certificate

{:error,
 {:failed_connect,
  [
    {:to_address, {~c"archive.ics.uci.edu", 443}},
    {:inet, [:inet],
     {:tls_alert,
      {:bad_certificate,
       ~c"TLS client: In state wait_cert_cr at ssl_handshake.erl:2126 generated CLIENT ALERT: Fatal - Bad Certificate\n"}}}
  ]}}

disabling peer verification fixes it:

> :httpc.request(:get, {"https://archive.ics.uci.edu/static/public/53/iris.zip", []}, [ssl: [verify: :verify_none]], [])
{:ok,
 {{~c"HTTP/1.1", 200, ~c"OK"},
  [
    {~c"connection", ~c"keep-alive"},
    {~c"date", ~c"Mon, 24 Jul 2023 06:40:35 GMT"},
    {~c"server", ~c"nginx/1.25.1"},
    {~c"content-length", ~c"3738"}
  ],
  [80, 75, 3, 4, 20, 0, 8, 0, 8, 0, 140, 178, 182, 86, 0, 0, 0, 0, 0, 0, 0, 0,
   0, 0, 0, 0, 5, 0, 0, 0, 73, 110, 100, 101, 120, 243, 204, 75, 73, 173, 80,
   200, 79, 83, 200, ...]}}

but it's not very satisfactory.

@t-rutten
Copy link
Contributor

Thanks for flagging this problem and apologies for the delayed response.

I'll push a PR with a temporary workaround that utilizes disabled peer verification per your helpful suggestion, @wojtekmach. I agree it's not very satisfying but it's a valid patch for now.

@t-rutten t-rutten mentioned this issue Aug 10, 2023
Merged
@jakesgordon
Copy link
Author

Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Patch wine & iris dataset requests elixir-nx/scidata
3 participants
@wojtekmach @jakesgordon @t-rutten