(2021-10-03, 02:23)Borkley Wrote: (2021-10-03, 02:17)gujal Wrote: I reckon this has got nothing to do with Microsoft or Team-Kodi
I presume this is tied to the DST Root CA X3 as used by Let's Encrypt that expired on 30th Sep 2021 (originally issued in 2000)
So the free certication used by team kodi? It's almost as if someone already said that.
Yes, updated my post above with screenshot of the certificate chains
And there is no quick fix as that other path is required for the site to work on Android < 7.1 which only trusts DST Root CA X3, Android versions <7.1 dont care about CA cert expiry and continue to work
I very much doubt even 19.2 if released will work without issues on XBOX
Code:
C:\>python
Python 3.8.10 (tags/v3.8.10:3d8993a, May 3 2021, 11:48:03) [MSC v.1928 64 bit (AMD64)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>> import urllib.request
>>> url = "https://mirrors.kodi.tv/addons/matrix/addons.xml.gz?sha256"
>>> req = urllib.request.Request(url)
>>> response = urllib.request.urlopen(req)
Traceback (most recent call last):
File "C:\Python38\lib\urllib\request.py", line 1354, in do_open
h.request(req.get_method(), req.selector, req.data, headers,
File "C:\Python38\lib\http\client.py", line 1252, in request
self._send_request(method, url, body, headers, encode_chunked)
File "C:\Python38\lib\http\client.py", line 1298, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File "C:\Python38\lib\http\client.py", line 1247, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "C:\Python38\lib\http\client.py", line 1007, in _send_output
self.send(msg)
File "C:\Python38\lib\http\client.py", line 947, in send
self.connect()
File "C:\Python38\lib\http\client.py", line 1421, in connect
self.sock = self._context.wrap_socket(self.sock,
File "C:\Python38\lib\ssl.py", line 500, in wrap_socket
return self.sslsocket_class._create(
File "C:\Python38\lib\ssl.py", line 1040, in _create
self.do_handshake()
File "C:\Python38\lib\ssl.py", line 1309, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1131)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "C:\Python38\lib\urllib\request.py", line 222, in urlopen
return opener.open(url, data, timeout)
File "C:\Python38\lib\urllib\request.py", line 525, in open
response = self._open(req, data)
File "C:\Python38\lib\urllib\request.py", line 542, in _open
result = self._call_chain(self.handle_open, protocol, protocol +
File "C:\Python38\lib\urllib\request.py", line 502, in _call_chain
result = func(*args)
File "C:\Python38\lib\urllib\request.py", line 1397, in https_open
return self.do_open(http.client.HTTPSConnection, req,
File "C:\Python38\lib\urllib\request.py", line 1357, in do_open
raise URLError(err)
urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1131)>
>>>
The same commands work correctly on the same python version on Linux for e.g
Code:
gujal@mint-vm:~$ python3
Python 3.8.10 (default, Jun 2 2021, 10:49:15)
[GCC 9.4.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import urllib.request
>>> url = "https://mirrors.kodi.tv/addons/matrix/addons.xml.gz?sha256"
>>> req = urllib.request.Request(url)
>>> response = urllib.request.urlopen(req)
>>> response.code
200
>>>