SSL certificate error prints traceback despite being caught.

[synchronizing]

Long story short

As the title suggests, in some specific cases ssl prints error traceback when utilizing ClientSession().get(), despite explicit catch with try/except.

Expected behaviour

If an error is caught neither error nor traceback should be shown.

Actual behaviour

Despite being caught ssl error traceback still prints.

Steps to reproduce

import asyncio
import aiohttp

async def test():
    try:
        async with aiohttp.ClientSession() as session:
            async with session.get(
                url="https://incomplete-chain.badssl.com/"
            ) as response:
                resp = await response.read()

        print("Got response. Length of {}".format(len(resp)))
    except:
        print("Error thrown!")

asyncio.run(test())

Outputs:

SSL handshake failed on verifying the certificate
protocol: <asyncio.sslproto.SSLProtocol object at 0x10de81668>
transport: <_SelectorSocketTransport fd=9 read=polling write=<idle, bufsize=0>>
Traceback (most recent call last):
  File "/Users/felipe/.pyenv/versions/3.7.2/lib/python3.7/asyncio/sslproto.py", line 625, in _on_handshake_complete
    raise handshake_exc
  File "/Users/felipe/.pyenv/versions/3.7.2/lib/python3.7/asyncio/sslproto.py", line 189, in feed_ssldata
    self._sslobj.do_handshake()
  File "/Users/felipe/.pyenv/versions/3.7.2/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)
SSL error in data received
protocol: <asyncio.sslproto.SSLProtocol object at 0x10de81668>
transport: <_SelectorSocketTransport closing fd=9 read=idle write=<idle, bufsize=0>>
Traceback (most recent call last):
  File "/Users/felipe/.pyenv/versions/3.7.2/lib/python3.7/asyncio/sslproto.py", line 526, in data_received
    ssldata, appdata = self._sslpipe.feed_ssldata(data)
  File "/Users/felipe/.pyenv/versions/3.7.2/lib/python3.7/asyncio/sslproto.py", line 189, in feed_ssldata
    self._sslobj.do_handshake()
  File "/Users/felipe/.pyenv/versions/3.7.2/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)
Error thrown!

Your environment

Python 3.7.2
aiohttp 3.5.4
OpenSSL 1.1.1c 

Side Note

Some SSL certificates still get past the aiohttp SSL checks despite being invalid and caught by Chrome (I understand this has to do with ssl and not aiohttp, but just a sidenote.)

• https://revoked.badssl.com/
• https://pinning-test.badssl.com/

[synchronizing]

Unfortunately, I can't seem to be able to build aiohttp to attempt some fixes on my end for PR. My best bet on the issue is the following lines:

aiohttp/aiohttp/client_exceptions.py

Lines 224 to 225 in 7a324fd

	cert_errors = (ssl.CertificateError,)
	cert_errors_bases = (ClientSSLError, ssl.CertificateError,)

Which should also include ssl.SSLCertVerificationError, which was introduced in ssl version 3.7. It is also worth mentioning that ssl.SSLCertVerificationError is now the officially thrown exception for ssl.CertificateError, according to their docs here.

[Harmon758]

Duplicate of #3675.
As those docs say, ssl.CertificateError is an alias for ssl.SSLCertVerificationError.
This is an issue with asyncio, rather than aiohttp, and should be fixed in Python 3.7.4 and 3.8.
See https://bugs.python.org/issue37035, python/cpython#13548, #3535, and https://stackoverflow.com/q/52012488/6191255.

[synchronizing]

Duplicate of #3675.
As those docs say, ssl.CertificateError is an alias for ssl.SSLCertVerificationError.
This is an issue with asyncio, rather than aiohttp, and should be fixed in Python 3.7.4 and 3.8.
See https://bugs.python.org/issue37035, python/cpython#13548, #3535, and https://stackoverflow.com/q/52012488/6191255.

Awesome, thank you for clarifying! Closing issue.

[dejurin]

SSLCertVerificationError problem is not solved.
Python 3.10.5