Comments (22)
Is it reproducible? I've just tried, and it downloads OK from here.
from nbconvert.
@rsdenijs when did you do this? It's possible the server was unavailable for a bit. Does it work now?
from nbconvert.
I tried just before creating the issue.
I just tried it on a different computer and it also happens.
Steps that reproduce it for me:
Create a new virtualenv
pip install --upgrade pip setuptools
Clone jupyter noteobook
pip install -r requirements -e .
All goes fine until downloading the aforementioned css file.
from nbconvert.
I can see the CDN w/o problems... and I could install it successfully...
from nbconvert.
@rsdenijs what happens when you visit that URL with a browser, or try to download the file with curl/wget?
from nbconvert.
@dongweiming reported the same error. I'm not sure what the common factor is. It looks like @rsdenijs is on Linux (going by the paths in the traceback), while @dongweiming appears to be on a Mac.
from nbconvert.
And it installs correctly for me on Linux, FreeBSD, and OS X, on various VMs, networks, and cloud services. @rsdenijs @dongweiming what OS/distro version and Python version, and how did you install Python? I'm guessing it's something wrong with the Python's linked SSL/TLS support on the client.
It may be this bug in OpenSSL on the client side. Since it's Cloudflare doing the SSL, we don't have control over the server-side piece, I think.
@rgbkrk ideas?
from nbconvert.
@minrk @takluyver yestoday i once install successfully. but later never worked.
I use OS X 10.8.5.
python -c "import IPython; print(IPython.sys_info())"
{'commit_hash': u'14c1fae',
'commit_source': 'repository',
'default_encoding': 'UTF-8',
'ipython_path': '/Users/dongweiming/.virtualenvs/jupyter_notebook/src/ipython/IPython',
'ipython_version': '4.0.0-dev',
'os_name': 'posix',
'platform': 'Darwin-13.4.0-x86_64-i386-64bit',
'sys_executable': '/Users/dongweiming/.virtualenvs/jupyter_notebook/bin/python',
'sys_platform': 'darwin',
'sys_version': '2.7.5 (default, Mar 9 2014, 22:15:05) \n[GCC 4.2.1 Compatible Apple LLVM 5.0 (clang-500.0.68)]'}
from nbconvert.
If I had to install python I just installed python-dev with the package manager.
Wget and the browser can fetch the file with no problems
Sys info:
python -c "import IPython; print(IPython.sys_info())"
{'commit_hash': u'14c1fae',
'commit_source': 'repository',
'default_encoding': 'UTF-8',
'ipython_path': '/home/xxx/.virtualenvs/jupyter-dev/src/ipython/IPython',
'ipython_version': '4.0.0-dev',
'os_name': 'posix',
'platform': 'Linux-3.13.0-34-generic-x86_64-with-Ubuntu-14.04-trusty',
'sys_executable': '/home/xxx/.virtualenvs/jupyter-dev/bin/python',
'sys_platform': 'linux2',
'sys_version': '2.7.6 (default, Mar 22 2014, 22:59:56) \n[GCC 4.8.2]'}
@minrk I will give python 2.7.9 a shot, as according to the link you posted it uses tls1.2
from nbconvert.
Yep, it did the trick.
It seems Python 2.7.9 is required.
from nbconvert.
Interesting. I'm not surprised that 2.7.9 is up to date with SSL/TLS as those were the key features of the "bugfix" release of Python 2.7.9:
- The entirety of Python 3.4's ssl module has been backported for Python 2.7.9. See PEP 466 for justification.
- HTTPS certificate validation using the system's certificate store is now enabled by default. See PEP 476 for details.
- SSLv3 has been disabled by default in httplib and its reverse dependencies due to the POODLE attack.
I'm a bit surprised that CloudFlare doesn't allow a downgrade to less effective settings, but forcing this makes sure people upgrade.
from nbconvert.
This error reproduce can like this:
openssl s_client -connect cdn.jupyter.org:443
CONNECTED(00000003)
53947:error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error:/SourceCache/OpenSSL098/OpenSSL098-52.8.1/src/ssl/s23_clnt.c:593:
from nbconvert.
@dongweiming yup, it's a problem in that version of openssl. I'm not sure what, if anything, we should do about it. This doesn't affect any regular installs once nbconvert gets a release, only people trying to work from master. And even then, only on outdated versions.
I'm trying to find a workaround. Some suggest upgrading pyopenssl and urllib3 and using requests, but that doesn't seem to help as far as I can tell.
from nbconvert.
That must be the 0.9.8 series of OpenSSL. It works for me on 1.0.2 and I can reproduce the issue with 0.9.8.
10:46:52 rgbkrk@puter ~$ /usr/local/opt/openssl/bin/openssl version
OpenSSL 1.0.2a 19 Mar 2015
10:47:17 rgbkrk@puter ~$ /usr/bin/openssl version
OpenSSL 0.9.8zd 8 Jan 2015
10:47:32 rgbkrk@puter ~$ /usr/local/opt/openssl/bin/openssl s_client -connect cdn.jupyter.org:443
CONNECTED(00000003)
140735283876704:error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error:s23_clnt.c:769:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 348 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
---
10:47:49 rgbkrk@puter ~$ /usr/bin/openssl s_client -connect cdn.jupyter.org:443
CONNECTED(00000003)
80533:error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error:/SourceCache/OpenSSL098/OpenSSL098-52.8.3/src/ssl/s23_clnt.c:593:
from nbconvert.
@rgbkrk is that a success on 1.0.2?
from nbconvert.
Success on 1.0.2, yes. Well I'm daft. 140735283876704:error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error:s23_clnt.c:769:
still shows.
from nbconvert.
Finally. Figured out what else needed to be passed to OpenSSL here. This is operating on the CloudFlare CDN, which uses SNI. Along with 1.0.2, you'll need to pass the server name to use openssl s_client
:
$ /usr/local/opt/openssl/bin/openssl s_client -servername cdn.jupyter.org -connect cdn.jupyter.org:443
CONNECTED(00000003)
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO ECC Certification Authority
verify error:num=20:unable to get local issuer certificate
---
Certificate chain
0 s:/OU=Domain Control Validated/OU=PositiveSSL Multi-Domain/CN=sni69237.cloudflaressl.com
i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO ECC Domain Validation Secure Server CA 2
1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO ECC Domain Validation Secure Server CA 2
i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO ECC Certification Authority
2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO ECC Certification Authority
i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFgzCCBSqgAwIBAgIQdtNljzNCrw4U0Qv9skusczAKBggqhkjOPQQDAjCBkjEL
MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE
...
ADBEAiAfgLIwGZhjlQSS1UwXocHl9MNdOICCYy6SCq8qhUQRxgIgWRYeWYBzo4eN
+e7sCZ/APahSXXTxP4FNkcReOiXRuWY=
-----END CERTIFICATE-----
subject=/OU=Domain Control Validated/OU=PositiveSSL Multi-Domain/CN=sni69237.cloudflaressl.com
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO ECC Domain Validation Secure Server CA 2
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3838 bytes and written 498 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-ECDSA-AES128-GCM-SHA256
Server public key is 256 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-ECDSA-AES128-GCM-SHA256
Session-ID: 0F60B1AD3AED89133EB4E1A589F045F618B1740C01265CEFB191535408EFA65F
Session-ID-ctx:
Master-Key: 2FE2078E5E56CBAA13E914224E9F23CD79055EAC8AA1625C86B6A113EAC3D3522E83D82230C81C7EBDCA55EA22175EF3
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 64800 (seconds)
TLS session ticket:
0000 - bb 71 2e 53 18 6e 71 f4-48 f9 9f 94 75 ea fb 82 .q.S.nq.H...u...
0010 - 9a 18 a7 07 4a 5e 5e 41-2c d7 c3 6a fb 72 af 26 ....J^^A,..j.r.&
...
00a0 - 52 48 79 33 54 77 c4 28-4c 3b bb 49 b4 b1 67 4d RHy3Tw.(L;.I..gM
00b0 - 0e 0c c1 39 4b 44 25 a3-c1 02 d6 5a 25 2e d1 80 ...9KD%....Z%...
Start Time: 1431924721
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
(output trimmed)
from nbconvert.
i had use brew"s openssl. uninstall pyopenssl and it's requirements. but still fail:
$/usr/local/opt/openssl/bin/openssl version
OpenSSL 1.0.2a 19 Mar 2015
$env ARCHFLAGS="-arch x86_64" LDFLAGS="-L/usr/local/opt/openssl/lib" CFLAGS="-I/usr/local/opt/openssl/include" pip install pyopenssl
from nbconvert.
How about use 'http://' instead of 'https://'?
from nbconvert.
I am using this python script for install jupyter notebook:
#! /usr/bin/env python2
# -*- coding: utf-8 -*-
"""Ubuntu 14.04.2 LTS python scipt
Install jupyter notebook 4
"""
from fabric.api import local
local("sudo apt-get install build-essential nodejs-legacy npm python-dev")
local("sudo pip install -U setuptools pip")
local("git clone https://github.com/jupyter/notebook.git")
try:
local("cd notebook; sudo pip install -r requirements.txt -e .")
except:
# Fix openssl error
local("cd notebook/src/nbconvert/nbconvert/resources; sudo wget "
"https://cdn.jupyter.org/notebook/4.0.0-dev/style/style.min.css")
local("cd notebook; sudo pip install -r requirements.txt -e .")
from nbconvert.
I was facing the issue installing the jupyter notebook, I used @korniichuk script and it works like a charm! Thanks! @korniichuk
from nbconvert.
Thanks @korniichuk it worked!
from nbconvert.
Related Issues (20)
- mermaid only renders after pressing "F5" on reveal slides (including semi fix...) HOT 2
- Unable to convert notebook to Markdown ("ModuleNotFoundError"; macOS)
- execute a notebook without a file extension, the notebook_name will lose the last character
- Image Size in PDF
- Implement mermaid rendering with `--to pdf`
- Enable Scrolling for Outputs not Maintained in HTML Export
- webpdf JSONDecodeError: Expecting value: line 1 column 2 (char 1)
- Compatibility with pandoc version on ReadTheDocs HOT 3
- 'state' KeyError when calling `html_exporter.from_notebook_node`
- RFE: please drop use `bleach` because it is deprecated HOT 2
- Error: `403 : Forbidden The error was: '_xsrf' argument missing from GET` on JupyterHub >= 4.1 HOT 3
- problem with --to html and --to pdf
- Problem with WebPDF in a conda environment
- TagRemovePreprocessor.remove_cell_tags for empty tags
- X.jupy.org
- Convert error .ngscript to .html
- lxml_clean_html dependency issue in nbconvert lower version (6.5.1)
- nbconvert for python 3.9 crashing during the templateexporter.py
- Encountered problems pip installing at two different levels.
- Update mermaid to v10.9.1 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nbconvert.