<div dir="ltr"><div><div>Hi all,<br><br></div>I think Chris' "lightbulb moment", is exactly what we want to do - use WinInet to connect to the https sites we connect to, either in response to the SSL error, or to prevent it. Note that is isn't just an issue in the FTW. We also have this issue in the SongSelect integration, and potentially also the webbibles.<br></div>I google'd a bit and behold, an example of how to do it: <a href="https://github.com/saveenr/saveenr/blob/master/Demos/python/net_wininet_httpdownload.py">https://github.com/saveenr/saveenr/blob/master/Demos/python/net_wininet_httpdownload.py</a><br><div>BTW, we should probably verify that using WinInet actually triggers a download of the certificate.<br></div><div><br></div><div>Best regards,<br></div><div>Tomas<br></div><div><br><div><div><div><div class="gmail_extra"><br><div class="gmail_quote">2017-02-18 11:28 GMT+01:00 Chris Hill <span dir="ltr"><<a href="mailto:chris@minkus.me.uk" target="_blank">chris@minkus.me.uk</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div lang="EN-GB"><div class="gmail-m_4736344401098544677WordSection1"><p class="MsoNormal"><span style="font-size:11pt;font-family:"calibri",sans-serif">I would be wary of the proposed solution to 2 – I suspect it will do different things depending on which web browser is set as default (recipe for weird bugs when people have Chrome / IE / Edge / FireFox / Opera / Lynx as their default browser).<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"calibri",sans-serif"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"calibri",sans-serif">Is there any documentation regarding the issues with Python and SSL?<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"calibri",sans-serif"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"calibri",sans-serif">If we need a call to trigger the certificate download before we do it ‘for real’, can we use WinInet or WinHTTP instead? (if necessary a small native Windows app that performs the call for us?)<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"calibri",sans-serif"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"calibri",sans-serif">*<b>lightbulb moment</b>* Can we perform the call inside the OpenLP installer?<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"calibri",sans-serif"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"calibri",sans-serif">Just some thoughts.<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"calibri",sans-serif">-- <u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"calibri",sans-serif"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"calibri",sans-serif">'Therefore, if anyone is in Christ, he is a new creation;<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"calibri",sans-serif">the old has gone, the new has come!' - 2 Corinthians 5v17<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"calibri",sans-serif"><a href="mailto:chris@minkus.me.uk" target="_blank"><span style="color:rgb(5,99,193)">chris@minkus.me.uk</span></a><u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"calibri",sans-serif"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"calibri",sans-serif"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"calibri",sans-serif"><u></u> <u></u></span></p><div style="border-width:medium medium medium 1.5pt;border-style:none none none solid;border-color:-moz-use-text-color -moz-use-text-color -moz-use-text-color blue;padding:0cm 0cm 0cm 4pt"><div><div style="border-width:1pt medium medium;border-style:solid none none;border-color:rgb(225,225,225) -moz-use-text-color -moz-use-text-color;padding:3pt 0cm 0cm"><p class="MsoNormal"><b><span style="font-size:11pt;font-family:"calibri",sans-serif" lang="EN-US">From:</span></b><span style="font-size:11pt;font-family:"calibri",sans-serif" lang="EN-US"> openlp-dev [mailto:<a href="mailto:openlp-dev-bounces@openlp.io" target="_blank">openlp-dev-bounces@<wbr>openlp.io</a>] <b>On Behalf Of </b>Tim and Alison Bentley<br><b>Sent:</b> 18 February 2017 07:21<br><b>To:</b> OpenLP Developers <<a href="mailto:openlp-dev@openlp.io" target="_blank">openlp-dev@openlp.io</a>><br><b>Subject:</b> Re: [openlp-dev] Windows and SSL<u></u><u></u></span></p></div></div><div><div class="gmail-h5"><p class="MsoNormal"><u></u> <u></u></p><div><p class="MsoNormal">My 2 Rand!<u></u><u></u></p><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">1) will be an endless set of changes trying to keep track of the root certificates and my give us different problems <u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">2) it OpenLP has not run on a machine on windows issue a command to get the certificates. As you say it can be done in the background but could be done as a step in the FTW so it is obvious what is being done.<u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><pre style="background:rgb(239,240,241) none repeat scroll 0% 0%;max-height:600px;overflow:auto"><span class="gmail-m_4736344401098544677gmail-pln"><span style="font-family:consolas;color:rgb(48,51,54);border-width:1pt;border-style:none;border-color:windowtext;padding:0cm">process </span></span><span class="gmail-m_4736344401098544677gmail-pun"><span style="font-family:consolas;color:rgb(48,51,54);border-width:1pt;border-style:none;border-color:windowtext;padding:0cm">=</span></span><span class="gmail-m_4736344401098544677gmail-pln"><span style="font-family:consolas;color:rgb(48,51,54);border-width:1pt;border-style:none;border-color:windowtext;padding:0cm"> subprocess</span></span><span class="gmail-m_4736344401098544677gmail-pun"><span style="font-family:consolas;color:rgb(48,51,54);border-width:1pt;border-style:none;border-color:windowtext;padding:0cm">.</span></span><span class="gmail-m_4736344401098544677gmail-typ"><span style="font-family:consolas;color:rgb(43,145,175);border-width:1pt;border-style:none;border-color:windowtext;padding:0cm">Popen</span></span><span class="gmail-m_4736344401098544677gmail-pun"><span style="font-family:consolas;color:rgb(48,51,54);border-width:1pt;border-style:none;border-color:windowtext;padding:0cm">(</span></span><span class="gmail-m_4736344401098544677gmail-pln"><span style="font-family:consolas;color:rgb(48,51,54);border-width:1pt;border-style:none;border-color:windowtext;padding:0cm">"explore.exe <a href="https://get.openlp.io" target="_blank">https://get.openlp.io</a>"</span></span><span class="gmail-m_4736344401098544677gmail-pun"><span style="font-family:consolas;color:rgb(48,51,54);border-width:1pt;border-style:none;border-color:windowtext;padding:0cm">,</span></span><span class="gmail-m_4736344401098544677gmail-pln"><span style="font-family:consolas;color:rgb(48,51,54);border-width:1pt;border-style:none;border-color:windowtext;padding:0cm"><u></u><u></u></span></span></pre><pre style="background:rgb(239,240,241) none repeat scroll 0% 0%"><span class="gmail-m_4736344401098544677gmail-pln"><span style="font-family:consolas;color:rgb(48,51,54);border-width:1pt;border-style:none;border-color:windowtext;padding:0cm"> shell</span></span><span class="gmail-m_4736344401098544677gmail-pun"><span style="font-family:consolas;color:rgb(48,51,54);border-width:1pt;border-style:none;border-color:windowtext;padding:0cm">=</span></span><span class="gmail-m_4736344401098544677gmail-kwd"><span style="font-family:consolas;color:rgb(16,16,148);border-width:1pt;border-style:none;border-color:windowtext;padding:0cm">True</span></span><span class="gmail-m_4736344401098544677gmail-pun"><span style="font-family:consolas;color:rgb(48,51,54);border-width:1pt;border-style:none;border-color:windowtext;padding:0cm">,</span></span><span class="gmail-m_4736344401098544677gmail-pln"><span style="font-family:consolas;color:rgb(48,51,54);border-width:1pt;border-style:none;border-color:windowtext;padding:0cm"><u></u><u></u></span></span></pre><pre style="background:rgb(239,240,241) none repeat scroll 0% 0%"><span class="gmail-m_4736344401098544677gmail-pln"><span style="font-family:consolas;color:rgb(48,51,54);border-width:1pt;border-style:none;border-color:windowtext;padding:0cm"> stdout</span></span><span class="gmail-m_4736344401098544677gmail-pun"><span style="font-family:consolas;color:rgb(48,51,54);border-width:1pt;border-style:none;border-color:windowtext;padding:0cm">=</span></span><span class="gmail-m_4736344401098544677gmail-pln"><span style="font-family:consolas;color:rgb(48,51,54);border-width:1pt;border-style:none;border-color:windowtext;padding:0cm">subprocess</span></span><span class="gmail-m_4736344401098544677gmail-pun"><span style="font-family:consolas;color:rgb(48,51,54);border-width:1pt;border-style:none;border-color:windowtext;padding:0cm">.</span></span><span class="gmail-m_4736344401098544677gmail-pln"><span style="font-family:consolas;color:rgb(48,51,54);border-width:1pt;border-style:none;border-color:windowtext;padding:0cm">PIPE</span></span><span class="gmail-m_4736344401098544677gmail-pun"><span style="font-family:consolas;color:rgb(48,51,54);border-width:1pt;border-style:none;border-color:windowtext;padding:0cm">,</span></span><span class="gmail-m_4736344401098544677gmail-pln"><span style="font-family:consolas;color:rgb(48,51,54);border-width:1pt;border-style:none;border-color:windowtext;padding:0cm"><u></u><u></u></span></span></pre><pre style="background:rgb(239,240,241) none repeat scroll 0% 0%"><span class="gmail-m_4736344401098544677gmail-pln"><span style="font-family:consolas;color:rgb(48,51,54);border-width:1pt;border-style:none;border-color:windowtext;padding:0cm"> stderr</span></span><span class="gmail-m_4736344401098544677gmail-pun"><span style="font-family:consolas;color:rgb(48,51,54);border-width:1pt;border-style:none;border-color:windowtext;padding:0cm">=</span></span><span class="gmail-m_4736344401098544677gmail-pln"><span style="font-family:consolas;color:rgb(48,51,54);border-width:1pt;border-style:none;border-color:windowtext;padding:0cm">subprocess</span></span><span class="gmail-m_4736344401098544677gmail-pun"><span style="font-family:consolas;color:rgb(48,51,54);border-width:1pt;border-style:none;border-color:windowtext;padding:0cm">.</span></span><span class="gmail-m_4736344401098544677gmail-pln"><span style="font-family:consolas;color:rgb(48,51,54);border-width:1pt;border-style:none;border-color:windowtext;padding:0cm">PIPE</span></span><span class="gmail-m_4736344401098544677gmail-pun"><span style="font-family:consolas;color:rgb(48,51,54);border-width:1pt;border-style:none;border-color:windowtext;padding:0cm">)</span></span><span style="font-family:consolas;color:rgb(57,51,24)"><u></u><u></u></span></pre><pre style="background:rgb(239,240,241) none repeat scroll 0% 0%;max-height:600px;overflow:auto"><span style="font-family:consolas;color:rgb(57,51,24)"><u></u> <u></u></span></pre><pre style="background:rgb(239,240,241) none repeat scroll 0% 0%;max-height:600px;overflow:auto"><span class="gmail-m_4736344401098544677gmail-pun"><span style="font-family:consolas;color:rgb(48,51,54);border-width:1pt;border-style:none;border-color:windowtext;padding:0cm">Tim</span></span><span style="font-family:consolas;color:rgb(57,51,24)"><u></u><u></u></span></pre></div></div><div><p class="MsoNormal"><u></u> <u></u></p><div><p class="MsoNormal">On 18 February 2017 at 04:19, Raoul Snyman <<a href="mailto:raoul@snyman.info" target="_blank">raoul@snyman.info</a>> wrote:<u></u><u></u></p><blockquote style="border-width:medium medium medium 1pt;border-style:none none none solid;border-color:-moz-use-text-color -moz-use-text-color -moz-use-text-color rgb(204,204,204);padding:0cm 0cm 0cm 6pt;margin-left:4.8pt;margin-right:0cm"><p class="MsoNormal">Hello everyone,<br><br>As some of you might know, we're having SSL issues on Windows. This is because Windows does not ship with all the root certificates and downloads them on the fly. Our current advice to people is to go to <a href="https://get.openlp.org/" target="_blank">https://get.openlp.org/</a> in Internet Explorer or Edge and then try the First Time Wizard again (same applies to SongSelect).<br><br>However, this is really tedious because we have to tell each and every person who visits the forums or IRC or e-mails the support system about it. There must be a better way. Sadly, Microsoft is not going to do anything about this, and unless Python changes the way they do things on Windows, we're probably going to be stuck with the problem.<br><br>I see only 2 real options here.<br><br>1. Bundle all the root certs with OpenLP on Windows. We can tell Python where to find them.<br><br>2. When we want to access an https page, do some sort of pre-flight calling some internal Windows function to get the certs for us.<br><br>Does anyone else have any ideas for how to solve this?<br><br>In the mean time I'm going to write up a blog post and put a sticky post in the forums about this.<span style="color:rgb(136,136,136)"><br><br><span class="gmail-m_4736344401098544677hoenzb">-- </span><br><span class="gmail-m_4736344401098544677hoenzb">Raoul Snyman</span><br><span class="gmail-m_4736344401098544677hoenzb"><a href="tel:%2B1%20%28520%29%20490-9743" target="_blank">+1 (520) 490-9743</a></span><br><span class="gmail-m_4736344401098544677hoenzb"><a href="mailto:raoul@snyman.info" target="_blank">raoul@snyman.info</a></span><br><span class="gmail-m_4736344401098544677hoenzb">______________________________<wbr>_________________</span><br><span class="gmail-m_4736344401098544677hoenzb">openlp-dev mailing list</span><br><span class="gmail-m_4736344401098544677hoenzb"><a href="mailto:openlp-dev@openlp.io" target="_blank">openlp-dev@openlp.io</a></span><br><span class="gmail-m_4736344401098544677hoenzb"><a href="https://lists.openlp.io/mailman/listinfo/openlp-dev" target="_blank">https://lists.openlp.io/<wbr>mailman/listinfo/openlp-dev</a></span></span><u></u><u></u></p></blockquote></div><p class="MsoNormal"><br><br clear="all"><u></u><u></u></p><div><p class="MsoNormal"><u></u> <u></u></p></div><p class="MsoNormal">-- <u></u><u></u></p><div><p class="MsoNormal">Tim and Alison Bentley<br><a href="mailto:Home@TRARBentley.net" target="_blank">Home@TRARBentley.net</a><u></u><u></u></p></div></div></div></div></div></div></div><br>______________________________<wbr>_________________<br>
openlp-dev mailing list<br>
<a href="mailto:openlp-dev@openlp.io">openlp-dev@openlp.io</a><br>
<a href="https://lists.openlp.io/mailman/listinfo/openlp-dev" rel="noreferrer" target="_blank">https://lists.openlp.io/<wbr>mailman/listinfo/openlp-dev</a><br>
<br></blockquote></div><br></div></div></div></div></div></div>