Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Can't download de421.bsp due to new OpenSSL restriction (Update: Fixed by JPL)

See original GitHub issue

I’m reporting this, despite the fact it’s not strictly caused by Skyfield itself, but I’ve encoutered it a few times recently. I’m getting an error when trying to download ds421.bsp, the error looks like this:

OSError: cannot download https://ssd.jpl.nasa.gov/ftp/eph/planets/bsp/de421.bsp because 
<urlopen error [SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy renegotiation 
disabled (_ssl.c:1129)>

This appears to be caused by an update to OpenSSL which now blocks websites that have not had the security issue CVE-2009-3555 fix yet. Apparently JPL’s website is such a website. The OpenSSL checkin that’s causing the crash can be found here:

https://github.com/openssl/openssl/commit/72d2670bd21becfa6a64bb03fa55ad82d6d0c0f3

I found a detailed discussion of the issue, and a work around here:

https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1963834

Although I applied the fix (at a system level), and it worked, clearly the fix is that JPL needs to update their website, however as this is causing Skyfield to essentially break, I wondered if a work around, perhaps fetching this (and probably other affected files) from another location might be a good fix.

Of course, the best way to fix it would be to get JPL to fix their webserver, but I don’t know how realistic that is, knowing how NASA IT works.

Issue Analytics

State:
Created a year ago
Comments:6 (1 by maintainers)

Top GitHub Comments

1reaction

jak574commented, Apr 29, 2022

I contacted JPL folks about this, and they passed on the issue to their IT. Didn’t sound very convinced a fix would be quick, but it might happen.

1reaction

jak574commented, Apr 29, 2022

I’ve looked into this some more and there is a work around. Here is a modified snippet from iokit.py:

if create_default_context is not None:
    ssl_context = create_default_context(cafile=certifi.where())
    ssl_context.options |= 4
    connection = urlopen(url, context=ssl_context)

The ssl_context.options |= 4 enables OP_LEGACY_SERVER_CONNECT. Full credit, I found this solution on here:

SSL error unsafe legacy renegotiation disabled

I tested the above change, and it fixed the issue on my computer at least.

Top Results From Across the Web

Unable to import most .bsp files from NAIF without full url #147

This is because nep086.bsp does not exist at the JPL site, and load should be looking for it at the NAIF site instead....

Planets and their moons: JPL ephemeris files — Skyfield ...

Here's how to download and open the JPL ephemeris DE421 and ask for the ... files never receive updates, so once you have...

[Errno 2] No such file or directory: 'de421.bsp' - TechOverflow

You can download the file from NASA. Just take care to either place it into the right directory or modifying the path in...

Index of /pub/naif/generic_kernels/spk/planets - NASA

de430.bsp 2013-09-03 12:13 114M [ ] de430_and_de431.pdf 2014-03-05 12:13 3.5M [ ] de430_moon_coord.pdf 2013-11-27 15:19 705K [TXT] ...

Untitled

A43 500 milligrams, Diesel exhaust fluid problems, Agrarian movement in india, ... Dekorativna odeja lana, Asus m5a78l-m/usb3 bios update download, ...