diff --git a/CHANGES/1066.misc.rst b/CHANGES/1066.misc.rst new file mode 100644 index 00000000..49b25389 --- /dev/null +++ b/CHANGES/1066.misc.rst @@ -0,0 +1 @@ +Added a mandatory dependency :code:`certifi` in due to in some cases on systems that doesn't have updated ca-certificates the requests to Bot API fails with reason :code:`[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain` diff --git a/aiogram/client/session/aiohttp.py b/aiogram/client/session/aiohttp.py index 9d7df940..1f31ee97 100644 --- a/aiogram/client/session/aiohttp.py +++ b/aiogram/client/session/aiohttp.py @@ -1,6 +1,7 @@ from __future__ import annotations import asyncio +import ssl from typing import ( TYPE_CHECKING, Any, @@ -15,6 +16,7 @@ from typing import ( cast, ) +import certifi from aiohttp import BasicAuth, ClientError, ClientSession, FormData, TCPConnector from aiogram.methods import Request, TelegramMethod @@ -81,7 +83,9 @@ class AiohttpSession(BaseSession): self._session: Optional[ClientSession] = None self._connector_type: Type[TCPConnector] = TCPConnector - self._connector_init: Dict[str, Any] = {} + self._connector_init: Dict[str, Any] = { + "ssl": ssl.create_default_context(cafile=certifi.where()), + } self._should_reset_connector = True # flag determines connector state self._proxy: Optional[_ProxyType] = None diff --git a/poetry.lock b/poetry.lock index 77c9de5a..40476a51 100644 --- a/poetry.lock +++ b/poetry.lock @@ -144,7 +144,7 @@ uvloop = ["uvloop (>=0.15.2)"] name = "certifi" version = "2022.9.24" description = "Python package for providing Mozilla's CA Bundle." -category = "dev" +category = "main" optional = false python-versions = ">=3.6" @@ -1207,7 +1207,7 @@ redis = ["redis"] [metadata] lock-version = "1.1" python-versions = "^3.8" -content-hash = "0845f5cc5f08f26d2780e6696fe66d84aab76cf5f720b742839f34552377a9fa" +content-hash = "e991e2d07149ee26d0d46cf799de2b6dc35207dc462ef5b940badc7f26b65a1e" [metadata.files] aiofiles = [ diff --git a/pyproject.toml b/pyproject.toml index 1b4ee3ac..89b25faa 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -58,6 +58,7 @@ Babel = { version = "^2.9.1", optional = true } aiohttp-socks = { version = "^0.7.1", optional = true } # Redis redis = { version = "^4.3.4", optional = true } +certifi = "^2022.9.24" [tool.poetry.group.docs.dependencies] diff --git a/requirements/base.txt b/requirements/base.txt index cca01754..3bd59183 100644 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -4,6 +4,7 @@ aiosignal==1.2.0 ; python_version >= "3.8" and python_version < "4.0" async-timeout==4.0.2 ; python_version >= "3.8" and python_version < "4.0" attrs==22.1.0 ; python_version >= "3.8" and python_version < "4.0" babel==2.10.3 ; python_version >= "3.8" and python_version < "4.0" +certifi==2022.9.24 ; python_version >= "3.8" and python_version < "4.0" charset-normalizer==2.1.1 ; python_version >= "3.8" and python_version < "4.0" frozenlist==1.3.1 ; python_version >= "3.8" and python_version < "4.0" idna==3.4 ; python_version >= "3.8" and python_version < "4.0" diff --git a/requirements/docs.txt b/requirements/docs.txt index 2f7d49ae..9cb54aec 100644 --- a/requirements/docs.txt +++ b/requirements/docs.txt @@ -7,7 +7,7 @@ async-timeout==4.0.2 ; python_version >= "3.8" and python_version < "4.0" attrs==22.1.0 ; python_version >= "3.8" and python_version < "4.0" babel==2.10.3 ; python_version >= "3.8" and python_version < "4.0" beautifulsoup4==4.11.1 ; python_version >= "3.8" and python_version < "4.0" -certifi==2022.9.24 ; python_version >= "3.8" and python_version < "4" +certifi==2022.9.24 ; python_version >= "3.8" and python_version < "4.0" charset-normalizer==2.1.1 ; python_version >= "3.8" and python_version < "4.0" click-default-group==1.2.2 ; python_version >= "3.8" and python_version < "4.0" click==8.1.3 ; python_version >= "3.8" and python_version < "4.0"