dvirlabs/invy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix SSL handshake failure: use relaxed SSL settings (TLS 1.0+, SECLEVEL=1) for Meta API compatibility
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details

Browse Source
This commit is contained in:
dvirlabs 2026-05-13 22:47:16 +03:00
parent 5f8f7acfe9
commit 635c2fe2f4
1 changed files with 36 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
backend/whatsapp.py
View File

@ -17,23 +17,46 @@ logger = logging.getLogger(__name__)
async def create_http_client() -> httpx.AsyncClient: async def create_http_client() -> httpx.AsyncClient:
""" """
Create an httpx client with proper certificate verification. Create an httpx client with proper certificate verification.
Uses certifi CA bundle for Meta's WhatsApp Cloud API. Uses relaxed SSL settings for compatibility with Meta's WhatsApp Cloud API.
Falls back to system certificates if certifi fails.
""" """
import ssl
try: try:
# Try using certifi's CA bundle first (most reliable) # Create a more permissive SSL context for compatibility
ssl_context = ssl.create_default_context(cafile=certifi.where())
# Allow TLS 1.0+ for maximum compatibility
ssl_context.minimum_version = ssl.TLSVersion.TLSv1
# Relax cipher restrictions
ssl_context.set_ciphers('DEFAULT:@SECLEVEL=1')
# Keep hostname verification enabled for security
ssl_context.check_hostname = True
ssl_context.verify_mode = ssl.CERT_REQUIRED
return httpx.AsyncClient( return httpx.AsyncClient(
verify=certifi.where(), verify=ssl_context,
timeout=httpx.Timeout(30.0, connect=10.0), timeout=httpx.Timeout(30.0, connect=10.0),
http2=False, # Disable HTTP/2 for better compatibility http2=False, # Disable HTTP/2 for better compatibility
limits=httpx.Limits(max_keepalive_connections=5, max_connections=10) limits=httpx.Limits(max_keepalive_connections=5, max_connections=10)
) )
except Exception as e: except Exception as e:
logger.warning(f"[WhatsApp] Certifi SSL setup failed, using system certs: {e}") logger.warning(f"[WhatsApp] SSL context creation failed: {e}, trying simple verify")
# Fallback: use system default certificates # Final fallback: just use certifi directly
try:
return httpx.AsyncClient( return httpx.AsyncClient(
verify=True, # Use system certificates verify=certifi.where(),
timeout=httpx.Timeout(30.0, connect=10.0),
http2=False,
limits=httpx.Limits(max_keepalive_connections=5, max_connections=10)
)
except Exception as e2:
logger.error(f"[WhatsApp] All SSL methods failed: {e2}")
# Last resort: no verification (INSECURE - log warning)
logger.warning("⚠️ Using INSECURE SSL (no verification) - FIX YOUR SSL SETUP!")
return httpx.AsyncClient(
verify=False,
timeout=httpx.Timeout(30.0, connect=10.0), timeout=httpx.Timeout(30.0, connect=10.0),
http2=False, http2=False,
limits=httpx.Limits(max_keepalive_connections=5, max_connections=10) limits=httpx.Limits(max_keepalive_connections=5, max_connections=10)