v1.0.0 Beta · openai openai-python · Discussion #631

I am facing persistent SSL errors as of 1.0.0.

On 0.28.1 this works successfully (with the OPENAI_API_KEY environment variable set):

import openai
comp = openai.ChatCompletion.create(
    model='gpt-3.5-turbo',
    messages=[{'role': 'user', 'content': 'Hello world'}],
)
print(comp['choices'][0]['message']['content'])

On 1.0.0 the equivalent code is giving me an error:

import openai
client = openai.OpenAI()
comp = client.chat.completions.create(
    model='gpt-3.5-turbo',
    messages=[{'role': 'user', 'content': 'Hello world'}],
)
print(comp['choices'][0]['message']['content'])

---------------------------------------------------------------------------
---------------------------------------------------------------------------
SSLCertVerificationError                  Traceback (most recent call last)
File c:\Users\me\Miniconda3\lib\site-packages\httpcore\_exceptions.py:10, in map_exceptions(map)
      9 try:
---> 10     yield
     11 except Exception as exc:  # noqa: PIE786

File c:\Users\me\Miniconda3\lib\site-packages\httpcore\_backends\sync.py:168, in SyncStream.start_tls(self, ssl_context, server_hostname, timeout)
    167         self.close()
--> 168         raise exc
    169 return SyncStream(sock)

File c:\Users\me\Miniconda3\lib\site-packages\httpcore\_backends\sync.py:163, in SyncStream.start_tls(self, ssl_context, server_hostname, timeout)
    162         self._sock.settimeout(timeout)
--> 163         sock = ssl_context.wrap_socket(
    164             self._sock, server_hostname=server_hostname
    165         )
    166 except Exception as exc:  # pragma: nocover

File c:\Users\me\Miniconda3\lib\ssl.py:500, in SSLContext.wrap_socket(self, sock, server_side, do_handshake_on_connect, suppress_ragged_eofs, server_hostname, session)
    494 def wrap_socket(self, sock, server_side=False,
    495                 do_handshake_on_connect=True,
    496                 suppress_ragged_eofs=True,
    497                 server_hostname=None, session=None):
    498     # SSLSocket class handles server_hostname encoding before it calls
    499     # ctx._wrap_socket()
--> 500     return self.sslsocket_class._create(
    501         sock=sock,
    502         server_side=server_side,
    503         do_handshake_on_connect=do_handshake_on_connect,
    504         suppress_ragged_eofs=suppress_ragged_eofs,
    505         server_hostname=server_hostname,
    506         context=self,
    507         session=session
    508     )

File c:\Users\me\Miniconda3\lib\ssl.py:1040, in SSLSocket._create(cls, sock, server_side, do_handshake_on_connect, suppress_ragged_eofs, server_hostname, context, session)
   1039             raise ValueError("do_handshake_on_connect should not be specified for non-blocking sockets")
-> 1040         self.do_handshake()
   1041 except (OSError, ValueError):

File c:\Users\me\Miniconda3\lib\ssl.py:1309, in SSLSocket.do_handshake(self, block)
   1308         self.settimeout(None)
-> 1309     self._sslobj.do_handshake()
   1310 finally:

SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)

The above exception was the direct cause of the following exception:

ConnectError                              Traceback (most recent call last)
File c:\Users\me\Miniconda3\lib\site-packages\httpx\_transports\default.py:66, in map_httpcore_exceptions()
     65 try:
---> 66     yield
     67 except Exception as exc:
...
   (...)
    904     stream_cls=stream_cls,
    905 )

APIConnectionError: Connection error.

I am running this through a corporate network and have faced SSL errors which were previously resolved by various methods:

Downloading the root certificate when accessing openai and setting REQUESTS_CA_BUNDLE to point to that certificate
Adding the aforementioned certificate to certifi's cacert.pem
Installing pip_system_certs

While these methods worked on previous versions, they no longer do as of 1.0.0. Is there a new recommended workaround while working on company-owned machines/networks?