Unable to Bypass SSL Verification when using Web Search #2574

New Issue

Closed

opened 2025-11-11 15:09:54 -06:00 by GiteaMirror · 1 comment

GiteaMirror commented 2025-11-11 15:09:54 -06:00

Owner

Copy Link

Originally created by @erussell86 on GitHub (Nov 5, 2024).

Bug Report

---

Installation Method

I installed the latest Docker container (v0.3.35). Everything else, to include directly adding websites to context via # works fine.

Environment

• Open WebUI Version: v0.3.35
• Operating System: Docker is running in Ubuntu server
• Browser (if applicable): Chrome 130.0.6723.70

Confirmation:

• I have read and followed all the instructions provided in the README.md.
• I am on the latest version of both Open WebUI and Ollama.
• [] I have included the browser console logs.
• I have included the Docker container logs.
• I have provided the exact steps to reproduce the bug in the "Steps to Reproduce" section below.

Expected Behavior:

When Openwebui is behind a TLS proxy, and Bypass SSL verification for Websites is On, it obtains web pages from duckduckgo, attempts to connect to them, sees that there is a self-signed certificate in the trust chain and ignores it, reading website content despite the self-signed cert.

Actual Behavior:

Openwebui fails to read the content from the web pages returned by duckduckgo due to the SSL Verification Error.

Description

Bug Summary:
When Open Webui attempts to connect to websites based on Web Search results, it fails to ignore self-signed certificates despite Bypass SSL verification for Websites being On. Directly adding websites to context via # works fine. It's only the RAG Web Search that cannot bypass SSL verification.

Reproduction Details

Steps to Reproduce:

1. Install latest Open WebUI Docker Image
2. Enable duckduckgo web search
3. Ensure that Bypass SSL verification for Websites is On and click [Save]
4. Execute a prompt with Web Search Enabled

Logs and Screenshots

Docker Container Logs:

 Given the user's message and interaction history, decide if a web search is necessary. You must be concise and exclusively provide a search query if one is necessary. Refrain from verbose responses or any additional commentary. Prefer suggesting a search if uncertain to provide comprehensive or updated information. If a search isn't needed at all, respond with an empty string. Default to a search query when in doubt. Today's date is 2024-11-05.

User Message:
Who won the 2024 world series?

Interaction History:                                                                                  USER: Who won the 2024 world series?
                                                                                                      Search Query:
INFO:     172.19.0.1:32860 - "POST /api/task/query/completions HTTP/1.1" 200 OK                       ERROR [open_webui.apps.retrieval.web.utils] Error loading https://www.mlb.com/news/dodgers-win-world-series-2024: HTTPSConnectionPool(host='www.mlb.com', port=443): Max retries exceeded with url: /news/dodgers-win-world-series-2024 (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1006)')))     ERROR [open_webui.apps.retrieval.web.utils] Error loading https://abcnews.go.com/Sports/los-angeles-dodgers-win-world-series/story?id=115282153: HTTPSConnectionPool(host='abcnews.go.com', port=443): Max retries exceeded with url: /Sports/los-angeles-dodgers-win-world-series/story?id=115282153 (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1006)')))
ERROR [open_webui.apps.retrieval.web.utils] Error loading https://en.wikipedia.org/wiki/2024_World_Series: HTTPSConnectionPool(host='en.wikipedia.org', port=443): Max retries exceeded with url: /wiki/2024_World_Series (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1006)')))
INFO  [open_webui.apps.retrieval.main] save_docs_to_vector_db [] 07cef926cff1fa04e42f32a29e72e986247dd6a3b2c9eeb1872040d51ee8eba
ERROR [open_webui.apps.retrieval.main] The content provided is empty. Please ensure that there is text or data present before proceeding.
Traceback (most recent call last):                                                                      File "/app/backend/open_webui/apps/retrieval/main.py", line 1168, in process_web_search                 save_docs_to_vector_db(docs, collection_name, overwrite=True)
  File "/app/backend/open_webui/apps/retrieval/main.py", line 687, in save_docs_to_vector_db
    raise ValueError(ERROR_MESSAGES.EMPTY_CONTENT)                                                    ValueError: The content provided is empty. Please ensure that there is text or data present before proceeding.                                                                                           

Screenshots/Screen Recordings (if applicable):

Originally created by @erussell86 on GitHub (Nov 5, 2024). # Bug Report --- ## Installation Method I installed the latest Docker container (v0.3.35). Everything else, to include directly adding websites to context via `#` works fine. ## Environment - **Open WebUI Version:** v0.3.35 - **Operating System:** Docker is running in Ubuntu server - **Browser (if applicable):** Chrome 130.0.6723.70 **Confirmation:** - [X] I have read and followed all the instructions provided in the README.md. - [X] I am on the latest version of both Open WebUI and Ollama. - [] I have included the browser console logs. - [X] I have included the Docker container logs. - [X] I have provided the exact steps to reproduce the bug in the "Steps to Reproduce" section below. ## Expected Behavior: When Openwebui is behind a TLS proxy, and `Bypass SSL verification for Websites` is `On`, it obtains web pages from duckduckgo, attempts to connect to them, sees that there is a self-signed certificate in the trust chain and ignores it, reading website content despite the self-signed cert. ## Actual Behavior: Openwebui fails to read the content from the web pages returned by duckduckgo due to the SSL Verification Error. ## Description **Bug Summary:** When Open Webui attempts to connect to websites based on Web Search results, it fails to ignore self-signed certificates despite `Bypass SSL verification for Websites` being `On`. Directly adding websites to context via `#` works fine. It's only the RAG Web Search that cannot bypass SSL verification. ## Reproduction Details **Steps to Reproduce:** 1. Install latest Open WebUI Docker Image 2. Enable duckduckgo web search 3. Ensure that `Bypass SSL verification for Websites` is `On` and click **[Save]** 4. Execute a prompt with Web Search Enabled ## Logs and Screenshots **Docker Container Logs:** ``` Given the user's message and interaction history, decide if a web search is necessary. You must be concise and exclusively provide a search query if one is necessary. Refrain from verbose responses or any additional commentary. Prefer suggesting a search if uncertain to provide comprehensive or updated information. If a search isn't needed at all, respond with an empty string. Default to a search query when in doubt. Today's date is 2024-11-05. User Message: Who won the 2024 world series? Interaction History: USER: Who won the 2024 world series? Search Query: INFO: 172.19.0.1:32860 - "POST /api/task/query/completions HTTP/1.1" 200 OK ERROR [open_webui.apps.retrieval.web.utils] Error loading https://www.mlb.com/news/dodgers-win-world-series-2024: HTTPSConnectionPool(host='www.mlb.com', port=443): Max retries exceeded with url: /news/dodgers-win-world-series-2024 (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1006)'))) ERROR [open_webui.apps.retrieval.web.utils] Error loading https://abcnews.go.com/Sports/los-angeles-dodgers-win-world-series/story?id=115282153: HTTPSConnectionPool(host='abcnews.go.com', port=443): Max retries exceeded with url: /Sports/los-angeles-dodgers-win-world-series/story?id=115282153 (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1006)'))) ERROR [open_webui.apps.retrieval.web.utils] Error loading https://en.wikipedia.org/wiki/2024_World_Series: HTTPSConnectionPool(host='en.wikipedia.org', port=443): Max retries exceeded with url: /wiki/2024_World_Series (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1006)'))) INFO [open_webui.apps.retrieval.main] save_docs_to_vector_db [] 07cef926cff1fa04e42f32a29e72e986247dd6a3b2c9eeb1872040d51ee8eba ERROR [open_webui.apps.retrieval.main] The content provided is empty. Please ensure that there is text or data present before proceeding. Traceback (most recent call last): File "/app/backend/open_webui/apps/retrieval/main.py", line 1168, in process_web_search save_docs_to_vector_db(docs, collection_name, overwrite=True) File "/app/backend/open_webui/apps/retrieval/main.py", line 687, in save_docs_to_vector_db raise ValueError(ERROR_MESSAGES.EMPTY_CONTENT) ValueError: The content provided is empty. Please ensure that there is text or data present before proceeding. ``` **Screenshots/Screen Recordings (if applicable):** 

GiteaMirror closed this issue 2025-11-11 15:09:54 -06:00

GiteaMirror commented 2025-11-11 15:09:55 -06:00

Author

Owner

Copy Link

@tjbck commented on GitHub (Nov 5, 2024):

Fixed on dev

@tjbck commented on GitHub (Nov 5, 2024): Fixed on dev

GiteaMirror referenced this issue 2025-11-11 17:37:13 -06:00

[PR #2574] [MERGED] feat: experimental SSO support for Google, Microsoft, and OIDC #7830

GiteaMirror referenced this issue 2025-11-11 18:13:57 -06:00

[PR #8978] [MERGED] fix: Separate cookie configuration between session & auth cookies to prevent oauth flow from breaking #9095

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dev

backend-outlet

v0.8.10

v0.8.9

v0.8.8

v0.8.7

v0.8.6

v0.8.5

v0.8.4

v0.8.3

v0.8.2

v0.8.1

v0.8.0

v0.7.2

v0.7.1

v0.7.0

v0.6.43

v0.6.42

v0.6.41

v0.6.40

v0.6.39

v0.6.38

v0.6.37

v0.6.36

v0.6.35

v0.6.34

v0.6.33

v0.6.32

v0.6.31

v0.6.30

v0.6.29

v0.6.28

v0.6.27

v0.6.26

v0.6.25

v0.6.24

v0.6.23

v0.6.22

v0.6.21

v0.6.20

v0.6.19

v0.6.18

v0.6.17

v0.6.16

v0.6.15

v0.6.14

v0.6.13

v0.6.12

v0.6.11

v0.6.10

v0.6.9

v0.6.8

v0.6.7

v0.6.6

v0.6.5

v0.6.4

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.20

v0.5.19

v0.5.18

v0.5.17

v0.5.16

v0.5.15

v0.5.14

v0.5.13

v0.5.12

v0.5.11

v0.5.10

v0.5.9

v0.5.8

v0.5.7

v0.5.6

v0.5.5

v0.5.4

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.8

v0.4.7

v0.4.6

v0.4.5

v0.4.4

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.35

v0.3.34

v0.3.33

v0.3.32

v0.3.31

v0.3.30

v0.3.29

v0.3.28

v0.3.27

v0.3.26

v0.3.25

v0.3.24

v0.3.23

v0.3.22

v0.3.21

v0.3.20

v0.3.19

v0.3.18

v0.3.17

v0.3.16

v0.3.15

v0.3.14

v0.3.13

v0.3.12

v0.3.11

v0.3.10

v0.3.9

v0.3.8

v0.3.7

v0.3.6

v0.3.5

v0.3.4

v0.3.3

v0.3.2

v0.3.1

v0.3.0

v0.2.5

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.125

v0.1.124

v0.1.123

v0.1.122

v0.1.121

v0.1.120

v0.1.119

v0.1.118

v0.1.117

v0.1.116

v0.1.115

v0.1.114

v0.1.113

v0.1.112

v0.1.111

v0.1.110

v0.1.109

v0.1.108

v0.1.107

v0.1.106

v0.1.105

v0.1.104

v0.1.103

v0.1.102

Labels

Clear labels

bug

core

documentation

enhancement

good first issue

help wanted

non-core

pull-request

Mirrored from GitHub Pull Request

python

question

testing wanted

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/open-webui#2574