MNE Python Bits and Bobs

python
neuroscience
mne
eeg
Author

Ernie Pedapati

Published

March 14, 2024

Welcome to “MNE Python Bits and Bobs”, a collection of practical tips and solutions for working with the MNE library in Python. As a neuroscientist and Python enthusiast, I’ve encountered various challenges and quirks while using the MNE library for EEG and MEG data analysis.

Table of Contents 1. Bypassing SSL/TLS Verification Issues in the MNE Library

Bypassing SSL/TLS Verification Issues in the MNE Library

Introduction

The MNE (Magnetoencephalography) library is a powerful Python package used for the analysis of neurophysiological data, including EEG and MEG. When working with the MNE library, you may encounter an SSL/TLS verification issue that prevents the successful download of required sample datasets.

The Problem

The MNE library uses the pooch library to manage the download and caching of sample datasets. The pooch library, in turn, relies on the urllib3 library to make HTTP(S) requests when downloading the data files.

During the download process, the pooch library performs SSL/TLS certificate verification to ensure the integrity and security of the downloaded data. However, in some cases, the SSL/TLS certificate used by the remote server (in this case, the osf.io website) may not be trusted by the local system, resulting in an SSLError with the message certificate verify failed: unable to get local issuer certificate.

The Original Error Message

The error message you encountered was likely similar to the following:

SSLError: HTTPSConnectionPool(host='osf.io', port=443): Max retries exceeded with url: /tp4sg/download?version=7 (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1007)')))"

This error message suggests that the MNE library was unable to verify the SSL/TLS certificate used by the osf.io website, leading to the download failure.

The Fix: To bypass the SSL/TLS verification issue, you can modify the Pooch library’s behavior by disabling the SSL/TLS certificate verification. Here’s the code that you can use:

# downloader & processors
print(f" -==== Modified SSL Verify 3/12/2024 ====-")
# download_params = _downloader_params(auth=auth, token=token)
if name == "fake":
    download_params["progressbar"] = False
downloader = pooch.HTTPDownloader(verify=False)
#downloader = pooch.HTTPDownloader(**download_params)

In this modified code, the pooch.HTTPDownloader instance is created with the verify parameter set to False. This effectively disables the SSL/TLS certificate verification, allowing the Pooch library to download the required data files without encountering the SSL/TLS verification issue.

Please note that disabling SSL/TLS certificate verification is generally not recommended for production environments, as it can expose your application to security risks. It’s a temporary workaround to bypass the issue you’re facing, and you should consider more secure solutions, such as using a trusted certificate bundle or implementing a custom SSL/TLS context, if possible.

Conclusion: By understanding the SSL/TLS verification issue and the fix provided in this blog post, you can successfully bypass the problem and continue using the Pooch library to manage your project’s data dependencies. Remember to use this workaround with caution and explore more secure alternatives when possible.