SSL certificate hostname mismatch on KIS VTS (paper trading) endpoint #1

New Issue

Closed

opened 2026-02-04 03:09:36 +09:00 by jihoson · 0 comments

jihoson commented 2026-02-04 03:09:36 +09:00

Owner

Copy Link

Problem

When running in Docker, connecting to the KIS virtual trading server (openapivts.koreainvestment.com:9443) fails with:

SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed:
Hostname mismatch, certificate is not valid for 'openapivts.koreainvestment.com'.

This is a server-side issue — the KIS VTS API serves a certificate whose Subject/SAN does not match the hostname. This is a well-known issue in the Korean fintech community.

All three watchlist stocks (005930, 000660, 035420) fail on every cycle, making paper trading mode completely non-functional.

Root Cause

KISBroker._get_session() creates an aiohttp.ClientSession with default SSL verification, which correctly rejects the mismatched certificate. However, since the mismatch is on the KIS server side, we cannot fix their certificate.

Fix

Disable SSL hostname verification only for the VTS (paper trading) endpoint by creating an ssl.SSLContext with check_hostname=False and passing it via aiohttp.TCPConnector. Production endpoints remain fully verified.

Files to modify

• src/broker/kis_api.py: Create a custom TCPConnector(ssl=ssl_ctx) when the base URL is the VTS endpoint

Verification

• pytest -v — all 35 tests pass
• docker compose up — no SSL errors, trading cycle proceeds

## Problem When running in Docker, connecting to the KIS virtual trading server (`openapivts.koreainvestment.com:9443`) fails with: ``` SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch, certificate is not valid for 'openapivts.koreainvestment.com'. ``` This is a **server-side** issue — the KIS VTS API serves a certificate whose Subject/SAN does not match the hostname. This is a well-known issue in the Korean fintech community. All three watchlist stocks (005930, 000660, 035420) fail on every cycle, making paper trading mode completely non-functional. ## Root Cause `KISBroker._get_session()` creates an `aiohttp.ClientSession` with default SSL verification, which correctly rejects the mismatched certificate. However, since the mismatch is on the KIS server side, we cannot fix their certificate. ## Fix Disable SSL hostname verification **only** for the VTS (paper trading) endpoint by creating an `ssl.SSLContext` with `check_hostname=False` and passing it via `aiohttp.TCPConnector`. Production endpoints remain fully verified. ### Files to modify - `src/broker/kis_api.py`: Create a custom `TCPConnector(ssl=ssl_ctx)` when the base URL is the VTS endpoint ## Verification - `pytest -v` — all 35 tests pass - `docker compose up` — no SSL errors, trading cycle proceeds

jihoson referenced this issue from a commit 2026-02-04 03:10:43 +09:00

Fix SSL hostname mismatch for KIS VTS paper trading endpoint

jihoson closed this issue 2026-02-04 03:10:43 +09:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

feature/v3-session-policy-stream

feature/issue-tkt-p1-008-overnight-killswitch-priority

feature/issue-tkt-p1-007-session-id-ledger

feature/issue-tkt-p1-006-fx-pnl-separation

feature/issue-tkt-p1-005-conservative-fill-model

feature/issue-tkt-p1-002-backtest-cost-mandatory

feature/issue-tkt-p1-004-walkforward-purge-embargo

feature/issue-tkt-p1-001-fx-buffer-guard

feature/issue-tkt-p1-003-triple-barrier-labeler

feature/issue-tkt-p0-002-killswitch-ordering

feature/issue-tkt-p0-001-blackout-queue-revalidate

feature/issue-279-session-order-policy-guard

feature/issue-277-tpm-priority-main-ideation-no-merge-session

feature/issue-275-phase1-state-exit-killswitch

feature/issue-273-multi-agent-governance-docs

feature/issue-271-docs-routing-validation

feature/issue-269-overseas-cash-ovrs-ord-psbl-amt

feature/issue-267-fix-log-warnings

feature/issue-264-265-overseas-cash-and-open-position

feature/issue-259-market-data-pnl-holding-days

feature/issue-261-fix-mock-settings-mode

feature/issue-258-ranking-api-keyb-param

feature/issue-256-fix-overnight-live-mode

feature/issue-254-cleanup-paper-data

feature/issue-251-252-trading-cycle-guards

feature/issue-249-avg-price-sync

feature/issue-247-skip-parse-response-on-prompt-override

feature/issue-245-parse-response-preserve-raw

feature/issue-242-243-gemini-key-fix-overseas-scanner

feature/issue-240-kr-scanner-rank-param-fix

feature/issue-237-dashboard-mode-badge-fix

feature/issue-237-dashboard-mode-badge

feature/issue-235-overseas-balance-ord-psbl-qty

feature/issue-232-domestic-limit-order-pending

feature/issue-229-overseas-pending-order-handling

feature/issue-211-overseas-limit-price-policy

feature/issue-206-startup-position-sync

feature/issue-207-daily-cb-pnl

feature/issue-218-live-trading-docs

feature/issue-217-gemini-model-default

feature/issue-215-evolved-strategy-syntax

feature/issue-209-daily-connection-retry

feature/issue-204-test-coverage-80

feature/issue-212-trades-mode-column

feature/issue-201-202-203-broker-live-mode

feature/issue-210-213-216-db-wal-env-fix

feature/issue-195-overseas-double-buy-prevention

feature/issue-198-dashboard-api-frontend

feature/issue-196-cb-gauge

feature/issue-193-dashboard-positions

feature/issue-191-duplicate-buy-fix

feature/issue-189-overseas-sell-tr-id-fix

feature/issue-187-sell-fat-finger-fix

feature/issue-180-telegram-instance-lock

feature/issue-181-implied-rsi-saturation

feature/issue-178-dashboard-log-order

feature/issue-179-insufficient-balance-cooldown

feature/issue-173-market-outlook-threshold

feature/issue-172-playbook-allocation-sizing

feature/issue-171-position-aware-conditions

feature/issue-170-holdings-in-prompt

feature/issue-164-165-broker-api-holdings

feature/issue-165-holdings-in-trading-loop

feature/issue-164-sell-quantity-fix

feature/issue-163-take-profit-enforcement

feature/issue-161-telegram-notification-filters

feature/issue-159-dashboard-ui-improvement

feature/issue-157-fix-domestic-price-and-tick

feature/issue-155-fix-ranking-api

feature/issue-153-kr-fallback-stocks

feature/issue-151-overseas-order-fixes

feature/issue-149-overseas-limit-order-price

feature/issue-147-overseas-price-balance-fix

feature/issue-145-smart-fallback-playbook

feature/issue-143-fix-prompt-override

feature/issue-141-fix-overseas-ranking-api

fix/137-run-overnight-python-tmux

feat/overseas-ranking-current-state

feature/issue-131-docs-v2-status-sync

feature/issue-132-us-market-telegram-gaps

feature/issue-129-fix-daily-review-test-date

feature/issue-97-dashboard-integration

feature/issue-96-evolution-main-integration

feature/issue-95-evolution-loop

feature/issue-89-legacy-context-cleanup

feature/issue-94-planner-scorecard-injection

feat/v2-2-4-planner-context-crossmarket

feature/issue-93-daily-review-integration

feature/issue-91-daily-reviewer

feature/issue-92-decision-outcome

feature/issue-87-context-scheduler

feature/issue-90-scorecard-model

feature/issue-86-eod-market-filter

feature/issue-85-l7-context-write

feature/issue-114-review-plan-consistency

fix/test-failures

feature/issue-84-main-integration

feature/issue-83-pre-market-planner

feature/issue-81-telegram-playbook-notify

feature/issue-82-playbook-persistence

feature/issue-80-scenario-engine

feature/issue-105-branch-rebase

feature/issue-100-agent-constraints

feature/issue-79-strategy-models

feature/issue-78-config-watchlist-removal

feature/issue-76-smart-volatility-scanner

feature/issue-74-telegram-command-fix

fix/start-command-parsing

feature/issue-69-config-docs

feature/issue-67-status-commands

feature/issue-65-trading-control

feature/issue-63-basic-commands

feature/issue-61-command-handler

feature/issue-59-send-message

feature/issue-57-daily-trading-mode

feature/issue-49-valueerror-empty-string

feature/issue-52-aiohttp-cleanup

feature/issue-54-token-refresh-cooldown

feature/issue-51-api-rate-limiting

feature/issue-44-safe-float

feature/issue-43-reduce-rate-limit

feature/issue-42-token-refresh-lock

feature/issue-41-keyerror-balance

feature/issue-35-telegram-docs

feature/issue-34-main-integration

feature/issue-33-telegram-config

feature/issue-32-telegram-tests

feature/issue-31-telegram-client

feature/issue-23-sustainability

feature/issue-22-data-driven

feature/issue-24-token-efficiency

feature/issue-21-latency-control

feature/issue-19-evolution-engine

feature/issue-20-volatility-hunter

feature/issue-17-decision-logging

feature/issue-15-context-tree

feature/issue-13-docs-refactor

feature/issue-11-command-failures

feature/issue-9-agent-workflow

feature/issue-5-global-market-auto-selection

feature/issue-4-add-git-workflow-policy

feature/issue-2-add-claude-md

No results found.

Labels

Clear labels

bug

Something is not working

duplicate

This issue or pull request already exists

enhancement

New feature

help wanted

Need some help

invalid

Something is wrong

question

More information is needed

wontfix

This won't be fixed

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

agentson jihoson

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: jihoson/The-Ouroboros#1