databricks-sql-python icon indicating copy to clipboard operation
databricks-sql-python copied to clipboard
verified publisher icon databricks

SSLError bad handshake

Open dbarrundia-tiger opened this issue 2 years ago • 6 comments

Getting the following error when trying to connect to our warehouse:

from databricks import sql
your_token = '<token>'

connection = sql.connect(
  server_hostname="<>cloud.databricks.com",
  http_path="/sql/1.0/warehouses/<>",
  access_token=your_token
)

MaxRetryError: HTTPSConnectionPool(host='<>.cloud.databricks.com', port=443): Max retries exceeded with url: /sql/1.0/warehouses/<> (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))

We have tried:

connection = sql.connect(
  server_hostname="<>.cloud.databricks.com",
  http_path="/sql/1.0/warehouses/<>",
  access_token=your_token,
  _tls_no_verify=True)

and

connection = sql.connect(
  server_hostname="<>.cloud.databricks.com",
  http_path="/sql/1.0/warehouses/<>",
  access_token=your_token,
  _enable_ssl=False)

dbarrundia-tiger avatar Sep 11 '23 17:09 dbarrundia-tiger

Can you tell what environment your Python script is running in?

If it's running on mac local, then you're experiencing the same environment problem as me.

Luckily, I was able to resolve this issue.

Cause: Apparently python installed on a local mac sometimes doesn't come with an SSL certificate (I'm not sure). Solution: Go to your MAC terminal /Applications/Python\ {local python version e.g: 3.11}/Install\ Certificates.command Enter the command and wait for it to install. Then try running the script again, it works!

sokojh avatar Sep 18 '23 09:09 sokojh

Ditto @sokojh's comment. Depending on how you installed python on your mac, you can also find the Install Certificates.command within the Python 3.x directory in your /Applications folder.

susodapop avatar Sep 18 '23 14:09 susodapop

Thanks @susodapop this is not on a Mac unfortunately, it's on a Windows machine. Any ideas on what to do with that? Thanks so much!

dbarrundia-tiger avatar Sep 20 '23 21:09 dbarrundia-tiger

@susodapop also wouldn't _tls_no_verify and _enable_ssl help us here?

dbarrundia-tiger avatar Sep 20 '23 21:09 dbarrundia-tiger

@dbarrundia-tiger Were you able to figure out your issue? _tls_no_verify would just disable cert verification, so use it carefully (e.g. I wouldn't recommend to use it in production). Also plese note that due to bug, _tls_no_verify was ignored in some cases, so please try latest version of the library if it seems to be your case.

kravets-levko avatar Oct 02 '24 17:10 kravets-levko