pyArango
pyArango copied to clipboard
Connect to SSL server
I have arangodb running on ssl protected server. Admin interface is running ok.
When I try to connect using:
conn = Connection(arangoURL="https://www.test.com:12345", username="root", password="password")
(python 3.5 on windows 7)
I got an SSL error: ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)
complete traceback:
Traceback (most recent call last):
File "C:\Users\crecheverria\Devel\z_venvs\py64-3.5.1-gen\lib\site-packages\requests\packages\urllib3\connectionpool.py", line 595, in urlopen
chunked=chunked)
File "C:\Users\crecheverria\Devel\z_venvs\py64-3.5.1-gen\lib\site-packages\requests\packages\urllib3\connectionpool.py", line 352, in _make_request
self._validate_conn(conn)
File "C:\Users\crecheverria\Devel\z_venvs\py64-3.5.1-gen\lib\site-packages\requests\packages\urllib3\connectionpool.py", line 831, in _validate_conn
===
Unable to establish connection, perhaps arango is not running.
===
conn.connect()
File "C:\Users\crecheverria\Devel\z_venvs\py64-3.5.1-gen\lib\site-packages\requests\packages\urllib3\connection.py", line 289, in connect
ssl_version=resolved_ssl_version)
File "C:\Users\crecheverria\Devel\z_venvs\py64-3.5.1-gen\lib\site-packages\requests\packages\urllib3\util\ssl_.py", line 308, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "C:\Users\crecheverria\Apps\WinPython\64bit-3.5.1.1\python-3.5.1.amd64\lib\ssl.py", line 376, in wrap_socket
_context=self)
File "C:\Users\crecheverria\Apps\WinPython\64bit-3.5.1.1\python-3.5.1.amd64\lib\ssl.py", line 747, in __init__
self.do_handshake()
File "C:\Users\crecheverria\Apps\WinPython\64bit-3.5.1.1\python-3.5.1.amd64\lib\ssl.py", line 983, in do_handshake
self._sslobj.do_handshake()
File "C:\Users\crecheverria\Apps\WinPython\64bit-3.5.1.1\python-3.5.1.amd64\lib\ssl.py", line 628, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "C:\Users\crecheverria\Devel\z_venvs\py64-3.5.1-gen\lib\site-packages\requests\adapters.py", line 423, in send
timeout=timeout
File "C:\Users\crecheverria\Devel\z_venvs\py64-3.5.1-gen\lib\site-packages\requests\packages\urllib3\connectionpool.py", line 621, in urlopen
raise SSLError(e)
requests.packages.urllib3.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "c:\Users\crecheverria\Devel\SGOT\fallas\v_python\arangodb3\test_02.py", line 13, in <module>
conn = Connection(arangoURL="https://arango.xer.cl:22754", username="root", password="calipso01")
File "C:\Users\crecheverria\Devel\z_venvs\py64-3.5.1-gen\lib\site-packages\pyArango\connection.py", line 103, in __init__
self.reload()
File "C:\Users\crecheverria\Devel\z_venvs\py64-3.5.1-gen\lib\site-packages\pyArango\connection.py", line 120, in reload
r = self.session.get(self.databasesURL)
File "C:\Users\crecheverria\Devel\z_venvs\py64-3.5.1-gen\lib\site-packages\pyArango\connection.py", line 38, in __call__
ret = self.fct(*args, **kwargs)
File "C:\Users\crecheverria\Devel\z_venvs\py64-3.5.1-gen\lib\site-packages\requests\sessions.py", line 488, in get
return self.request('GET', url, **kwargs)
File "C:\Users\crecheverria\Devel\z_venvs\py64-3.5.1-gen\lib\site-packages\requests\sessions.py", line 475, in request
resp = self.send(prep, **send_kwargs)
File "C:\Users\crecheverria\Devel\z_venvs\py64-3.5.1-gen\lib\site-packages\requests\sessions.py", line 596, in send
r = adapter.send(request, **kwargs)
File "C:\Users\crecheverria\Devel\z_venvs\py64-3.5.1-gen\lib\site-packages\requests\adapters.py", line 497, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)
Getting the same Error, I guess it is because your SSL Certificate is Self-Signed/Not-Trusted?
Would be great if we could get some verify true/false option!
i have the same problems to. anyone can solved that Error?
Thankyou,
Hi, everyone I think that adding cafiile parameter would be better than just skkipping certificate verification
As the lib rely on requests, you can set the REQUESTS_CA_BUNDLE environment variable to provide a CA bundle.
os.environ["REQUESTS_CA_BUNDLE"]=bundle_file.crt
As the lib rely on requests, you can set the REQUESTS_CA_BUNDLE environment variable to provide a CA bundle.
os.environ["REQUESTS_CA_BUNDLE"]=bundle_file.crt
IMHO I think is a little awkward to set the certificate as a global env variable specifically for Request lib. ArangoConnectionBuilder
should provide a way to set the file location or the cert content, then use it in the session context.
I am also seeing this issue. Any resolution to this problem? Thanks