search

CaliDog / certstream-python

Python library for connecting to CertStream
MIT License
426 stars 72 forks source link

Setting CA bundle as parameter #5

Closed ghost closed 6 years ago

ghost commented 6 years ago

I am using version 1.8 and get the error mentioned above:

> certstream 
[ERROR:root] 2017-12-18 15:04:01,994 - Error connecting to CertStream - cafile, capath and cadata cannot be all omitted - Sleeping for a few seconds and trying again...
Fitblip commented 6 years ago

Can you give me more information about your setup? This is the first report I've seen of this bug, and your default installation should pick up your operating systems CA list automatically.

ghost commented 6 years ago

should pick up your operating systems CA list automatically.

Which code would do that? I'd like to fix that "as upstream as possible" too.

This is the code in websocket-client: https://github.com/websocket-client/websocket-client/blob/e4c71712132ac07dd70a35f093f0ad3e87fdc415/websocket/_http.py#L164 It looks for a environment variable WEBSOCKET_CLIENT_CA_BUNDLE and otherwise uses the file cacert.pem in the current directory. The third option is the parameter with a path. Then in the next function here: https://github.com/websocket-client/websocket-client/blob/e4c71712132ac07dd70a35f093f0ad3e87fdc415/websocket/_http.py#L138 The error is thrown if both parameters to context.load_verify_locations are None.

See also slackapi/python-rtmbot#63 lins05/slackbot#133 BitMEX/sample-market-maker#11 streamlink/streamlink#1117 nlsdfnbch/btfxwss#19

Fitblip commented 6 years ago

Hey @wagner-certat,

Sorry for the delay - I've been out on holiday.

I still don't have any information on your setup, you're still the only person to report this to me as an issue (and there are quite a few users at this point), and the websocket-client library comes pre-bundled with a list of valid CAs bundled with it. If you're interested in fixing it upstream, this seems like something to take up with the websocket-client library maintainer.

I'm also hesitant to merge this as you've included a changelog, which is not something I'd like to include in this repo.

ghost commented 6 years ago

I'll try to phrase it completely differently. websocket-client has the ability to set the used CA bundle as a parameter. If you want a custom CA bundle (e.g. the system's one) with certstream, you would need to set an environment variable. But this is not possible in a library, only for a user. -> Other programs can't set a different CA bundle for certsteam currently.

I'm also hesitant to merge this as you've included a changelog, which is not something I'd like to include in this repo.

Huh, why that?

ghost commented 6 years ago

Fixed by #8