Confluence python API. Define SSL certificate for our confluence pages

Hello guys,

I have an issue with python requests. It was a struggle for more than a day, I hope I can give a clear and simple view, please bare with me. Let me try to give some context. There is a python script (runs inside a container) that creates a Confluence() object (from atlassian-python-api/atlassian /confluence.py) pointing to our confluence pages. The script throws this error =>

Traceback (most recent call last): File "/main.py", line 189, in main() File "/main.py", line 70, in main . . File "/opt/app-root/lib64/python3.9/site-packages/atlassian/confluence.py", line 220, in get_page_id return (self.get_page_by_title(space, title, type=type) or {}).get("id") File "/opt/app-root/lib64/python3.9/site-packages/atlassian/confluence.py", line 305, in get_page_by_title response = self.get(url, params=params) File "/opt/app-root/lib64/python3.9/site-packages/atlassian/rest_client.py", line 288, in get response = self.request( File "/opt/app-root/lib64/python3.9/site-packages/atlassian/rest_client.py", line 241, in request response = self._session.request( File "/opt/app-root/lib64/python3.9/site-packages/requests/sessions.py", line 589, in request resp = self.send(prep, send_kwargs) File "/opt/app-root/lib64/python3.9/site-packages/requests/sessions.py", line 703, in send r = adapter.send(request, kwargs) File "/opt/app-root/lib64/python3.9/site-packages/requests/adapters.py", line 517, in send raise SSLError(e, request=request) requests.exceptions.SSLError: HTTPSConnectionPool(host='confluence.<>.com', port=443): Max retries exceeded with url: /rest/api/content?type=page&start=0&limit=1&spaceKey=&title= (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)')))</p> </blockquote> <p>To my understanding, requests() is not aware of our own certificate chain, thus is complaining to not be able to get local issuer. Ok, the script has already a place where is defining the env variable <code>REQUESTS_CA_BUNDLE</code> pointing to the proper file contains the certificate chain. And the order inside the file is proper. The root at the bottom and the way up to the last intermediate.</p> <p>I have checked if the <code>REQUESTS_CA_BUNDLE</code> is actually pointing to the correct file. I have checked that the file itself contains the proper certificates. I have even went inside the container in an interactive python shell and created a <code>s = requests.Session()</code> and played a little bit around. (I have noticed that when you have initiated the session, it doesn't check again the ssl encryption. For instance if I define verify=False in the session, if I call it again and give <code>verify='/path/to/certs/certs.pem'</code>, it will not take it into account) So, since I was inside the container and the <code>requests()</code> where fine with the certs.pem I do not have a reason to challenge the certs.pem?!</p> <p>Now, back to the confluence object. Initially the object was created like this => <code>Confluence(url=url, username=username, password=password)</code></p> <p>Since the env variable <code>REQUESTS_CA_BUNDLE</code> seems to not have any effect I was trying to pass the file path directly to the <code>Confluence()</code> object => <code>Confluence(url=url, username=username, password=password, verify_ssl='/path/to/certs/certs.pem')</code> I was checking the confluence Api and I saw in the AtlassianRestAPI (Confluence extends AtlassianRestAPI) assigns <code>verify=self.verify_ssl</code> inside <code>requests()</code> calls. This didn't work either, then I tried this => <code>Confluence(url=url, username=username, password=password, verify_ssl=False)</code> This worked as expected, it ignored the ssl error and moved on.</p> <p>I am so confused because, if someone presented me the above issue, I would definitely believed that there is an issue with the certs.pem. But, I have checked to my best of my knowledge and verified the certificates. They are in the proper format, I have downloaded all the chain from the browser, no non-printable inside the file and when I was inside the interactive python shell the very same certs.pem was accepted by python requests() If my certs.pem is fine I was thinking that maybe the session is initiated somewhere in advance (see my note few lines above when I was in python shell) before it reach the point that I am defining the path, But if that was true, when I was trying => <code>Confluence(url=url, username=username, password=password, verify_ssl=False)</code> it shouldn't be working.</p> <p>What am I missing, I know that I am doing something wrong, but I don't know what else should I check. :/</p> </div> </div> <div class="comment"> <div class="user"> <a rel="noreferrer nofollow" target="_blank" href="https://github.com/AndreasSeidl"><img src="https://avatars.githubusercontent.com/u/33483442?v=4" />AndreasSeidl</a> commented <strong> 4 months ago</strong> </div> <div class="markdown-body"> <p>hi, I don't know if you were able to fix your problem or if this might help you, but I also hat [SSL: CERTIFICATE_VERIFY_FAILED], which was solved by installing 'pip-system-certs'. Hope this helps</p> </div> </div> <div class="page-bar-simple"> </div> <div class="footer"> <ul class="body"> <li>© <script> document.write(new Date().getFullYear()) </script> Githubissues.</li> <li>Githubissues is a development platform for aggregating issues.</li> </ul> </div> <script src="https://cdn.jsdelivr.net/npm/jquery@3.5.1/dist/jquery.min.js"></script> <script src="/githubissues/assets/js.js"></script> <script src="/githubissues/assets/markdown.js"></script> <script src="https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/highlight.min.js"></script> <script src="https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/go.min.js"></script> <script> hljs.highlightAll(); </script> </body> </html>

atlassian-api / atlassian-python-api

Confluence python API. Define SSL certificate for our confluence pages #1307