I have an issue with python requests.
It was a struggle for more than a day, I hope I can give a clear and simple view, please bare with me.
Let me try to give some context.
There is a python script (runs inside a container) that creates a Confluence() object (from atlassian-python-api/atlassian
/confluence.py) pointing to our confluence pages.
The script throws this error =>
Traceback (most recent call last):
File "/main.py", line 189, in
main()
File "/main.py", line 70, in main
.
.
File "/opt/app-root/lib64/python3.9/site-packages/atlassian/confluence.py", line 220, in get_page_id
return (self.get_page_by_title(space, title, type=type) or {}).get("id")
File "/opt/app-root/lib64/python3.9/site-packages/atlassian/confluence.py", line 305, in get_page_by_title
response = self.get(url, params=params)
File "/opt/app-root/lib64/python3.9/site-packages/atlassian/rest_client.py", line 288, in get
response = self.request(
File "/opt/app-root/lib64/python3.9/site-packages/atlassian/rest_client.py", line 241, in request
response = self._session.request(
File "/opt/app-root/lib64/python3.9/site-packages/requests/sessions.py", line 589, in request
resp = self.send(prep, send_kwargs)
File "/opt/app-root/lib64/python3.9/site-packages/requests/sessions.py", line 703, in send
r = adapter.send(request, kwargs)
File "/opt/app-root/lib64/python3.9/site-packages/requests/adapters.py", line 517, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='confluence.<>.com', port=443):
Max retries exceeded with url: /rest/api/content?type=page&start=0&limit=1&spaceKey=&title=
(Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed:
unable to get local issuer certificate (_ssl.c:1129)')))
To my understanding, requests() is not aware of our own certificate chain, thus is complaining to not be able to get local issuer.
Ok, the script has already a place where is defining the env variable REQUESTS_CA_BUNDLE pointing to the proper file contains the certificate chain.
And the order inside the file is proper. The root at the bottom and the way up to the last intermediate.
I have checked if the REQUESTS_CA_BUNDLE is actually pointing to the correct file.
I have checked that the file itself contains the proper certificates.
I have even went inside the container in an interactive python shell and created a s = requests.Session() and played a little bit around.
(I have noticed that when you have initiated the session, it doesn't check again the ssl encryption. For instance if I define
verify=False in the session, if I call it again and give verify='/path/to/certs/certs.pem', it will not take it into account)
So, since I was inside the container and the requests() where fine with the certs.pem I do not have a reason to challenge the certs.pem?!
Now, back to the confluence object.
Initially the object was created like this =>
Confluence(url=url, username=username, password=password)
Since the env variable REQUESTS_CA_BUNDLE seems to not have any effect I was trying to pass the file path directly to the Confluence() object =>
Confluence(url=url, username=username, password=password, verify_ssl='/path/to/certs/certs.pem')
I was checking the confluence Api and I saw in the AtlassianRestAPI (Confluence extends AtlassianRestAPI) assigns
verify=self.verify_ssl
inside requests() calls.
This didn't work either, then I tried this =>
Confluence(url=url, username=username, password=password, verify_ssl=False)
This worked as expected, it ignored the ssl error and moved on.
I am so confused because,
if someone presented me the above issue, I would definitely believed that there is an issue with the certs.pem.
But, I have checked to my best of my knowledge and verified the certificates.
They are in the proper format, I have downloaded all the chain from the browser, no non-printable inside the file and when I was inside the interactive python shell
the very same certs.pem was accepted by python requests()
If my certs.pem is fine I was thinking that maybe the session is initiated somewhere in advance
(see my note few lines above when I was in python shell)
before it reach the point that I am defining the path,
But if that was true, when I was trying =>
Confluence(url=url, username=username, password=password, verify_ssl=False)
it shouldn't be working.
What am I missing, I know that I am doing something wrong, but I don't know what else should I check. :/
hi, I don't know if you were able to fix your problem or if this might help you, but I also hat [SSL: CERTIFICATE_VERIFY_FAILED], which was solved by installing 'pip-system-certs'. Hope this helps
Hello guys,
I have an issue with python requests. It was a struggle for more than a day, I hope I can give a clear and simple view, please bare with me. Let me try to give some context. There is a python script (runs inside a container) that creates a Confluence() object (from atlassian-python-api/atlassian /confluence.py) pointing to our confluence pages. The script throws this error =>
To my understanding, requests() is not aware of our own certificate chain, thus is complaining to not be able to get local issuer. Ok, the script has already a place where is defining the env variable
REQUESTS_CA_BUNDLE
pointing to the proper file contains the certificate chain. And the order inside the file is proper. The root at the bottom and the way up to the last intermediate.I have checked if the
REQUESTS_CA_BUNDLE
is actually pointing to the correct file. I have checked that the file itself contains the proper certificates. I have even went inside the container in an interactive python shell and created as = requests.Session()
and played a little bit around. (I have noticed that when you have initiated the session, it doesn't check again the ssl encryption. For instance if I define verify=False in the session, if I call it again and giveverify='/path/to/certs/certs.pem'
, it will not take it into account) So, since I was inside the container and therequests()
where fine with the certs.pem I do not have a reason to challenge the certs.pem?!Now, back to the confluence object. Initially the object was created like this =>
Confluence(url=url, username=username, password=password)
Since the env variable
REQUESTS_CA_BUNDLE
seems to not have any effect I was trying to pass the file path directly to theConfluence()
object =>Confluence(url=url, username=username, password=password, verify_ssl='/path/to/certs/certs.pem')
I was checking the confluence Api and I saw in the AtlassianRestAPI (Confluence extends AtlassianRestAPI) assignsverify=self.verify_ssl
insiderequests()
calls. This didn't work either, then I tried this =>Confluence(url=url, username=username, password=password, verify_ssl=False)
This worked as expected, it ignored the ssl error and moved on.I am so confused because, if someone presented me the above issue, I would definitely believed that there is an issue with the certs.pem. But, I have checked to my best of my knowledge and verified the certificates. They are in the proper format, I have downloaded all the chain from the browser, no non-printable inside the file and when I was inside the interactive python shell the very same certs.pem was accepted by python requests() If my certs.pem is fine I was thinking that maybe the session is initiated somewhere in advance (see my note few lines above when I was in python shell) before it reach the point that I am defining the path, But if that was true, when I was trying =>
Confluence(url=url, username=username, password=password, verify_ssl=False)
it shouldn't be working.What am I missing, I know that I am doing something wrong, but I don't know what else should I check. :/