search

crate / crate-python

Python DB API client library for CrateDB, using HTTP.
https://cratedb.com/docs/python/
Apache License 2.0
79 stars 30 forks source link

connection fails when trying to connect with verfiy_ssl_cert=True #389

Closed proddata closed 3 years ago

proddata commented 3 years ago

Trying to connect to a CrateDB Cloud cluster with the default pyhton example currently fails, as the option verfiy_ssl_cert=True doesn't work. It seems like the client is looking for a local certificate, although the (valid) certificate from the cloud cluster is signed by a public/trusted certificate

from crate import client

conn = client.connect("https://<cluster>.cratedb.net:4200", username="<user>", password="<password>$", verify_ssl_cert=True)
with conn:
    cursor = conn.cursor()
    cursor.execute("SELECT name FROM sys.cluster")
    result = cursor.fetchone()
    print(result)
e

Error

ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1108)
mfussenegger commented 3 years ago

Might be related to your python installation and outdated ca bundles.

We could consider to add certifi as optional dependency. See https://github.com/urllib3/urllib3/blob/ccf907904d042625291472fe7a85971b62037948/docs/user-guide.rst#certificate-verification

proddata commented 3 years ago

after refreshing the python installation and uninstalling crash/crate it seems like the problems are gone. Maybe worth trying on a fresh installed macOS.

Though since I can't recreate the problem, I will close the issue.