SSLError bad handshake - Githubissues

databricks / databricks-sql-python

Databricks SQL Connector for Python

Apache License 2.0

171 stars 94 forks source link

SSLError bad handshake #221

Open dbarrundia-tiger opened 1 year ago

dbarrundia-tiger commented 1 year ago

Getting the following error when trying to connect to our warehouse:

from databricks import sql
your_token = '<token>'

connection = sql.connect(
  server_hostname="<>cloud.databricks.com",
  http_path="/sql/1.0/warehouses/<>",
  access_token=your_token
)

MaxRetryError: HTTPSConnectionPool(host='<>.cloud.databricks.com', port=443): Max retries exceeded with url: /sql/1.0/warehouses/<> (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))

We have tried:

connection = sql.connect(
  server_hostname="<>.cloud.databricks.com",
  http_path="/sql/1.0/warehouses/<>",
  access_token=your_token,
  _tls_no_verify=True)

and

connection = sql.connect(
  server_hostname="<>.cloud.databricks.com",
  http_path="/sql/1.0/warehouses/<>",
  access_token=your_token,
  _enable_ssl=False)

sokojh commented 1 year ago

Can you tell what environment your Python script is running in?

If it's running on mac local, then you're experiencing the same environment problem as me.

Luckily, I was able to resolve this issue.

Cause: Apparently python installed on a local mac sometimes doesn't come with an SSL certificate (I'm not sure). Solution: Go to your MAC terminal /Applications/Python\ {local python version e.g: 3.11}/Install\ Certificates.command Enter the command and wait for it to install. Then try running the script again, it works!

susodapop commented 1 year ago

Ditto @sokojh's comment. Depending on how you installed python on your mac, you can also find the Install Certificates.command within the Python 3.x directory in your /Applications folder.

dbarrundia-tiger commented 1 year ago

Thanks @susodapop this is not on a Mac unfortunately, it's on a Windows machine. Any ideas on what to do with that? Thanks so much!

dbarrundia-tiger commented 1 year ago

@susodapop also wouldn't _tls_no_verify and _enable_ssl help us here?

kravets-levko commented 1 month ago

@dbarrundia-tiger Were you able to figure out your issue? _tls_no_verify would just disable cert verification, so use it carefully (e.g. I wouldn't recommend to use it in production). Also plese note that due to bug, _tls_no_verify was ignored in some cases, so please try latest version of the library if it seems to be your case.