himoacs / iex_q

q/KDB+ api for getting market data from IEX
16 stars 3 forks source link

OpenSSL required on Mac? #1

Closed anujgoyal closed 6 years ago

anujgoyal commented 6 years ago

Your library looks super cool. I happen to be on a Mac - any thoughts on what I need to do?

$ asdf
KDB+ 3.6t 2017.10.30 Copyright (C) 1993-2017 Kx Systems
m32/ 4()core 8192MB agoyal3 agoyal3-mac01.lan 192.168.86.25 NONEXPIRE  

q)\l iex.q
q)get_last_trade`aapl`ibm
11122:error:02001002:system library:fopen:No such file or directory:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-64.50.6/src/crypto/bio/bss_file.c:356:fopen('/System/Library/OpenSSL/server-crt.pem','r')
11122:error:20074002:BIO routines:FILE_CTRL:system lib:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-64.50.6/src/crypto/bio/bss_file.c:358:
11122:error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-64.50.6/src/ssl/ssl_rsa.c:470:
11122:error:02001002:system library:fopen:No such file or directory:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-64.50.6/src/crypto/bio/bss_file.c:126:fopen('/System/Library/OpenSSL/cacert.pem','r')
11122:error:2006D080:BIO routines:BIO_new_file:no such file:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-64.50.6/src/crypto/bio/bss_file.c:129:
11122:error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-64.50.6/src/crypto/x509/by_file.c:274:
'conn. OS reports: Protocol not available
  [2]  /Users/agoyal3/github/data/z_scripts/iex.q:20: get_data:{[main_url;suffix;prefix;char_delta;identifier]
  result: (`$":https://",main_url) suffix," ",prefix;
          ^
  (char_delta + first result ss identifier) _ result
q))
himoacs commented 6 years ago

Hi, Thanks! I initially faced that problem too and the solution is on this page: https://code.kx.com/q/cookbook/ssl/.

Basically, you need to create some certificates.

Create some directory to store your certs and then run these commands there: //Create CA certificate openssl genrsa 2048 > ca-key.pem openssl req -new -x509 -nodes -days 3600 -key ca-key.pem -out ca.pem -extensions usr_cert -subj '/C=US/ST=New York/L=Brooklyn/O=Example Brooklyn Company/CN=examplebrooklyn.com'

//Create server certificate, remove passphrase, and sign it //server-crt.pem = public key, server-key.pem = private key openssl req -newkey rsa:2048 -days 3600 -nodes -keyout server-key.pem -out server-req.pem -extensions usr_cert -subj '/C=US/ST=New York/L=Brooklyn/O=Example Brooklyn Company/CN=myname.com' openssl rsa -in server-key.pem -out server-key.pem openssl x509 -req -in server-req.pem -days 3600 -CA ca.pem -CAkey ca-key.pem -set_serial 01 -out server-crt.pem -extensions usr_cert

// Create client certificate, remove passphrase, and sign it // client-crt.pem = public key, client-key.pem = private key openssl req -newkey rsa:2048 -days 3600 -nodes -keyout client-key.pem -out client-req.pem -extensions usr_cert -subj '/C=US/ST=New York/L=Brooklyn/O=Example Brooklyn Company/CN=myname.com' openssl rsa -in client-key.pem -out client-key.pem openssl x509 -req -in client-req.pem -days 3600 -CA ca.pem -CAkey ca-key.pem -set_serial 01 -out client-crt.pem -extensions usr_cert

Then, you need to set up some environment variables so that q knows where to get them from.

$ export SSL_CERT_FILE=$HOME/anaconda/ssl/server-crt.pem $ export SSL_KEY_FILE=$HOME/anaconda/ssl/server-key.pem $ export SSL_CA_CERT_FILE=$HOME/anaconda/ssl/cacert.pem $ export SSL_CA_CERT_PATH=$HOME/anaconda/ssl/

Once you have these set appropriately, code should work.

You can confirm that q is picking up correct paths:

q)(-26!)[] SSLEAY_VERSION | OpenSSL 0.9.8zg 14 July 2015 SSL_CERT_FILE | /Users/himanshugupta/anaconda/ssl/server-crt.pem SSL_CA_CERT_FILE | /Users/himanshugupta/anaconda/ssl/cacert.pem SSL_CA_CERT_PATH | /Users/himanshugupta/anaconda/ssl/ SSL_KEY_FILE | /Users/himanshugupta/anaconda/ssl/server-key.pem SSL_CIPHER_LIST | ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:.. SSL_VERIFY_CLIENT| NO SSL_VERIFY_SERVER| YES

Hope that helps!