I am using youtube-dl which makes a request to a server , but now I am getting a SSL error like this:
ERROR: Unable to download JSON metadata: <urlopen error [Errno 1] _ssl.c:504:
error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
failure> (caused by URLError(SSLError(1, '_ssl.c:504: error:14077410:SSL
routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure'),))
Is there a way to fix this?
I'm using Python 2.7.3 and requests==2.13.0
Related
New to snowsql.
Installed snowsql and ran the command snowsql -a <account_name> -u <user_name> and that failed
with below error:
2022-04-28 18:50:59,058 (21492/MainThread)
snowflake.connector.vendored.urllib3.connectionpool WARNING
connectionpool:781 - Retrying (Retry(total=0, connect=None,
read=None, redirect=None, status=None)) after connection broken by
'SSLError(SSLError("bad handshake: Error([('SSL routines',
'tls_process_server_certificate', 'certificate verify
failed')],)",),)':
/session/v1/login-request?request_id=#####&request_guid=#####
2022-04-28 18:50:59,059 (21492/MainThread)
snowflake.connector.vendored.urllib3.connectionpool DEBUG
connectionpool:975 - Starting new HTTPS connection (2):
<account_name>.snowflakecomputing.com:443 2022-04-28 18:50:59,227
(21492/MainThread) snowflake.connector.network DEBUG
network:1034 - Hit non-retryable SSL error,
HTTPSConnectionPool(host='<account_name>.snowflakecomputing.com',
port=443): Max retries exceeded with url:
/session/v1/login-request?request_id=0b8e3a19-e618-4554-93a9-eb3a8c6d3a11&request_guid=97351d12-de91-422b-aecc-2fe38bef3032
(Caused by SSLError(SSLError("bad handshake: Error([('SSL routines',
'tls_process_server_certificate', 'certificate verify
failed')],)",),))
even tried running
snowsql -a <account_name> -u <user_name> -o insecure_mode=True
the result was the same.
Not sure if i need to make any change to SYSTEM$WHITELIST.
the snowcd after installing worked just fine.
The SSL certificate error is due to an SSL proxy that intercepts the SSL/TLS certificate by decrypting the certificate, inspecting and re-encrypting the certificate. Some SSL proxies insert an extra certificate into the SSL chain.
This action renders the certificate chain invalid, as Snowflake doesn't support an SSL proxy that decrypts our certificate and replaces the certificate. SSL-TLS Interception (AKA TLS Proxy or HTTPS Interception) is by definition a Man-In-The-Middle attack. Therefore, this is a risk to Snowflake and it will not be supported.
Please refer to the document here:
https://docs.snowflake.com/en/user-guide/snowsql-start.html
Snowflake's security model does not allow Secure Sockets Layer (SSL) proxies (using an HTTPS certificate). Your proxy server must use a publicly-available Certificate Authority (CA), reducing potential security risks such as a MITM (Man In The Middle) attack through a compromised proxy.
If you must use your SSL proxy, we strongly recommend that you update the server policy to pass through the Snowflake certificate such that no certificate is altered in the middle of communications.
To use Snowsql insecure mode, you will need to edit the Snowsql config file by adding the following to the [option] section:
insecure_mode = True
The configuration file can be found in either one of these locations:
/etc/snowsql.cnf
/etc/snowflake/snowsql.cnf
/usr/local/etc/snowsql.cnf
<HOME_DIR>/.snowsql.cnf (supported only for backward compatibility)
<HOME_DIR>/.snowsql/config
Please refer to the Snowsql config guide here: https://docs.snowflake.com/en/user-guide/snowsql-config.html
This question already has answers here:
Python requests SSL error - certificate verify failed
(5 answers)
"SSL: certificate_verify_failed" error when scraping https://www.thenewboston.com/
(7 answers)
Python Requests getting SSLerror
(6 answers)
Closed 1 year ago.
I've tried to execute a GET with python requests on a Website (that perfectly works when visited with Firefox or Google Chrome) but it fails with the following exception:
requests.exceptions.SSLError: HTTPSConnectionPool(host='api.example.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1091)')))
the interesting thing is that if I execute the GET on an other Subdomain (of the same website) it is:
api.example.com Exception
app.example.com It Works
and BOTH are certified with the SAME ROOT CA and both works on Firefox or Google Chrome.
In particular the code is the following (a very simple request)
import requests
import json
s = requests.Session()
# execute the get
r = s.get("https://api.example.com/"
and Throws the Exception:
requests.exceptions.SSLError: HTTPSConnectionPool(host='api.example.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1091)')))
Insted if I execute:
r = s.get("https://app.example.com/"
it works without any problem!
And I remark that boot are Signed and Cerfiticated by the same Root CA.
And Both works correctly if visited with Firefox or Google Chrome.
I don't know what to do...
Thanks for any hint...
p.s.
All the CAs are updated to the latest version.
And the versions of the packages are:
urllib3-1.26.6
certifi-2021.5.30
I am hosting a site using SSL / HTTPS, and am attempting to make a request to it from a Python 2.7 script on the server (Ubuntu 18.04).
When running the script, I get this error:
requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727)
However, when I run curl --verbose -X GET -I <url> on the same server, it says the certificate was verified.
I do know that the cert is in fact valid and is not a self signed cert.
Any ideas on what I can do to get python to accept that cert?
Edit: here's the code to trigger the issue. Note that I'm not including the URL as it is not accessible to the general public:
import requests
r = requests.get('https://www.example.org')
print r.status_code
How can I send an https get request to a local IP address in python?
When I do:
import requests
requests.get("https://192.168.23.10")
I get this:
SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:847)
Do I have to install a certificate so I can send https requests?
I am trying to use Google Cloud Profiler in a python script running locally. It seems it is having problems to connect with a metadata server:
WARNING:googlecloudprofiler.client:Failed to fetch instance/zone from GCE metadata server: HTTPConnectionPool(host='metadata', port=80): Max retries exceeded with url: /computeMetadata/v1/instance/zone (Caused by NewConnectionError(': Failed to establish a new connection: [Errno -2] Name or service not known',))
WARNING:googlecloudprofiler.client:Failed to fetch instance/name from
GCE metadata server: HTTPConnectionPool(host='metadata', port=80): Max
retries exceeded with url: /computeMetadata/v1/instance/name (Caused
by NewConnectionError(': Failed to establish a new connection: [Errno -2] Name
or service not known',))
Since the app seems to be running correctly and the profiler is collecting data successfully, is it OK if I just ignore the warnings or will I likely encounter some problems in the future?
If you're running locally (and haven't, for example, manually zone in the config), these warnings are expected, so ignoring them is definitely okay.
(Disclosure: I work at Google on Stackdriver Profiler)