I try to make a local HTTPS connection to a XMLRPC api. Since I upgrade to python 2.7.9 that enable by default certificates verification, I got a CERTIFICATE_VERIFY_FAILED error when I use my API
>>> test=xmlrpclib.ServerProxy('https://admin:bz15h9v9n#localhost:9999/API',verbose=False, use_datetime=True)
>>> test.list_satellites()
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/local/lib/python2.7/xmlrpclib.py", line 1233, in __call__
return self.__send(self.__name, args)
File "/usr/local/lib/python2.7/xmlrpclib.py", line 1591, in __request
verbose=self.__verbose
File "/usr/local/lib/python2.7/xmlrpclib.py", line 1273, in request
return self.single_request(host, handler, request_body, verbose)
File "/usr/local/lib/python2.7/xmlrpclib.py", line 1301, in single_request
self.send_content(h, request_body)
File "/usr/local/lib/python2.7/xmlrpclib.py", line 1448, in send_content
connection.endheaders(request_body)
File "/usr/local/lib/python2.7/httplib.py", line 997, in endheaders
self._send_output(message_body)
File "/usr/local/lib/python2.7/httplib.py", line 850, in _send_output
self.send(msg)
File "/usr/local/lib/python2.7/httplib.py", line 812, in send
self.connect()
File "/usr/local/lib/python2.7/httplib.py", line 1212, in connect
server_hostname=server_hostname)
File "/usr/local/lib/python2.7/ssl.py", line 350, in wrap_socket
_context=self)
File "/usr/local/lib/python2.7/ssl.py", line 566, in __init__
self.do_handshake()
File "/usr/local/lib/python2.7/ssl.py", line 788, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)
>>> import ssl
>>> ssl._create_default_https_context = ssl._create_unverified_context
>>> test.list_satellites()
[{'paired': True, 'serial': '...', 'enabled': True, 'id': 1, 'date_paired': datetime.datetime(2015, 5, 26, 16, 17, 6)}]
Does exists a pythonic way to disable default certificate verification in python 2.7.9 ?
I don't realy know if it's good to change "private" global SSL attribute (ssl._create_default_https_context = ssl._create_unverified_context)
You have to provide an unverified SSL context, constructed by hand or using the private function _create_unverified_context() from ssl module:
import xmlrpclib
import ssl
test = xmlrpclib.ServerProxy('https://admin:bz15h9v9n#localhost:9999/API',
verbose=False, use_datetime=True,
context=ssl._create_unverified_context())
test.list_satellites()
Note: this code only works with python >= 2.7.9 (contextparameter was added in Python 2.7.9)
If you want to have a code compatible with previous Python version, you have to use the transport parameter:
import xmlrpclib
import ssl
context = hasattr(ssl, '_create_unverified_context') and ssl._create_unverified_context() \
or None
test = xmlrpclib.ServerProxy('https://admin:bz15h9v9n#localhost:9999/API',
verbose=False, use_datetime=True,
transport=xmlrpclib.SafeTransport(use_datetime=True,
context=context))
test.list_satellites()
It's possible to disable verification using the public ssl APIs existing on Python 2.7.9+:
import xmlrpclib
import ssl
ssl_ctx = ssl.create_default_context()
ssl_ctx.check_hostname = False
ssl_ctx.verify_mode = ssl.CERT_NONE
test = xmlrpclib.ServerProxy('https://admin:bz15h9v9n#localhost:9999/API',
verbose=False, use_datetime=True,
context=ssl_ctx)
test.list_satellites()
I think another way to disable certificate verification could be:
import xmlrpclib
import ssl
s=ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
s.verify_mode=ssl.CERT_NONE
test=xmlrpclib.Server('https://admin:bz15h9v9n#localhost:9999/API',verbose=0,context=s)
With Python 2.6.6 for example:
s = xmlrpclib.ServerProxy('https://admin:bz15h9v9n#localhost:9999/API', transport=None, encoding=None, verbose=0,allow_none=0, use_datetime=0)
It works for me...
Related
I am trying to connect Mongodb using AWS lambda but results SSL handshake error. I am using motor and Python 3.8 . There is successful connection to database most of time. When I look AWS cloud watchlogs , I found a error connecting to database in some logs.
This is code for connecting database.
from fastapi import FastAPI
from motor.motor_asyncio import AsyncIOMotorClient
from .mongodb import db
import certifi
from app.utility.config import MONGODB_URL
async def connect_to_mongo(app: FastAPI) -> None
db.client = AsyncIOMotorClient(str(MONGODB_URL),tls = True, tlsCAFile= certifi.where(),
maxPoolSize=MAX_CONNECTIONS_COUNT,
minPoolSize=MIN_CONNECTIONS_COUNT,
waitQueueMultiple = MAX_DB_THREADS_WAIT_COUNT,
waitQueueTimeoutMS = MAX_DB_THREAD_QUEUE_TIMEOUT_COUNT )
async def close_mongo_connection(app: FastAPI) -> None:
db.client.close()
Traceback
File "/var/task/pymongo/pool.py", line 1040, in _configured_socket
sock = ssl_context.wrap_socket(sock, server_hostname=host)
File "/var/lang/lib/python3.8/ssl.py", line 500, in wrap_socket
return self.sslsocket_class._create(
File "/var/lang/lib/python3.8/ssl.py", line 1040, in _create
self.do_handshake()
File "/var/lang/lib/python3.8/ssl.py", line 1309, in do_handshake
self._sslobj.do_handshake()
socket.timeout: _ssl.c:1114: The handshake operation timed out
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/var/task/pymongo/mongo_client.py", line 1869, in _process_periodic_tasks
self._topology.update_pool(self.__all_credentials)
File "/var/task/pymongo/topology.py", line 456, in update_pool
server.pool.remove_stale_sockets(generation, all_credentials)
File "/var/task/pymongo/pool.py", line 1252, in remove_stale_sockets
sock_info = self.connect(all_credentials)
File "/var/task/pymongo/pool.py", line 1280, in connect
sock = _configured_socket(self.address, self.opts)
File "/var/task/pymongo/pool.py", line 1053, in _configured_socket
_raise_connection_failure(address, exc, "SSL handshake failed: ")
File "/var/task/pymongo/pool.py", line 238, in _raise_connection_failure
raise NetworkTimeout(msg)
pymongo.errors.NetworkTimeout: SSL handshake failed: cluster0-***-******mongodb.net:******: _ssl.c:1114: The handshake operation timed out
My setup is Mac OS 10.13.6 (Updated), python 2.7.15 and I'm connected using a VPN (I needed to install the VPN certificate to decrypt HTTPs traffic).
The problem is I'm unable to connect to slack API
>>> import slackclient
>>> client = slackclient.SlackClient(myToken)
>>> client.server.rtm_connect()
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/slackclient/server.py", line 131, in rtm_connect
reply = self.api_requester.do(self.token, connect_method, timeout=timeout, post_data=kwargs)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/slackclient/slackrequest.py", line 104, in do
proxies=self.proxies
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/requests/api.py", line 112, in post
return request('post', url, data=data, json=json, **kwargs)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/requests/api.py", line 58, in request
return session.request(method=method, url=url, **kwargs)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/requests/sessions.py", line 512, in request
resp = self.send(prep, **send_kwargs)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/requests/sessions.py", line 622, in send
r = adapter.send(request, **kwargs)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/requests/adapters.py", line 511, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='slack.com', port=443): Max retries exceeded with url: /api/rtm.start (Caused by SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:726)'),))
Versions are:
Python 2.7.15
certifi==2018.8.24
chardet==3.0.4
idna==2.7
jenkinsapi==0.3.6
pytz==2018.5
requests==2.19.1
setproctitle==1.1.10
six==1.11.0
slackclient==1.2.1
urllib3==1.23
websocket-client==0.51.0
I've found the problem.
From some reason, python does not use the certificates in my key chain but the ones in the openssl under /Library/Frameworks/Python.framework/Versions/2.7/etc/openssl/cert.pem
I've added the certificate at the bottom of file and the problem went away
Another solution,
In your Keychain access delete slack.com tokens
Another solution, add No cert option when slackclient invoke websocket-client
In file "c:/Python27/Lib/site-packages/slackclient/server.py"
add line 180, sslopt={'cert_reqs':0}
line 176: self.websocket = create_connection(ws_url,
line 177: http_proxy_host=proxy_host,
line 178: http_proxy_port=proxy_port,
line 179: http_proxy_auth=proxy_auth,
line 180: sslopt={'cert_reqs':0})
I'm trying to use my aws credentials file in boto but can't seem to get it to work. I'm new to python and boto so I'm looking at a bunch of stuff online trying to understand this.
All I'm trying to do right now is to just get all ec2 instances...here is my python code:
import boto
from boto import ec2
ec2conn = ec2.connection.EC2Connection(profile_name='profile_name')
ec2conn.get_all_instances()
when I run that, I get the following error:
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/boto/ec2/connection.py", line 585, in get_all_instances
max_results=max_results)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/boto/ec2/connection.py", line 681, in get_all_reservations
[('item', Reservation)], verb='POST')
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/boto/connection.py", line 1170, in get_list
response = self.make_request(action, params, path, verb)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/boto/connection.py", line 1116, in make_request
return self._mexe(http_request)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/boto/connection.py", line 913, in _mexe
self.is_secure)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/boto/connection.py", line 705, in get_http_connection
return self.new_http_connection(host, port, is_secure)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/boto/connection.py", line 747, in new_http_connection
connection = self.proxy_ssl(host, is_secure and 443 or 80)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/boto/connection.py", line 835, in proxy_ssl
ca_certs=self.ca_certificates_file)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 943, in wrap_socket
ciphers=ciphers)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 611, in __init__
self.do_handshake()
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 840, in do_handshake
self._sslobj.do_handshake()
ssl.SSLEOFError: EOF occurred in violation of protocol (_ssl.c:661)
I've also tried ec2conn.get_all_reservations() but got the same result...
In boto3, I can do this which works:
import boto3
session = boto3.Session(profile_name='dev')
session = boto3.Session(profile_name='profile_name')
dev_ec2 = session.client('ec2')
dev_ec2.describe_instances()
------EDIT--------
So I found this link on stack...Recommended way to manage credentials with multiple AWS accounts? and what I did was exported my AWS_PROFILE var
export AWS_PROFILE="profile_nm"
that worked when I did this:
>>> import boto
>>> conn = boto.connect_s3()
>>> conn.get_all_buckets()
And I got all of the s3 buckets back...
but when I did the above to get all the ec2 instances back...i still got the ssl.SSLEOFError above. It seems to work with s3 but not ec2 now...So, is the way I get all the Ec2 instances wrong?
I am trying to save an object to cloud backend using it's REST API in Python. Below is my code (referenced from here) and also the error I am seeing.
Here's my code:
import json, httplib
connection = httplib.HTTPSConnection("api.parse.com", 80)
connection.connect()
connection.request('POST', '/1/classes/TestApp', json.dumps({
"score": 1337,
"playerName": "Sean Plott",
"cheatMode": False
}), {
"X-Parse-application-id": "<my_application_id>",
"X-Parse-REST-API-Key": "<my_rest_api_key>",
"Content-type": "application/json"
})
result = json.loads(connection.getresponse().read())
Error:
mycomp-MBP:learningpython mycomp$ python parserestapi.py
Traceback (most recent call last):
File "parserestapi.py", line 4, in <module>
connection.connect()
File "/usr/local/Cellar/python/2.7.10_2/Frameworks/Python.framework/Versions/2.7 /lib/python2.7/httplib.py", line 1274, in connect
server_hostname=server_hostname)
File "/usr/local/Cellar/python/2.7.10_2/Frameworks/Python.framework/Versions/2.7 /lib/python2.7/ssl.py", line 352, in wrap_socket
_context=self)
File "/usr/local/Cellar/python/2.7.10_2/Frameworks/Python.framework/Versions/2.7 /lib/python2.7/ssl.py", line 579, in __init__
self.do_handshake()
File "/usr/local/Cellar/python/2.7.10_2/Frameworks/Python.framework/Versions/2.7 /lib/python2.7/ssl.py", line 808, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:590)
mycomp:learningpython mycomp$
Hate to answer my own question but I just found the answer. The 80 needed to be changed to 443.
https://parse.com/docs/rest/guide#objects-creating-objects
I am trying to visit gateway.playneverwinter.com with splinter
from splinter import Browser
browser = Browser()
browser.visit('https://gateway.playneverwinter.com')
if browser.is_text_present('Neverwinter'):
print("Yes, we made it to the entrance of the Prime Material Plane!")
else:
print("Fumble")
browser.quit()
It fails with
File "gateway_bot.py", line 10, in <module>
browser.visit('https://gateway.playneverwinter.com')
File "/usr/local/lib/python3.4/dist-packages/splinter/driver/webdriver/__init__.py", line 53, in visit
self.connect(url)
File "/usr/local/lib/python3.4/dist-packages/splinter/request_handler/request_handler.py", line 23, in connect
self._create_connection()
File "/usr/local/lib/python3.4/dist-packages/splinter/request_handler/request_handler.py", line 53, in _create_connection
self.conn.endheaders()
File "/usr/lib/python3.4/http/client.py", line 1061, in endheaders
self._send_output(message_body)
File "/usr/lib/python3.4/http/client.py", line 906, in _send_output
self.send(msg)
File "/usr/lib/python3.4/http/client.py", line 841, in send
self.connect()
File "/usr/lib/python3.4/http/client.py", line 1205, in connect
server_hostname=server_hostname)
File "/usr/lib/python3.4/ssl.py", line 364, in wrap_socket
_context=self)
File "/usr/lib/python3.4/ssl.py", line 578, in __init__
self.do_handshake()
File "/usr/lib/python3.4/ssl.py", line 805, in do_handshake
self._sslobj.do_handshake()
ssl.SSLEOFError: EOF occurred in violation of protocol (_ssl.c:598)
Firefox is able to connect and browse this site without issue, tough. After some diagnostic
$ openssl s_client -connect gateway.playneverwinter.com:443
CONNECTED(00000003)
139745006343840:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
I found that it looked like a fixed issue in OpenSSL and that forcing either SSLv3 or TLSv1 allowed me to connect (and that I could then download the target with cURL) e.g. either of
openssl s_client -ssl3 -connect gateway.playneverwinter.com:443
openssl s_client -tls1 -connect gateway.playneverwinter.com:443
According to the comments in the OpenSSL ticket, I expect that the issue is on the server side, but as I do not have access to it, it is quite unhelpful. So, for a quick fix, is there a way to force splinter to use SSLv3 or TLSv1?
After looking into it, the only way I can think of doing that would to be to go into that client.py file and change the initialization of their ssl stuff.
Following #Natecat suggestion, I wrote a monkey patch to force SSLv3 when this error occurs
# Monkey patch splinter to force SSLv3 on `ssl.SSLEOFError`
from splinter import request_handler
import ssl
from http import client as http_client
_old_req = request_handler.request_handler.RequestHandler._create_connection
def _splinter_sslv3_patch(self):
try:
_old_req(self)
except ssl.SSLEOFError:
self.conn = http_client.HTTPSConnection(self.host, self.port,
context=ssl.SSLContext(ssl.PROTOCOL_SSLv3))
self.conn.putrequest('GET', self.path)
self.conn.putheader('User-agent', 'python/splinter')
if self.auth:
self.conn.putheader("Authorization", "Basic %s" % self.auth)
self.conn.endheaders()
request_handler.request_handler.RequestHandler._create_connection = _splinter_sslv3_patch