Home Requests module throwing OpenSSL.SSL.Error
Reply: 0

Requests module throwing OpenSSL.SSL.Error

user2638
1#
user2638 Published in May 22, 2018, 9:08 pm

I'm using a REST API from euronext.com, to go any further I need to verify the server certificate and send my own client certificate through the module requests.

I already did some testing with curl, both .crt/.pem files were accepted.

But requests is still throwing :

DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): saturn-api-h.euronext.com
Traceback (most recent call last):
  File "C:\python36\lib\site-packages\urllib3\contrib\pyopenssl.py", line 441, in wrap_socket
cnx.do_handshake()
  File "C:\python36\lib\site-packages\OpenSSL\SSL.py", line 1806, in do_handshake
self._raise_ssl_error(self._ssl, result)
  File "C:\python36\lib\site-packages\OpenSSL\SSL.py", line 1546, in _raise_ssl_error
_raise_current_error()
  File "C:\python36\lib\site-packages\OpenSSL\_util.py", line 54, in exception_from_error_queue
raise exception_type(errors)
OpenSSL.SSL.Error: [('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')]

What I did try to solve the issue :

  • Follow the requests documentation
  • Update requests module to 2.18.4
  • Install pyOpenSSL 17.5.0
  • Check the .crt/.pem formating
  • Curl tests

Working curl:

curl -i -vvv -X POST https://saturn-api-h.euronext.com/SaturnWebServices/rest/Authentication/AuthenticateUser -H "Content-Type: application/json" --cert ./client.crt --cacert ./digicert-full-chain.crt

With a valid Authorization headers it return a 200 status code, without it 401 "Access denied!". If the certificate validation fails, it redirects to euronext.com with status code 302.

Problematic python:

endpoint = 'https://saturn-api-h.euronext.com/SaturnWebServices/rest/Authentication/AuthenticateUser'       
headers = { 'Content-Type': 'application/json', } #'Authorization': 'Basic <auth_string>',

r = requests.post(endpoint, headers = headers, verify = './digicert-full-chain.crt', cert = './client.crt')

Certificates:

  • digicert-full-chain.crt is containing the full chain from DigiCert:

    • DigiCertAssuredIDRootCA.pem
    • DigiCertSHA2AssuredIDCA.pem
    • DigiCertSHA2SecureServerCA.pem
  • client.crt is containg our certificate and its key.

Why is curl command working whereas python's requests module is failling?

Is there any way to show the complete handshake process from the requests module?

You need to login account before you can post.

About| Privacy statement| Terms of Service| Advertising| Contact us| Help| Sitemap|
Processed in 0.32156 second(s) , Gzip On .

© 2016 Powered by mzan.com design MATCHINFO