I am trying to set up seqlog in python on a corporate environment, but getting
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1076) with an internal certificate.
Apparently you can disable the checks using
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
but doing the following gives me "ModuleNotFoundError: No module named 'seqlog.requests'"
:
import seqlog
from seqlog.requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
How can I either import the certificate into python system-wide, or disable the error within the seqlog package?
Full stacktrace:
-- Logging error ---
Traceback (most recent call last):
File "C:\Program Files\Python37\lib\site-packages\urllib3\connectionpool.py", line 672, in urlopen
chunked=chunked,
File "C:\Program Files\Python37\lib\site-packages\urllib3\connectionpool.py", line 376, in _make_request
self._validate_conn(conn)
File "C:\Program Files\Python37\lib\site-packages\urllib3\connectionpool.py", line 994, in _validate_conn
conn.connect()
File "C:\Program Files\Python37\lib\site-packages\urllib3\connection.py", line 394, in connect
ssl_context=context,
File "C:\Program Files\Python37\lib\site-packages\urllib3\util\ssl_.py", line 370, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "C:\Program Files\Python37\lib\ssl.py", line 423, in wrap_socket
session=session
File "C:\Program Files\Python37\lib\ssl.py", line 870, in _create
self.do_handshake()
File "C:\Program Files\Python37\lib\ssl.py", line 1139, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1076)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "C:\Program Files\Python37\lib\site-packages\requests\adapters.py", line 449, in send
timeout=timeout
File "C:\Program Files\Python37\lib\site-packages\urllib3\connectionpool.py", line 720, in urlopen
method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]
File "C:\Program Files\Python37\lib\site-packages\urllib3\util\retry.py", line 436, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='test.server.corp', port=5341): Max retries exceeded with url: /api/events/raw (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1076)')))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "C:\Program Files\Python37\lib\site-packages\seqlog\structured_logging.py", line 374, in publish_log_batch
stream=True # prevent '362'
File "C:\Program Files\Python37\lib\site-packages\requests\sessions.py", line 581, in post
return self.request('POST', url, data=data, json=json, **kwargs)
File "C:\Program Files\Python37\lib\site-packages\requests\sessions.py", line 533, in request
resp = self.send(prep, **send_kwargs)
File "C:\Program Files\Python37\lib\site-packages\requests\sessions.py", line 646, in send
r = adapter.send(request, **kwargs)
File "C:\Program Files\Python37\lib\site-packages\requests\adapters.py", line 514, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='test.server.corp', port=5341): Max retries exceeded with url: /api/events/raw (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1076)')))
Call stack:
File "C:\Program Files\Python37\lib\logging\__init__.py", line 2033, in shutdown
h.flush()
File "C:\Program Files\Python37\lib\site-packages\seqlog\structured_logging.py", line 320, in flush
self.consumer.flush()
File "C:\Program Files\Python37\lib\site-packages\seqlog\consumer.py", line 67, in flush
self.callback(current_batch)
File "C:\Program Files\Python37\lib\site-packages\seqlog\structured_logging.py", line 379, in publish_log_batch
self.handleError(batch[0])
Message: 'Test log message'
Arguments: ()
Response from Seq was unavailable.
Had this question ready to post, but found the answer on one last attempt via user "vitekzach" at https://github.com/tintoy/seqlog/issues/21#issuecomment-547490928
Hi, thanks for the suggestion!
I am not a big fan of turning off the verification, especially since it involved editing the package.
I found another solution though - requests uses package called certifi that has a list of certificates, >so all I had to do it export the relevant certificate (in my case root) in base-64 encoding and >appending it to the
cacert.pem
file that is inside the certifi package.