pythonseqcertifi

SeqLog unable to get local issuer certificate


I am trying to set up seqlog in python on a corporate environment, but getting

[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1076) with an internal certificate.

Apparently you can disable the checks using

requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

but doing the following gives me "ModuleNotFoundError: No module named 'seqlog.requests'":

import seqlog
from seqlog.requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

How can I either import the certificate into python system-wide, or disable the error within the seqlog package?

Full stacktrace:

-- Logging error ---
Traceback (most recent call last):
  File "C:\Program Files\Python37\lib\site-packages\urllib3\connectionpool.py", line 672, in urlopen
    chunked=chunked,
  File "C:\Program Files\Python37\lib\site-packages\urllib3\connectionpool.py", line 376, in _make_request
    self._validate_conn(conn)
  File "C:\Program Files\Python37\lib\site-packages\urllib3\connectionpool.py", line 994, in _validate_conn
    conn.connect()
  File "C:\Program Files\Python37\lib\site-packages\urllib3\connection.py", line 394, in connect
    ssl_context=context,
  File "C:\Program Files\Python37\lib\site-packages\urllib3\util\ssl_.py", line 370, in ssl_wrap_socket
    return context.wrap_socket(sock, server_hostname=server_hostname)
  File "C:\Program Files\Python37\lib\ssl.py", line 423, in wrap_socket
    session=session
  File "C:\Program Files\Python37\lib\ssl.py", line 870, in _create
    self.do_handshake()
  File "C:\Program Files\Python37\lib\ssl.py", line 1139, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1076)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Program Files\Python37\lib\site-packages\requests\adapters.py", line 449, in send
    timeout=timeout
  File "C:\Program Files\Python37\lib\site-packages\urllib3\connectionpool.py", line 720, in urlopen
    method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]
  File "C:\Program Files\Python37\lib\site-packages\urllib3\util\retry.py", line 436, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='test.server.corp', port=5341): Max retries exceeded with url: /api/events/raw (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1076)')))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Program Files\Python37\lib\site-packages\seqlog\structured_logging.py", line 374, in publish_log_batch
    stream=True  # prevent '362'
  File "C:\Program Files\Python37\lib\site-packages\requests\sessions.py", line 581, in post
    return self.request('POST', url, data=data, json=json, **kwargs)
  File "C:\Program Files\Python37\lib\site-packages\requests\sessions.py", line 533, in request
    resp = self.send(prep, **send_kwargs)
  File "C:\Program Files\Python37\lib\site-packages\requests\sessions.py", line 646, in send
    r = adapter.send(request, **kwargs)
  File "C:\Program Files\Python37\lib\site-packages\requests\adapters.py", line 514, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='test.server.corp', port=5341): Max retries exceeded with url: /api/events/raw (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1076)')))
Call stack:
  File "C:\Program Files\Python37\lib\logging\__init__.py", line 2033, in shutdown
    h.flush()
  File "C:\Program Files\Python37\lib\site-packages\seqlog\structured_logging.py", line 320, in flush
    self.consumer.flush()
  File "C:\Program Files\Python37\lib\site-packages\seqlog\consumer.py", line 67, in flush
    self.callback(current_batch)
  File "C:\Program Files\Python37\lib\site-packages\seqlog\structured_logging.py", line 379, in publish_log_batch
    self.handleError(batch[0])
Message: 'Test log message'
Arguments: ()
Response from Seq was unavailable.

Solution

  • Had this question ready to post, but found the answer on one last attempt via user "vitekzach" at https://github.com/tintoy/seqlog/issues/21#issuecomment-547490928

    Hi, thanks for the suggestion!

    I am not a big fan of turning off the verification, especially since it involved editing the package.

    I found another solution though - requests uses package called certifi that has a list of certificates, >so all I had to do it export the relevant certificate (in my case root) in base-64 encoding and >appending it to the cacert.pem file that is inside the certifi package.