ConnectionError: OSError: File name too long when specifying ssl_ca_certs
soapergem opened this issue · 1 comments
Describe the bug
I am trying to connect to a Google MemoryStore instance of redis using aioredis. I can successfully connect using the sychronous redis library, but when trying to connect via aioredis I get a ConnectionError, which is really just a wrapper for an OSError. MemoryStore requires an SSL connection and provides a block of server CA certificates when you create the instance. Here is the code I use to connect (successfully) to the instance using the synchronous redis library:
import os
import redis
conn = redis.Redis(
host=os.getenv("REDIS_HOST"),
port=os.getenv("REDIS_PORT"),
password=os.getenv("REDIS_AUTH_STRING"),
ssl=True,
ssl_ca_data=os.getenv("REDIS_SERVER_CA_CERTS")
)
That works. I can issue commands like GET and SET, and so on. So I tried to migrate this same code to using aioredis instead.
To Reproduce
Unfortunately, I run into trouble as soon as I try and translate that into aioredis. Here's the code I've been trying to use:
import aioredis
import os
conn = aioredis.SSLConnection(
host=os.getenv("REDIS_HOST"),
port=os.getenv("REDIS_PORT"),
password=os.getenv("REDIS_AUTH_STRING"),
ssl_ca_certs=os.getenv("REDIS_SERVER_CA_CERTS")
)
Expected behavior
I would expect that I would be able to utilize that connection object. However, when I run await conn.connect()
I get the following traceback.
Logs/tracebacks
>>> await conn.connect()
Traceback (most recent call last):
File "/usr/local/lib/python3.9/site-packages/aioredis/connection.py", line 692, in connect
await self._connect()
File "/usr/local/lib/python3.9/site-packages/aioredis/connection.py", line 722, in _connect
ssl=self.ssl_context.get() if self.ssl_context else None,
File "/usr/local/lib/python3.9/site-packages/aioredis/connection.py", line 1083, in get
context.load_verify_locations(self.ca_certs)
OSError: [Errno 36] File name too long
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.9/concurrent/futures/_base.py", line 440, in result
return self.__get_result()
File "/usr/local/lib/python3.9/concurrent/futures/_base.py", line 389, in __get_result
raise self._exception
File "<console>", line 1, in <module>
File "/usr/local/lib/python3.9/site-packages/aioredis/connection.py", line 698, in connect
raise ConnectionError(self._error_message(e))
aioredis.exceptions.ConnectionError: Error 36 connecting to 10.170.56.27:6378. 36.
Python Version
$ python --version
Python 3.9.1
aioredis Version
$ python -m pip show aioredis
Name: aioredis
Version: 2.0.1
Summary: asyncio (PEP 3156) Redis support
Home-page: https://github.com/aio-libs/aioredis-py
Author: None
Author-email: None
License: MIT
Location: /usr/local/lib/python3.9/site-packages
Requires: typing-extensions, async-timeout
Required-by:
Additional context
No response
Code of Conduct
- I agree to follow the aio-libs Code of Conduct
I think I figured it out. I have the whole CA certificate set as an environment variable (i.e. starting with -----BEGIN CERTIFICATE-----
and ending with -----END CERTIFICATE-----
), but it seems the SSLConnection class doesn't expect this to be a string, but rather a file. So if I dump that env var into a file and then pass in the path of that file as the ssl_ca_certs
parameter, it works. I'll close my own issue.