SSL: CERTIFICATE_VERIFY_FAILED behind proxy
blcktgr73 opened this issue · 5 comments
Hi,
I have proxy server to use and try to send simple message.
token = 'Blah-Blah;
proxy_endpoint = 'http://proxyserverip:8080'
slack = Slacker(token,
http_proxy=proxy_endpoint,
https_proxy=proxy_endpoint,)
slack.chat.post_message('#somechannel', 'Hello!!')
However, error message comes as below
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)
I think there is some way to walk around disabling verify with get(..., verify=False).
Is this bug? Is there a way to do this walk around?
SB
I found temporary solution on this after trying to googling more on similar issues.
Below code works fine, however this has potential security issue. In addition, I think it needed to make a way to enable and disable certification verification during slacker creation.
response = method(API_BASE_URL.format(api=api),
timeout=self.timeout,
proxies=self.proxies,
verify=False,
**kwargs)
SB
I have a similar issue with a twist: our firewall blocks slack.com but allows workspace.slack.com. So I think I need to change the base URL used for the API request. Any thoughts?
I found a better fix for this. Actually, the root casue of this issue is that the user's own company cert file is not included in configuration file of certifi package (C:\Python\Python37-32\Lib\site-packages\certifi\cacert.pem). You can refer following link: https://stackoverflow.com/questions/52870795/windows-python-ssl-certificate-verify-failed
As described in the link, you need to add custom ca at the end of cacer.pem file.
Another link for doing this with python script : https://incognitjoe.github.io/adding-certs-to-requests.html
I think this link is also helpful understand certificate related issue for python: https://stackoverflow.com/questions/39356413/how-to-add-a-custom-ca-root-certificate-to-the-ca-store-used-by-pip-in-windows
I have a similar issue with a twist: our firewall blocks slack.com but allows workspace.slack.com. So I think I need to change the base URL used for the API request. Any thoughts?
Hi, @jonbackhaus. I didn't know that it's possible to use a different URL. What do you think about adding an optional init parameter like base_url
or base_api_url
where you can pass workspace.slack.com
instead?
I found a better fix for this. Actually, the root casue of this issue is that the user's own company cert file is not included in configuration file of certifi package (C:\Python\Python37-32\Lib\site-packages\certifi\cacert.pem). You can refer following link: https://stackoverflow.com/questions/52870795/windows-python-ssl-certificate-verify-failed
As described in the link, you need to add custom ca at the end of cacer.pem file.
Another link for doing this with python script : https://incognitjoe.github.io/adding-certs-to-requests.html
I think this link is also helpful understand certificate related issue for python: https://stackoverflow.com/questions/39356413/how-to-add-a-custom-ca-root-certificate-to-the-ca-store-used-by-pip-in-windows
Hi, @blcktgr73. So you can fix this issue without any code changes? Do we still need the verify
parameter?