I'm new to programming and am building my first app.. I'm building a kivy app trying to use mongoDB as the database. I can connect to a localhost to query and create documents. I cannot get it to connect to the atlas no matter what I try. I'm also using Pycharm and a venv.
Heres the basic info:
import pymongo
from pymongo.server_api import ServerApi
import mongoengine as mongo
import ssl
data = 'events'
username = 'admin'
password = 'abc123'
host_name = 'mongodb+srv://events.xfmhxnj.mongodb.net'
uri = f'mongodb+srv://{username}:{password}#events.xfmhxnj.mongodb.net/'
mongo.connect(db=db,
username=username,
password=password,
host=host_name)
class Obj(mongo.Document):
name = mongo.StringField(required=True)
div = Obj()
div.name = 'test'
div.save()
which gives me this error: raise ServerSelectionTimeoutError( pymongo.errors.ServerSelectionTimeoutError: ac-liums0m-shard-00-00.xfmhxnj.mongodb.net:27017: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate
Then i looked up this error and found someone recommended:
mongo.connect(db=db,
username=username,
password=password,
host=host_name,
ssl=True,
ssl_cert_reqs=ssl.CERT_NONE,)
)
error: raise ConnectionFailure(f"Cannot connect to database {alias} :\n{e}") mongoengine.connection.ConnectionFailure: Cannot connect to database default : Unknown option ssl_cert_reqs
I don't understand why its an unknown option. pymongo has it listed in the example.
https://api.mongodb.com/python/3.3.0/examples/tls.html
I've also tried the string straight from Atlas:
client = pymongo.MongoClient(f"mongodb+srv://{username}:{password}#events.xfmhxnj.mongodb.net/?retryWrites=true&w=majority", server_api=ServerApi('1'))
db = client.test
client.server_info()
error: raise ServerSelectionTimeoutError( pymongo.errors.ServerSelectionTimeoutError: ac-liums0m-shard-00-01.xfmhxnj.mongodb.net:27017: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate
or if i just paste in the uri string from compass
mongo.connect('mongodb+srv://admin:abc123#events.xfmhxnj.mongodb.net/test')
error: raise InvalidName("database names cannot contain the character %r" % invalid_char) pymongo.errors.InvalidName: database names cannot contain the character '.'
any help is super appreciated! I feel like i've tried every combination of connection settings. This is the last thing i need before pushing my app to x-code
Have you tried using MongoClient(connection_string, tlsCAFile=certifi.where()) ?
Certifi provides Mozilla’s carefully curated collection of Root
Certificates for validating the trustworthiness of SSL certificates
while verifying the identity of TLS hosts.
Before testing the new code remember to do "pip install certifi".
Related
I'm trying to connect to a 21c ATP and 19c ADP (free tier, ACL enabled/configured with "My Address", TLS enabled (mTLS set to "Not required"), connection string contains "ssl_server_dn_match=yes") using Python's thin client but at the point of making a connection or setting up a connection pool, I get:
OperationalError: DPY-6005: cannot connect to database. Connection
failed with "[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify
failed: self signed certificate in certificate chain (_ssl.c:1131)"
Envioronment:
DB: ATP 21c and ADP 19c
Python client library: oracledb-1.2.1 (I've tried 1.2.0 and 1.1.1, as well, but to no avail)
Environment: Python 3.10.4 and 3.8.10 (running on Mac OS)
Code sample:
import oracledb
# copied from the ATP's "Database Connection"
cs='''(description= (retry_count=20)(retry_delay=3)(address=(protocol=tcps)(port=1521)(host=adb.uk-london-1.oraclecloud.com))(connect_data=(service_name=xxxx.adb.oraclecloud.com))(security=(ssl_server_dn_match=yes)))'''
connection = oracledb.connect(user="admin", password="<password>", dsn=cs)
with connection.cursor() as cursor:
try:
sql = """select systimestamp from dual"""
for r in cursor.execute(sql):
print(r)
except oracledb.Error as e:
error, = e.args
print(error.message)
print(sql)
if (error.offset):
print('^'.rjust(error.offset+1, ' '))
References:
I've used the following documents as a reference:
https://blogs.oracle.com/opal/post/easy-way-to-connect-python-applications-to-oracle-autonomous-databases
https://blogs.oracle.com/developers/post/writing-a-flask-application-using-python-oracledb
https://python-oracledb.readthedocs.io/en/latest/user_guide/installation.html
https://docs.oracle.com/en/cloud/paas/autonomous-database/adbsa/connecting-python-tls.html#GUID-CA446B91-BC48-4A66-BF69-B8D54B9CBAD4
That error tells you that the certificate supplied by the server is not one that any local certificate authority recognizes (which is necessarily the case with self-signed certificates). Two options are available to resolve this:
Tell the OS the certificate is acceptable by adding it to the OS certificate "store"
Use an Oracle wallet (ewallet.pem) that contains the relevant certificates and set the wallet_location parameter appropriately. This was discussed in this issue.
I'm trying to use aio-pika to establish a secured connection to rabbitmq, while disabling certificate verification.
According to the documentation you can pass both ssl boolean flag, and ssl_options dictionary.
I tried passing both, specifying ssl_option with no certificate, but it still fails.
connection = await connect_robust(
host=self.host,
virtualhost=self.rmq_vhost,
port=int(self.rmq_port),
login=self.rmq_user,
ssl=True,
ssl_options=None, # also tried dict(cert_reqs=ssl.CERT_NONE),
password=self.rmq_pass,
loop=main_loop)
The received error is:
[Errno 1] [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch, certificate is not valid for '10.0.0.1'. (_ssl.c:1122)
https://aio-pika.readthedocs.io/en/latest/apidoc.html?highlight=ssl#aio_pika.connect_robust
I do not want to (and cannot) change the server configuration. Would like to do it on the client side. I'm able to disable it and connect fine with programs written in other languages (typescript, .Net).
I'm using asyncpg to connect my database in Heroku postgresql, using python:
import asyncpg
async def create_db_pool():
bot.pg_con = await asyncpg.create_pool(dsn="postgres://....", host="....amazonaws.com", user="xxx", database="yyy", port="5432", password="12345")
it was working perfectly until I received an email from heroku advising me of a maintenance: Maintenance (DATABASE_URL on myappname) is starting now. We will update you when it has completed.
then this error appeared:
asyncpg.exceptions.InvalidAuthorizationSpecificationError: no pg_hba.conf entry for host "123.456.789.10", user "xxx", database "yyy", SSL off
I tried to follow some help, like putting ssl=True
but this error appeared:
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1108)
same as putting ssl="allow"
asyncpg.exceptions.InvalidPasswordError: password authentication failed for user "xxx"
what can I do to fix this?
Using the solution from this worked.
import ssl
ssl_object = ssl.create_default_context()
ssl_object.check_hostname = False
ssl_object.verify_mode = ssl.CERT_NONE
# connect elsewhere
pool = await asyncpg.create_pool(uri, ssl=ssl_object)
Note: You don't need to use any certificate like mentioned in the comment, as we set verify_mode to not use certificates.
I am trying to connect to a GCP Cloud SQL Instance using Python 3 and do not want to use the cloud proxy, I just want to connect directly using SSL certs so I followed the GCP guide here to connect from a public IP secured with ssl keys.
Using this works for the mysql client:
mysql -uroot -pMyPassWord -h 1.2.3.4 --ssl-ca=server-ca.pem --ssl-cert=client-cert.pem --ssl-key=client-key.pem
But when I do what I believe is the same in Python I get an error:
from sqlalchemy import create_engine
db_connect_string='mysql+mysqldb://root:MyPassWord#1.2.3.4:3306/mydb'
ssl_args = {'ssl': {'ssl_cert':'./client-cert.pem', 'ssl_key':'./client-key.pem', 'ssl_ca':'./server-ca.pem'}}
engine = create_engine(db_connect_string, connect_args=ssl_args)
print(engine.table_names())
The error is:
sqlalchemy.exc.OperationalError:
(MySQLdb._exceptions.OperationalError) (1045, "Access denied for user
'root'#'1.2.3.4' (using password: YES)") (Background on this error at:
http://sqlalche.me/e/e3q8)
Which is straight forward enough if it wasn't for the fact that I:
Have already added my public IP address 1.2.3.4/32 as an authorised network.
I can access via mysql client so why does the restriction not apply there?
What am I missing?
OK finally got this working. The error message is misleading as you'd expect it to be related to whitelisting my IP but it's not. Here is the working code:
from sqlalchemy import create_engine
db_connect_string='mysql+mysqldb://root:MyPassWord#1.2.3.4:3306/mydb'
ssl_args = {'ssl': {'cert':'./client-cert.pem', 'key':'./client-key.pem', 'ca':'./server-ca.pem'}}
engine = create_engine(db_connect_string, connect_args=ssl_args)
print(engine.table_names())
The mysqlclient needs a dictionary called ssl with key pairs but all other answers I could find on stack had either the wrong ones or maybe they've been changed.
Here's the link to the dictionary required to pass as an argument:
https://mysqlclient.readthedocs.io/user_guide.html#installation
Here is the MySQL documentation which explains the arguments:
https://dev.mysql.com/doc/refman/8.0/en/mysql-ssl-set.html
Full list of arguments here:
mysql: The connection handler returned from mysql_init().
key: The path name of the client private key file.
cert: The path name of the client public key certificate file.
ca: The path name of the Certificate Authority (CA) certificate file.
This option, if used, must specify the same certificate used by the
server.
capath: The path name of the directory that contains trusted SSL CA
certificate files.
cipher: The list of permissible ciphers for SSL encryption.
I am trying to establish a connection to my mongodb database via atlas and pymongo. I am connecting my application using the connection string given from atlas page, and everything seems to be working fine. I can connect to my database but then I get an error message when I try to count how many entries are in my database/retrieve/send data to atlas.
import pymongo
import dns
client = pymongo.MongoClient("mongodb+srv://username:<password>#storedinputs-vc4cl.mongodb.net/test?retryWrites=true")
db = client.get_database("dbname")
records = db.collectiontable
count = records.count_documents({})
print(count)
Then I get the following error:
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issue
r certificate (_ssl.c:1056),storedinputs-shard-00-00-vc4cl.mongodb.net:27017: [SSL: CERTIFICATE_VERIFY_FAILED] cer
tificate verify failed: unable to get local issuer certificate (_ssl.c:1056)
Again I've tried it line by line and everything works fine until I try and count the amount of documents in my collection. I appreciate all the help I can get.
Try with
client = pymongo.MongoClient("mongodb+srv://username:<password>#storedinputs-vc4cl.mongodb.net/test", ssl=True,ssl_cert_reqs='CERT_NONE')
It should work.
Just add '&ssl=true&ssl_cert_reqs=CERT_NONE' to the db string and it will work fine !
Take a look at the troubleshooting section in PyMongo documentation, it covers the issue you are experiencing together with possible solutions.