Develop Reference

MongoEngine cannot connect through Atlas Uri string. Tried everything

I'm new to programming and am building my first app.. I'm building a kivy app trying to use mongoDB as the database. I can connect to a localhost to query and create documents. I cannot get it to connect to the atlas no matter what I try. I'm also using Pycharm and a venv.
Heres the basic info:
import pymongo
from pymongo.server_api import ServerApi
import mongoengine as mongo
import ssl
data = 'events'
username = 'admin'
password = 'abc123'
host_name = 'mongodb+srv://events.xfmhxnj.mongodb.net'
uri = f'mongodb+srv://{username}:{password}#events.xfmhxnj.mongodb.net/'
mongo.connect(db=db,
username=username,
password=password,
host=host_name)
class Obj(mongo.Document):
name = mongo.StringField(required=True)
div = Obj()
div.name = 'test'
div.save()
which gives me this error: raise ServerSelectionTimeoutError( pymongo.errors.ServerSelectionTimeoutError: ac-liums0m-shard-00-00.xfmhxnj.mongodb.net:27017: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate
Then i looked up this error and found someone recommended:
mongo.connect(db=db,
username=username,
password=password,
host=host_name,
ssl=True,
ssl_cert_reqs=ssl.CERT_NONE,)
)
error: raise ConnectionFailure(f"Cannot connect to database {alias} :\n{e}") mongoengine.connection.ConnectionFailure: Cannot connect to database default : Unknown option ssl_cert_reqs
I don't understand why its an unknown option. pymongo has it listed in the example.
https://api.mongodb.com/python/3.3.0/examples/tls.html
I've also tried the string straight from Atlas:
client = pymongo.MongoClient(f"mongodb+srv://{username}:{password}#events.xfmhxnj.mongodb.net/?retryWrites=true&w=majority", server_api=ServerApi('1'))
db = client.test
client.server_info()
error: raise ServerSelectionTimeoutError( pymongo.errors.ServerSelectionTimeoutError: ac-liums0m-shard-00-01.xfmhxnj.mongodb.net:27017: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate
or if i just paste in the uri string from compass
mongo.connect('mongodb+srv://admin:abc123#events.xfmhxnj.mongodb.net/test')
error: raise InvalidName("database names cannot contain the character %r" % invalid_char) pymongo.errors.InvalidName: database names cannot contain the character '.'
any help is super appreciated! I feel like i've tried every combination of connection settings. This is the last thing i need before pushing my app to x-code

Have you tried using MongoClient(connection_string, tlsCAFile=certifi.where()) ?
Certifi provides Mozilla’s carefully curated collection of Root
Certificates for validating the trustworthiness of SSL certificates
while verifying the identity of TLS hosts.
Before testing the new code remember to do "pip install certifi".

Python requests.get "unable to get local issuer certificate" - but self-signed cert is installed (Windows)

I’m writing a Python script that will monitor our Tesla PowerWall Gateway, but am stuck on this SSL problem.
HTTPSConnectionPool(host='powerwall', port=443): Max retries exceeded with url: /api/system_status/soe (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1108)')))
import json
import os
import requests
import sys
from requests.auth import HTTPDigestAuth
if __name__ == "__main__":
scriptPath = os.path.split(os.path.abspath(__file__))[0] # Where am I, and the local copy of the cert
#scriptPath = os.path.split(requests.certs.where(),)[0] # Where is requests looking for certs?
cert = os.path.join(scriptPath, 'PW2.pem')
#os.environ['REQUESTS_CA_BUNDLE'] = cert
#os.environ['REQUESTS_CA_BUNDLE'] = scriptPath
try:
response = None
query = "https://powerwall/api/system_status/soe"
with requests.Session() as session:
session.auth = (HTTPDigestAuth('myEmail', 'PW_PWD'))
session.timeout = 20
session.verify = True
#session.verify = cert
#session.load_cert_chain = "PW2.pem"
#session.load_cert_chain = cert
response = session.get(query)
except Exception as e:
print(str(e))
Despite all I’ve tried I still can’t get past this error. Yes, setting verify=False is an obvious work-around, but I’m trying to do this the ‘right’ way.
Setup:
Windows 10 PC
Python 3.8.2
I’ve downloaded the certificate from the Gateway and added it to the Local Machine store on my PC, in the Trusted Root Certification Authorities folder.
Windows can open it OK, showing the various SANs, including “powerwall”, which is how I’m addressing it in my call to requests.get. That says to me the integrity of the cert is good. (Its 'intended purposes' are Server Authentication & Client Authentication.)
I’ve installed python-certifi-win32, then later uninstalled it and installed pip-system-certs as per this SO answer to no avail.
I’ve added the PW’s cert to cacert.pem in the folder returned by requests.certs.where(): C:\Python38\lib\site-packages\certifi\cacert.pem
The commented-out code are variations I’ve performed along the way.
In the doco for ‘requests’ is a mention of this issue: “For example: Self-signed SSL certificates specified in REQUESTS_CA_BUNDLE will not be taken into account.” and a way around it, but that wasn’t successful either.
What have I missed?
Please don’t tell me it’s the 2047 expiry date of the cert…
TIA.

SSL error CERTIFICATE_VERIFY_FAILED with Locust when using Docker

It's my first try at Locus, and unfortunately I don't know Python.
I'm trying a simple request to a valid https server, and I see this error:
SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to
get local issuer certificate
After some research I tried to add this:
import gevent
import geventhttpclient.connectionpool
geventhttpclient.connectionpool.SSLConnectionPool.default_options = {
"cert_reqs": gevent.ssl.CERT_NONE,
}
or this:
import requests
requests.packages.urllib3.disable_warnings() # disable SSL warnings
I run Locust as instructed:
docker-compose up --scale worker=4
How can I test https sites with Locust?
Thanks in advance
Regards

You can do turn the verification off by adding below method:
def on_start(self):
""" on_start is called when a Locust start before any task is scheduled """
self.client.verify = False

While connecting to a server with a self-signed certificate I had a similar problem. I successfully disabled the certificate verification using the following code (from Locust):
import gevent
from geventhttpclient.url import URL
from geventhttpclient import HTTPClient
def insecure_ssl_context_factory():
context = gevent.ssl.create_default_context()
context.check_hostname = False
context.verify_mode = gevent.ssl.CERT_NONE
return context
url = URL(server)
http = HTTPClient.from_url(url, insecure=True, ssl_context_factory=insecure_ssl_context_factory)

asyncpg error: "no pg_hba.conf entry for host" in Heroku

I'm using asyncpg to connect my database in Heroku postgresql, using python:
import asyncpg
async def create_db_pool():
bot.pg_con = await asyncpg.create_pool(dsn="postgres://....", host="....amazonaws.com", user="xxx", database="yyy", port="5432", password="12345")
it was working perfectly until I received an email from heroku advising me of a maintenance: Maintenance (DATABASE_URL on myappname) is starting now. We will update you when it has completed.
then this error appeared:
asyncpg.exceptions.InvalidAuthorizationSpecificationError: no pg_hba.conf entry for host "123.456.789.10", user "xxx", database "yyy", SSL off
I tried to follow some help, like putting ssl=True
but this error appeared:
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1108)
same as putting ssl="allow"
asyncpg.exceptions.InvalidPasswordError: password authentication failed for user "xxx"
what can I do to fix this?

Using the solution from this worked.
import ssl
ssl_object = ssl.create_default_context()
ssl_object.check_hostname = False
ssl_object.verify_mode = ssl.CERT_NONE
# connect elsewhere
pool = await asyncpg.create_pool(uri, ssl=ssl_object)
Note: You don't need to use any certificate like mentioned in the comment, as we set verify_mode to not use certificates.

Python/SSL authentification

I am trying to connect to the Visa Direct API, but i am not passing the basic SSL certificate authetification, here is my code:
import requests
headers = { 'Content-Type' : 'Application/json' }
url = 'https://sandbox.visa.com/rsrv_vpp/v1/acnl'
payload = {"SystemsTraceAuditNumber":565690,
"RetrievalReferenceNumber":"505012455690",
"AcquiringBin":409999,
"AcquirerCountryCode":"840",
"PrimaryAccountNumber":"4895070000008881"}
r = requests.post(url, data=json.dumps(payload),
cert =('/etc/ssl/certs/sandbox_cert.pem'), headers=headers,
auth=('370df57a-a8aa-4446-a23e-44a0ef06ea09',
'6023e518-c36c-47a8-b16e-c8a5b3a941ef'))
Ass you can see i am using request and passing the cert argument along with the API user and password info but i keep getting the error:
requests.exceptions.SSLError: [Errno 1] _ssl.c:510: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

I get a SSL error when I try to open https://sandbox.visa.com/rsrv_vpp/v1/acnl in Google Chrome.
The Visa Docs say
SSL Server Authentication
The SSL server certificate installed on sandbox.visa.com servers is a
Visa issued self-signed certificate. Client applications need to add
the sandbox.visa.com SSL certificate to their local trust store to
prevent SSL Handshake errors at runtime.
Ensure that your application that connects to the Visa Direct API is
configured (or built) to use the trusted certificate store as a trust
store, and not a key store.
Verify that the application is configured to use the right password
associated with the trust store file.
It looks like you need to do do some SSL Authentication before you can connect to Visa.