-
Notifications
You must be signed in to change notification settings - Fork 25
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Certificate Verification Failing with urllib3>=1.25 #11
Comments
Hi @joshowen ! From that stack trace it looks like the SSL certificate received by your application when communicating with New Relic is failing to validate.
Do you have a CA certificate bundle installed on the application machine? The SDK currently makes use of the default system certificate stores so if there aren't any certificates, that would explain the failure. |
Hi @joshowen , I'm going to close this issue for now since it appears the the SDK is operating as intended, but feel free to reopen if we haven't properly addressed this. The preferred way to fix this issue is to install os level certificates. However, another way to work around this issue is to use the certifi package and override the
import os
import certifi
from newrelic_telemetry_sdk import GaugeMetric, MetricClient
class CertifiConnectionPool(MetricClient.POOL_CLS):
def __init__(self, *args, **kwargs):
# Use certificates from certifi
kwargs["ca_certs"] = certifi.where()
super(CertifiConnectionPool, self).__init__(*args, **kwargs)
class CertifiMetricClient(MetricClient):
POOL_CLS = CertifiConnectionPool
metric = GaugeMetric("hello_world", 1)
client = CertifiMetricClient(os.environ["NEW_RELIC_INSERT_KEY"])
response = client.send(metric)
response.raise_for_status()
print("Metric sent!") |
Hi, |
Hi folks, I just wanted to give an update - this looks related to urllib3+pyopenssl. We have a reproduction using pure urllib3+pyopenssl: import urllib3
from urllib3.contrib.pyopenssl import inject_into_urllib3
inject_into_urllib3()
conn = urllib3.connection_from_url("https://example.com", retries=False)
response = conn.request("GET", "/")
conn.close()
print(response.status) Unfortunately, we haven't had the opportunity to investigate further but if anybody in the community knows what's going on, feel free to chime in! 😄 |
This is likely being monkeypatched for most folks by |
Fixed upstream in psf/requests#5443 |
The following error happens with urllib3>=1.25, and is not present with urllib<1.25. For what it's worth, this was triggered with the NewRelic Airflow metrics package.
The text was updated successfully, but these errors were encountered: