I got an error when using setCredentials about sparqlwrapper HOT 7 CLOSED

seems related to #55

from sparqlwrapper.

Perfect, it's exactly what I suspect, I change and now it works perfectly.

from sparqlwrapper.

But I have another problem you can add to resolve in a row,

 urllib2.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)>

(Because now I'm using a test server with no ssl certificate.)

I solve this replacing line 537 in Wrapper.py with:

        import ssl
        ctx = ssl.create_default_context()
        ctx.check_hostname = False
        ctx.verify_mode = ssl.CERT_NONE
        response = urlopener(request, context=ctx)

from sparqlwrapper.

hmm, might be an ad-hoc fix for you, but i'm against adding this by default as it disables SSL certificate verification

from sparqlwrapper.

I think adding an option will be very useful, an option that is visible only if people need it. Obviously the standard setting will be to check SSL cert.

from sparqlwrapper.

Definitely need an option to specify some SSL related parameters. Either a verify='/path/to/public_key.pem' or a verify = False

from sparqlwrapper.

first, let me point you to https://www.python.org/dev/peps/pep-0476/

python by default uses and verifies the system provided ssl certs, which is a good thing.

if you want to ignore ssl verification for whatever reason you can already achieve this right now (but you should not) by using the 2nd attempt mentioned in https://www.python.org/dev/peps/pep-0476/#opting-out .

Another (IMO) much better approach is to actually verify the certificate with the help of the following two environment variables SSL_CERT_DIR and SSL_CERT_FILE:

$ python -c 'import ssl ; print ssl.get_default_verify_paths()'
DefaultVerifyPaths(cafile='/usr/local/etc/openssl/cert.pem', capath='/usr/local/etc/openssl/certs', openssl_cafile_env='SSL_CERT_FILE', openssl_cafile='/usr/local/etc/openssl/cert.pem', openssl_capath_env='SSL_CERT_DIR', openssl_capath='/usr/local/etc/openssl/certs')
$ SSL_CERT_DIR='/some/cert/dir' SSL_CERT_FILE='/some/cert/file.pem' python -c 'import ssl ; print ssl.get_default_verify_paths()'
DefaultVerifyPaths(cafile='/some/cert/file.pem', capath='/some/cert/dir', openssl_cafile_env='SSL_CERT_FILE', openssl_cafile='/usr/local/etc/openssl/cert.pem', openssl_capath_env='SSL_CERT_DIR', openssl_capath='/usr/local/etc/openssl/certs')

that said, i'm not against the possibility of customizing request parameters in any way. I'm just strongly against offering a default "ignore ssl" flag, which might give a false impression that it's somehow ok or a common case to ignore ssl errors.

So if someone wants to go ahead and allow passing along more options to urlopener, e.g. a context i won't stand in the way. What you should know though is that it long term SPARQLWrapper will probably base on the requests library (see #51), so maybe this is just a minor add-on then.

from sparqlwrapper.