Comments (18)
To accomplish the equivalent of TLSmode=require
def ssl_context() -> ssl.SSLContext:
context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
context.check_hostname = False
context.verify_mode = ssl.CERT_NONE
context.set_ciphers('DEFAULT:!DH')
return context
VERTICA_CONNECTION_INFO = {
'host': 'nopet.com',
'port': 5433,
'user': hrh_user,
'password': hrh_password,
'database': 'HRH',
'searchPath': hrh_schema,
'ssl': ssl_context()
}
connect(**VERTICA_CONNECTION_INFO)
from vertica-python.
Without this we have been unable to connect to our database using vertica_python
Have you tried to set 'ssl': True
in the connection settings?
from vertica-python.
Without this we have been unable to connect to our database using vertica_python
Have you tried to set
'ssl': True
in the connection settings?
Sure did, around 9.2 I believe is when vertica added TLSmode to ODBC, JDBC, and vsql. I have no control over our database and when they moved it to the cloud it started requiring TLSmode=require . Can absolutely not connect without that being set as an option on the client side. The python client seems to be the only client that is missing the feature.
from vertica-python.
If 'ssl': True
doesn't work, you may need 'ssl': <ssl.SSLContext object>
, which gives you the full control of the ssl socket: https://github.com/vertica/vertica-python#tlsssl
from vertica-python.
If
'ssl': True
doesn't work, you may need'ssl': <ssl.SSLContext object>
, which gives you the full control of the ssl socket: https://github.com/vertica/vertica-python#tlsssl
For connections with, JDBC, ODBC, and vsql the only parameter we need to provide outside of the normal user, host, password, ect is TLSmode=require.. Any idea on what to provide on the SSLContext to mimic the same? I've looked at the decompiled JDBC driver at the TLSmode class and it's a little lost on me how to get it plugged into python.
from vertica-python.
Try the following setting for your ssl.SSLContext object:
context.verify_mode = ssl.CERT_NONE
context.check_hostname = False
from vertica-python.
Try the following setting for your ssl.SSLContext object:
context.verify_mode = ssl.CERT_NONE context.check_hostname = False
Still a nope.. getting vertica_python.errors.ConnectionError: [SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:1002)
from vertica-python.
It is NOT
conn_info = {
...
'ssl': True, # this SSL setting take effect
'ssl_options': {
'ssl_context': ssl_context
}
...
}
It should be
conn_info = {
...
'ssl': ssl_context,
...
}
I notice your error message is "dh key too small". Looks like this is not a problem of setting TLSmode to require
or not. It is more of a system problem:
https://stackoverflow.com/questions/64354210/python-dh-key-too-small-which-side-is-faulty
https://stackoverflow.com/questions/61626206/what-could-cause-dh-key-too-small-error
The server is offering a weak DH key, the client wants a stronger key. The problem should usually be fixed at the server side.
from vertica-python.
It is NOT
conn_info = { ... 'ssl': True, # this SSL setting take effect 'ssl_options': { 'ssl_context': ssl_context } ... }It should be
conn_info = { ... 'ssl': ssl_context, ... }I notice your error message is "dh key too small". Looks like this is not a problem of setting TLSmode to
require
or not. It is more of a system problem: https://stackoverflow.com/questions/64354210/python-dh-key-too-small-which-side-is-faulty https://stackoverflow.com/questions/61626206/what-could-cause-dh-key-too-small-error The server is offering a weak DH key, the client wants a stronger key. The problem should usually be fixed at the server side.
There is 0 issue connecting to the server with any other driver ODBC, JDBC, vsql, we supply supply TSLmode require.. But I move the context to the ssl as you suggested above and still the same error..
from vertica-python.
Did you install all other drivers ODBC, JDBC, vsql on the same machine as vertica-python?
What's your server version?
from vertica-python.
As I said earlier, 'ssl': True
should be equivalent to TLSmode = require. You may need to add custom configuration in ssl_context as those stackoverflow answers suggested.
ssl_context.check_hostname = False
ssl_context.verify_mode = ssl.CERT_NONE
ssl_context.set_ciphers('DEFAULT:!DH')
from vertica-python.
Did you install all other drivers ODBC, JDBC, vsql on the same machine as vertica-python? What's your server version?
Yes I have used all drivers and even ODBC in python., and would love to find a work around to use vertica_python until the vertica_python driver gets updated to match what was done in all the other client drivers back at version 9.3, which was add a parameter TLSmode, which take 4 options of "disable, require, verify-ca, and verify-full. If you look at the TLSmode class in their java driver you can see what I'm talking about.
from vertica-python.
ssl_context.check_hostname = False ssl_context.verify_mode = ssl.CERT_NONE ssl_context.set_ciphers('DEFAULT:!DH')
OMG thank you, I owe you a beer! And @vertica-cla if you are watching this... please just add TLSmode to the python driver! and type suggestions are you friend!
from vertica-python.
@sitingren I now see you are a member... do you think you could possibly add some of that functionality under a keyword TLSmode ... so the same connection string that works for ODBC and JDBC would work for python
from vertica-python.
@regalme Can you post a code snippet of what the end solution was?
from vertica-python.
I also did this so I can get type suggestions.. I would have added a union type to Row instead of any but that would have limited to python 3.11+
from typing import List
# Wrapper for results Row
class Row(List[any]):
pass
# Wrapper for vertica_python.cursor.Cursor
class VerticaCursor:
def __init__(self, cursor: any) -> None:
self.cursor = cursor
def execute(self, query: str) -> None:
self.cursor.execute(query)
def close(self) -> None:
self.cursor.close()
def fetchall(self) -> List[Row]:
result = self.cursor.fetchall()
return result
# Wrapper for vertica_python.connection.Connection
class VerticaConnection:
def __init__(self, connection: any) -> None:
self.connection = connection
def cursor(self) -> VerticaCursor:
return VerticaCursor(self.connection.cursor())
def close(self) -> None:
self.connection.close()
from vertica-python.
@regalme I updated README with TLSmode examples: https://github.com/vertica/vertica-python#tlsssl
Please note that you cannot get rid of "dh key too small error" even if vertica-python provide a TLSmode
parameter, as README shows the implementation of 4 options "disable, require, verify-ca, and verify-full". Your problem needs a custom configuration ssl_context.set_ciphers('DEFAULT:!DH')
.
from vertica-python.
For type suggestions, you are welcome to contribute your own work if that can support Python 3.7+.
from vertica-python.
Related Issues (20)
- Connection Loggers Leaking Memory
- Inserting complex data types HOT 3
- 'utf-8' codec can't decode byte HOT 10
- Support client_os_hostname
- Errors in Invalid SQL should be warnings HOT 4
- Unable to connect to vertica in fips mode HOT 3
- Looking for the most efficient way to bind a WHERE clause parameter HOT 12
- doesn't support behind proxy HOT 4
- Client removes columns from output if they are not aliased HOT 4
- database doesn't return protocol version
- BUG 1.3.3 version - copy from local broken HOT 5
- calling cursor.nextset() after cursor.fetchone() can cause query hang HOT 1
- Python version support HOT 6
- Unexpected message: RowDescription HOT 7
- Make default connection label meaningful HOT 3
- Connector crashes when querying a json map or json array values HOT 1
- Query returns something other than what query asked for - possible error message not parsed? HOT 1
- Return transaction_id/statement_id result from PROFILE HOT 3
- String values are concatenated somewhere HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vertica-python.