+- Python Forum (https://python-forum.io)
+-- Forum: Python Coding (https://python-forum.io/forum-7.html)
+--- Forum: General Coding Help (https://python-forum.io/forum-8.html)
+--- Thread: Need help setting up trusted root ca in virtual environment (/thread-42234.html)
Need help setting up trusted root ca in virtual environment - dstempfley - May-31-2024
I have a RHEL 8 system and am writing a script that uses requests to access an internal website. The environment is configured with the internal certificate authority in the correct location and python scripts can access the website with a get request. I didn't set that up, but it works. But when I create a virtual environment with python -m venv <path> and then use . <path>/bin/activate the get request does not use the trusted roots configured in the environment. What do I need to do to setup the virtual environment to match the system environment?
Example:
-------------------------------
[~]$ python3
Python 3.6.8 (default, Apr 25 2024, 09:54:46)
[GCC 8.5.0 20210514 (Red Hat 8.5.0-22)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import requests
>>> res = requests.get("https://internalsite")
>>> res.status_code
200
>>>
[~]$ python3 -m venv venvtest
[~]$ . ./venvtest/bin/activate
(venvtest) [ ~]$ pip install requests
Collecting requests
Using cached requests-2.27.1-py2.py3-none-any.whl (63 kB)
Collecting urllib3<1.27,>=1.21.1
Using cached urllib3-1.26.18-py2.py3-none-any.whl (143 kB)
Collecting certifi>=2017.4.17
Using cached certifi-2024.2.2-py3-none-any.whl (163 kB)
Collecting charset-normalizer~=2.0.0
Using cached charset_normalizer-2.0.12-py3-none-any.whl (39 kB)
Collecting idna<4,>=2.5
Using cached idna-3.7-py3-none-any.whl (66 kB)
Installing collected packages: urllib3, idna, charset-normalizer, certifi, requests
Successfully installed certifi-2024.2.2 charset-normalizer-2.0.12 idna-3.7 requests-2.27.1 urllib3-1.26.18
(venvtest) [ ~]$ python3
Python 3.6.8 (default, Apr 25 2024, 09:54:46)
[GCC 8.5.0 20210514 (Red Hat 8.5.0-22)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import requests
>>> res = requests.get("https://internalsite")
Traceback (most recent call last):
File "/home/user/venvtest/lib64/python3.6/site-packages/urllib3/connectionpool.py", line 722, in urlopen
chunked=chunked,
File "/home/user/venvtest/lib64/python3.6/site-packages/urllib3/connectionpool.py", line 404, in _make_request
self._validate_conn(conn)
File "/home/user/venvtest/lib64/python3.6/site-packages/urllib3/connectionpool.py", line 1058, in _validate_conn
conn.connect()
File "/home/user/venvtest/lib64/python3.6/site-packages/urllib3/connection.py", line 429, in connect
tls_in_tls=tls_in_tls,
File "/home/user/venvtest/lib64/python3.6/site-packages/urllib3/util/ssl_.py", line 450, in ssl_wrap_socket
sock, context, tls_in_tls, server_hostname=server_hostname
File "/home/user/venvtest/lib64/python3.6/site-packages/urllib3/util/ssl_.py", line 493, in _ssl_wrap_socket_impl
return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/lib64/python3.6/ssl.py", line 365, in wrap_socket
_context=self, _session=session)
File "/usr/lib64/python3.6/ssl.py", line 810, in __init__
self.do_handshake()
File "/usr/lib64/python3.6/ssl.py", line 1070, in do_handshake
self._sslobj.do_handshake()
File "/usr/lib64/python3.6/ssl.py", line 648, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/user/venvtest/lib64/python3.6/site-packages/requests/adapters.py", line 450, in send
timeout=timeout
File "/home/user/venvtest/lib64/python3.6/site-packages/urllib3/connectionpool.py", line 800, in urlopen
method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]
File "/home/user/venvtest/lib64/python3.6/site-packages/urllib3/util/retry.py", line 592, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='internalsite', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/home/user/venvtest/lib64/python3.6/site-packages/requests/api.py", line 75, in get
return request('get', url, params=params, **kwargs)
File "/home/user/venvtest/lib64/python3.6/site-packages/requests/api.py", line 61, in request
return session.request(method=method, url=url, **kwargs)
File "/home/user/venvtest/lib64/python3.6/site-packages/requests/sessions.py", line 529, in request
resp = self.send(prep, **send_kwargs)
File "/home/user/venvtest/lib64/python3.6/site-packages/requests/sessions.py", line 645, in send
r = adapter.send(request, **kwargs)
File "/home/user/venvtest/lib64/python3.6/site-packages/requests/adapters.py", line 517, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='internalsite', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),))
>>>
-----------------------------