zeep requests.exceptions.SSLError: ("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",)

Question

I try to create SOAP Client with the help of zeep lib for python

import os
from zeep import Client
from zeep.wsse.signature import Signature

key_filename = "/etc/ssl/certs/cert.key.pem"
cert_filename = "/etc/ssl/certs/cert.crt.pem"

client = Client('https://37.230.149.6:10004/emias-soap-service/PGUServicesInfo2?wsdl', wsse=Signature(key_filename, cert_filename))

And have this exception:

Traceback (most recent call last):
  File "/home/max/bot_project/Bots_Django/TelegramBot/bot/simple_soap_client.py", line 19, in <module>
    wsse=Signature(key_filename, cert_filename))
  File "/home/max/bot_project/Bots_Django/venv/local/lib/python2.7/site-packages/zeep/client.py", line 120, in __init__
    self.wsdl = Document(wsdl, self.transport, strict=strict)
  File "/home/max/bot_project/Bots_Django/venv/local/lib/python2.7/site-packages/zeep/wsdl/wsdl.py", line 76, in __init__
    document = self._get_xml_document(location)
  File "/home/max/bot_project/Bots_Django/venv/local/lib/python2.7/site-packages/zeep/wsdl/wsdl.py", line 137, in _get_xml_document
    location, self.transport, self.location, strict=self.strict)
  File "/home/max/bot_project/Bots_Django/venv/local/lib/python2.7/site-packages/zeep/loader.py", line 66, in load_external
    content = transport.load(url)
  File "/home/max/bot_project/Bots_Django/venv/local/lib/python2.7/site-packages/zeep/transports.py", line 111, in load
    content = self._load_remote_data(url)
  File "/home/max/bot_project/Bots_Django/venv/local/lib/python2.7/site-packages/zeep/transports.py", line 126, in _load_remote_data
    response = self.session.get(url, timeout=self.load_timeout)
  File "/home/max/bot_project/Bots_Django/venv/local/lib/python2.7/site-packages/requests/sessions.py", line 501, in get
    return self.request('GET', url, **kwargs)
  File "/home/max/bot_project/Bots_Django/venv/local/lib/python2.7/site-packages/requests/sessions.py", line 488, in request
    resp = self.send(prep, **send_kwargs)
  File "/home/max/bot_project/Bots_Django/venv/local/lib/python2.7/site-packages/requests/sessions.py", line 609, in send
    r = adapter.send(request, **kwargs)
  File "/home/max/bot_project/Bots_Django/venv/local/lib/python2.7/site-packages/requests/adapters.py", line 497, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: ("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",)

How can I fix this exception and what's wrong with my code?

Answer 1

Explicitly pass a Session object to your zeep Client (via a Transport object) and set verify=False

Here's an example:

from requests import Session
from zeep import Client
from zeep.transports import Transport
from zeep.wsse.signature import Signature

import os

key_filename = "/etc/ssl/certs/cert.key.pem"
cert_filename = "/etc/ssl/certs/cert.crt.pem"

session = Session()
session.verify = False

client = Client(
    'https://37.230.149.6:10004/emias-soap-service/PGUServicesInfo2?wsdl',
    wsse=Signature(key_filename, cert_filename),
    transport=Transport(session=session)
)

Alternatively, also the way you should do it, is to set session.verify to a CA Authority certificate (the issuer of the certificate installed on your server ROOT and SUB certificates), example:

session.verify = "/path/to/ca_cert.pem"

This will basically tell your python script to trust the URL if the issuer of the certificate is the same as the one in ca_cert.pem

Answer 2

I think u need use verify=False

Answer 3

This worked for me-

session.verify = False