When I execute google-ads python sample code I get the following error
DEBUG:google.auth.transport.requests:Making request: POST https://accounts.google.com/o/oauth2/token
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): accounts.google.com:443
DEBUG:urllib3.connectionpool:https://accounts.google.com:443 "POST /o/oauth2/token HTTP/1.1" 200 None
E0421 09:57:53.365121806 21019 ssl_transport_security.cc:1455] Handshake failed with fatal error SSL_ERROR_SSL: error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED.
INFO:google.ads.googleads.client:Request
-------
Method: /google.ads.googleads.v6.services.GoogleAdsService/SearchStream
Host: googleads.googleapis.com
Headers: {
"developer-token": "REDACTED",
"x-goog-api-client": "gl-python/3.8.6 grpc/1.37.0 gax/1.26.3",
"x-goog-request-params": "customer_id="
}
Request: query: "\n SELECT\n campaign.id,\n campaign.name\n FROM campaign\n ORDER BY campaign.id"
Response
-------
Headers: {}
Fault: {
"created": "@1619013473.365323139",
"description": "Failed to pick subchannel",
"file": "src/core/ext/filters/client_channel/client_channel.cc",
"file_line": 5419,
"referenced_errors": [
{
"created": "@1619013473.365317068",
"description": "failed to connect to all addresses",
"file": "src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc",
"file_line": 397,
"grpc_status": 14
}
]
}
I am behind a corporate network that uses its own certificate for every Internet connection.
Our servers trust the internal certificates. I replaced the CA certs in certifi with our CA certs and urllib3 connects fine to both accounts.google.com and googleads.googleapis.com.
curl to both URLs work fine as well
From the error above looks like urllib3 connected fine but GRPC had an issue. Given curl works, the OS ca certs are fine so where does GRPC pick the ca certs from that I would need to add our corporate issuer certs to?
google-ads: 10.0.0 / python: 3.8.0 / RHEL7
