Giter VIP home page Giter VIP logo

Comments (9)

jimanvlad avatar jimanvlad commented on May 26, 2024 1

You're good to close it. It seems the internal procedure to get access to the exchange server is much more complicated.

from exchangelib.

ecederstrand avatar ecederstrand commented on May 26, 2024

verify_ssl was only intended for turning SSL validation on/off. I haven't tested with a custom certificate, but it might work. Have you tried setting it to the absolute path to the file? Otherwise, you'll need to enable debug logging to see what's going on. A full stack trace would also help. Almost the only place requests are made is in util.post_ratelimited() so it should be fairly easy to isolate the problem.

from exchangelib.

jimanvlad avatar jimanvlad commented on May 26, 2024

Below the full stack trace:

---------------------------------------------------------------------------
SSLError                                  Traceback (most recent call last)
p:\tsproj~1\python\venv3\lib\site-packages\requests\packages\urllib3\util\ssl_.py in ssl_wrap_socket(sock, keyfile, certfile, cert_reqs, ca_certs, server_hostname, ssl_version, ciphers, ssl_context, ca_cert_dir)
    294         try:
--> 295             context.load_verify_locations(ca_certs, ca_cert_dir)
    296         except IOError as e:  # Platform-specific: Python 2.6, 2.7, 3.2

SSLError: unknown error (_ssl.c:2728)

During handling of the above exception, another exception occurred:

SSLError                                  Traceback (most recent call last)
p:\tsproj~1\python\venv3\lib\site-packages\requests\adapters.py in send(self, request, stream, timeout, verify, cert, proxies)
    422                     retries=self.max_retries,
--> 423                     timeout=timeout
    424                 )

p:\tsproj~1\python\venv3\lib\site-packages\requests\packages\urllib3\connectionpool.py in urlopen(self, method, url, body, headers, retries, redirect, assert_same_host, timeout, pool_timeout, release_conn, chunked, **response_kw)
    588             if is_new_proxy_conn:
--> 589                 self._prepare_proxy(conn)
    590 

p:\tsproj~1\python\venv3\lib\site-packages\requests\packages\urllib3\connectionpool.py in _prepare_proxy(self, conn)
    796 
--> 797         conn.connect()
    798 

p:\tsproj~1\python\venv3\lib\site-packages\requests\packages\urllib3\connection.py in connect(self)
    288                                     server_hostname=hostname,
--> 289                                     ssl_version=resolved_ssl_version)
    290 

p:\tsproj~1\python\venv3\lib\site-packages\requests\packages\urllib3\util\ssl_.py in ssl_wrap_socket(sock, keyfile, certfile, cert_reqs, ca_certs, server_hostname, ssl_version, ciphers, ssl_context, ca_cert_dir)
    296         except IOError as e:  # Platform-specific: Python 2.6, 2.7, 3.2
--> 297             raise SSLError(e)
    298         # Py33 raises FileNotFoundError which subclasses OSError

SSLError: unknown error (_ssl.c:2728)

During handling of the above exception, another exception occurred:

SSLError                                  Traceback (most recent call last)
<ipython-input-21-a1fcb18d19b1> in <module>()
     17     credentials=Credentials(username='<masked>', password='<masked>'),
     18     auth_type=NTLM,
---> 19     verify_ssl="certificate.cer"
     20 )
     21 account = Account(primary_smtp_address='[email protected]', config=config,

p:\tsproj~1\python\venv3\lib\site-packages\exchangelib-1.7.1-py3.4.egg\exchangelib\configuration.py in __init__(self, credentials, server, has_ssl, service_endpoint, auth_type, verify_ssl, **kwargs)
     49             auth_type=auth_type,
     50             credentials=credentials,
---> 51             verify_ssl=verify_ssl,
     52         )
     53 

p:\tsproj~1\python\venv3\lib\site-packages\exchangelib-1.7.1-py3.4.egg\exchangelib\protocol.py in __call__(cls, *args, **kwargs)
    156             if protocol is None:
    157                 log.debug("Protocol __call__ cache miss. Adding key '%s'", str(_protocol_cache_key))
--> 158                 protocol = super().__call__(*args, **kwargs)
    159                 cls._protocol_cache[_protocol_cache_key] = protocol
    160         log.debug('_protocol_cache_lock released')

p:\tsproj~1\python\venv3\lib\site-packages\exchangelib-1.7.1-py3.4.egg\exchangelib\protocol.py in __init__(self, *args, **kwargs)
    175             self.auth_type = get_service_authtype(service_endpoint=self.service_endpoint, versions=API_VERSIONS,
    176                                                   verify=self.verify_ssl)
--> 177         self.docs_auth_type = get_docs_authtype(verify=self.verify_ssl, docs_url=self.types_url)
    178 
    179         # Try to behave nicely with the Exchange server. We want to keep the connection open between requests.

p:\tsproj~1\python\venv3\lib\site-packages\exchangelib-1.7.1-py3.4.egg\exchangelib\transport.py in get_docs_authtype(docs_url, verify)
    173     headers = {'Content-Type': 'text/xml; charset=utf-8'}
    174     with requests.sessions.Session() as s:
--> 175         r = s.get(url=docs_url, headers=headers, allow_redirects=True, verify=verify)
    176     return _get_auth_method_from_response(response=r)
    177 

p:\tsproj~1\python\venv3\lib\site-packages\requests\sessions.py in get(self, url, **kwargs)
    486 
    487         kwargs.setdefault('allow_redirects', True)
--> 488         return self.request('GET', url, **kwargs)
    489 
    490     def options(self, url, **kwargs):

p:\tsproj~1\python\venv3\lib\site-packages\requests\sessions.py in request(self, method, url, params, data, headers, cookies, files, auth, timeout, allow_redirects, proxies, hooks, stream, verify, cert, json)
    473         }
    474         send_kwargs.update(settings)
--> 475         resp = self.send(prep, **send_kwargs)
    476 
    477         return resp

p:\tsproj~1\python\venv3\lib\site-packages\requests\sessions.py in send(self, request, **kwargs)
    594 
    595         # Send the request
--> 596         r = adapter.send(request, **kwargs)
    597 
    598         # Total elapsed time of the request (approximately)

p:\tsproj~1\python\venv3\lib\site-packages\requests\adapters.py in send(self, request, stream, timeout, verify, cert, proxies)
    495         except (_SSLError, _HTTPError) as e:
    496             if isinstance(e, _SSLError):
--> 497                 raise SSLError(e, request=request)
    498             elif isinstance(e, ReadTimeoutError):
    499                 raise ReadTimeout(e, request=request)

SSLError: unknown error (_ssl.c:2728)

from exchangelib.

ecederstrand avatar ecederstrand commented on May 26, 2024

Apparently, requests doesn't like your certificate. Can you test the code that throws the exception in a python3 shell?

with requests.sessions.Session() as s:
    r = s.get(
        url='https://your.server.com/EWS/types.xsd', 
        headers={'Content-Type': 'text/xml; charset=utf-8'}, 
        allow_redirects=True, 
        verify='/path/to/your/certificate.crt'
    )

Maybe your server certificate does not contain the full certificate chain? See http://stackoverflow.com/questions/34812787/python-ssl-requests-and-lets-encrypt-certs

from exchangelib.

jimanvlad avatar jimanvlad commented on May 26, 2024

Hi,

I can't seem to establish whether my certificate is correct or not. Can I input an already authenticated requests.Session() object into the connection? I think that would solve my issue.

Vlad

from exchangelib.

ecederstrand avatar ecederstrand commented on May 26, 2024

I'm afraid that's not easily doable. But how will you achieve an authenticated requests.Session(), if requests can't validate the certificate?

If you're OK with the security implications, then there's also the possibility of setting verify_ssl=False.

from exchangelib.

jimanvlad avatar jimanvlad commented on May 26, 2024

I have other ways to authenticate the intranet session (GET request to our auth server to get the correct cookie). Currently if I use verify=False, I get a 403 error - denied.

from exchangelib.

ecederstrand avatar ecederstrand commented on May 26, 2024

I see. In that case, you could have a look at extending exchangelib.protocol.BaseProtocol.create_session() to support your custom authentication method. Currently, only basic, digest and NTLM auth are supported out of the box. You would still need to set verify_ssl=False since your certificate is not validating.

from exchangelib.

ecederstrand avatar ecederstrand commented on May 26, 2024

@jimanvlad Do you still have errors related to exchangelib on this issue? If not, I'd like to close it again.

from exchangelib.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.