SSL handshake failure with pymongo

XMLWordPrintableJSON

    • Type: Bug
    • Resolution: Works as Designed
    • Priority: Major - P3
    • None
    • Affects Version/s: 3.2
    • Component/s: None
    • None
    • Environment:
      Ubuntu 16
    • None
    • None
    • None
    • None
    • None
    • None
    • None 

      [amuralid@amuralid-master-vm:/localdisk...re_rwvx-build/rwlog]$ uname -a
Linux amuralid-master-vm 4.4.0-59-generic #80-Ubuntu SMP Fri Jan 6 17:47:47 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

      [amuralid@amuralid-master-vm:/localdisk...t-vm-lp-2/log/mongo]$ python3 -c "import pymongo; print(pymongo.version); print(pymongo.has_c())"
3.2
True

      I am trying to configure self signed certificate for the mongo server by following the official MongoDB docs.
      Having configured the private key and cert and mongodb conf, I am able to bring up the server and connect to it using mongo shell client

      [amuralid@amuralid-master-vm:/localdisk...ug/install/usr/rift]$ mongo --port 8006 --ssl --sslPEMKeyFile var/rift/lp1-mgmt-vm-lp-2/mongo_certs/server/mongo.pem --sslCAFile ./cert.pem
MongoDB shell version v3.6.5
connecting to: mongodb://127.0.0.1:8006/
MongoDB server version: 3.6.5
Server has startup warnings:
2018-05-31T11:48:15.541Z I STORAGE  [initandlisten]
2018-05-31T11:48:15.541Z I STORAGE  [initandlisten] ** WARNING: Using the XFS filesystem is strongly recommended with the WiredTiger storage engine
2018-05-31T11:48:15.541Z I STORAGE  [initandlisten] **          See http://dochub.mongodb.org/core/prodnotes-filesystem
2018-05-31T11:48:17.265Z I CONTROL  [initandlisten]
2018-05-31T11:48:17.265Z I CONTROL  [initandlisten] ** WARNING: You are running on a NUMA machine.
2018-05-31T11:48:17.265Z I CONTROL  [initandlisten] **          We suggest launching mongod like this to avoid performance problems:
2018-05-31T11:48:17.265Z I CONTROL  [initandlisten] **              numactl --interleave=all mongod [other options]
2018-05-31T11:48:17.265Z I CONTROL  [initandlisten]
2018-05-31T11:48:17.265Z I CONTROL  [initandlisten] ** WARNING: /proc/sys/vm/overcommit_memory is 2
2018-05-31T11:48:17.265Z I CONTROL  [initandlisten] **          Journaling works best with it set to 0 or 1
2018-05-31T11:48:17.265Z I CONTROL  [initandlisten]
2018-05-31T11:48:17.265Z I CONTROL  [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
2018-05-31T11:48:17.266Z I CONTROL  [initandlisten] **        We suggest setting it to 'never'
2018-05-31T11:48:17.266Z I CONTROL  [initandlisten]
2018-05-31T11:48:17.266Z I CONTROL  [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.
2018-05-31T11:48:17.266Z I CONTROL  [initandlisten] **        We suggest setting it to 'never'
2018-05-31T11:48:17.266Z I CONTROL  [initandlisten]
> ping
2018-05-31T12:29:12.323+0000 E QUERY    [thread1] ReferenceError: ping is not defined :
@(shell):1:1
> db.runCommand("ping")
{ "ok" : 1 }

      But using pymongo, I get the following exception:

      >>> client = MongoClient('mongodb://127.0.0.1:8006/?connectTimeoutMS=1000&ssl=true', ssl_certfile="/localdisk/amuralid/container/ub/US-gr-611/rift/.build/ub16_debug/install/usr/rift/var/rift/lp1-mgmt-vm-lp-2/mongo_certs/server/mongo.pem", ssl_match_hostname=False)
>>> client.admin.command('ping')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python3/dist-packages/pymongo/database.py", line 478, in command
    with client._socket_for_reads(read_preference) as (sock_info, slave_ok):
  File "/usr/lib/python3.5/contextlib.py", line 59, in __enter__
    return next(self.gen)
  File "/usr/lib/python3/dist-packages/pymongo/mongo_client.py", line 748, in _socket_for_reads
    with self._get_socket(read_preference) as sock_info:
  File "/usr/lib/python3.5/contextlib.py", line 59, in __enter__
    return next(self.gen)
  File "/usr/lib/python3/dist-packages/pymongo/mongo_client.py", line 712, in _get_socket
    server = self._get_topology().select_server(selector)
  File "/usr/lib/python3/dist-packages/pymongo/topology.py", line 141, in select_server
    address))
  File "/usr/lib/python3/dist-packages/pymongo/topology.py", line 117, in select_servers
    self._error_message(selector))
pymongo.errors.ServerSelectionTimeoutError: SSL handshake failed: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)

      I believe that since mongo shell was able to connect and ping, the certificate configuration should be ok. Also, I do not see what am I doing differently in case of pymongo w.r.t mongo shell.
      Any help would be deeply appreciated.

      Thanks.

            Assignee:
            Bernie Hackett
            Reporter:
            Arun Muralidharan
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: