3

I've set up a test MongoDb Atlas account, just one of the free ones and using the below code on my Ubuntu box I can successfully create users and also search for them.

When I try the exact same thing on my MacBook Air I get an SSL handshake as below.

pymongo.errors.ServerSelectionTimeoutError: SSL handshake failed: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:833),SSL handshake failed: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:833),SSL handshake failed: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:833)

import pymongo
client = pymongo.MongoClient("mongodb+srv://MYUSERNAME:MYPASSWORD@cluster0-ABCDEF.mongodb.net/test")
db = client.johnny
collection = db.myjohnnytest

example = {'name' : 'Johnny',
            'email' : 'johnny@test.net'}

user_id = collection.insert_one(example).inserted_id

I found this answer which seemed like it was the key:

Stack Overflow Answer

But I have since tried this and whether I follow it exactly or activate my virtualenv I get the following error:

Could not find an activated virtualenv (required). Traceback (most recent call last): File "", line 44, in File "", line 25, in main File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/subprocess.py", line 291, in check_call raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command '['/Library/Frameworks/Python.framework/Versions/3.6/bin/python3.6', '-E', '-s', '-m', 'pip', 'install', '--upgrade', 'certifi']' returned non-zero exit status 3. logout Saving session... ...copying shared history... ...saving history...truncating history files... ...completed.

Johnny John Boy
  • 3,009
  • 5
  • 26
  • 50
  • Have you installed third party dependancies for SSL secure connection on with pymango? `python -m pip install pymongo[tls]` – kpie May 03 '18 at 12:47

3 Answers3

16

By default, PyMongo is configured to require a certificate from the server when TLS is enabled. This is configurable using the ssl_cert_reqs option. To disable this requirement pass ssl.CERT_NONE as a keyword parameter:

>>> uri = 'mongodb://example.com/?ssl=true&ssl_cert_reqs=CERT_NONE'
>>> client = pymongo.MongoClient(uri)
Alex
  • 155
  • 1
  • 6
1

Have you update the CA bundle for Python?

From a bash shell/ terminal: open "/Applications/Python 3.6/Install Certificates.command"

or Python 3.7 etc

MongoDB Documentation for Python Stackoverflow article on MacOS, Python and CA

Justin Cooksey
  • 311
  • 2
  • 5
0

I am showing 2 ways of solving this:

  1. (easiest)

Adding ...&ssl=true&ssl_ca_certs=/path/to/cert.pem to the mongodb url

  1. (recommended)

Configuring python SSL connection.

$ python3 -c "import ssl; print(ssl.get_default_verify_paths())
DefaultVerifyPaths(cafile='/Library/Frameworks/Python.framework/Versions/3.6/etc/openssl/cert.pem', capath=None, openssl_cafile_env='SSL_CERT_FILE', openssl_cafile='/Library/Frameworks/Python.framework/Versions/3.6/etc/openssl/cert.pem', openssl_capath_env='SSL_CERT_DIR', openssl_capath='/Library/Frameworks/Python.framework/Versions/3.6/etc/openssl/certs')

Then make sure you add your cert.pem file to the specified path. In my case, I should add it to the folder /Library/Frameworks/Python.framework/Versions/3.6/etc/openssl/

renatodamas
  • 16,555
  • 8
  • 30
  • 51