1

I have a program that runs successfully in my user/virtualenv. The program access an API using requests. For the purposes of this post, the whole program can be read as:

requests.get("https://example.com")

This works totally fine when I call it from the command line. However I'm trying to get it to run under supervisord and for whatever reason when I do it this way it is failing with an SSL Error like the below:

SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)")

It is using the same user, python environment, directory etc. Any idea what else to check / what else could be causing this?

Edit: I think this might be a firewall rule type of thing. Exploring that option.

Cory
  • 22,772
  • 19
  • 94
  • 91
  • Did you try to add `verify=False` to your request: `requests.get("https://example.com", verify=False)`? – Andersson Jan 21 '19 at 11:01
  • Yeah, if I add `verify=False` I get a different error (oddly a `502` from the server despite it always returning a `200` when run normally. Also, I don't want to add `verify=False` as a long term solution even if it did work since I do want to verify the cert. – Cory Jan 21 '19 at 11:08
  • Did you try to downgrade `requests` as suggested [here](https://stackoverflow.com/questions/28667684/python-requests-getting-sslerror/44509839#44509839)? – Andersson Jan 21 '19 at 11:11
  • I've not done that, but I think it's kind of missing the point of the question - which is why is this behaving differently when run under supervisor? So any workaround that involves hacking around requests seems to not address the root cause of the issue. – Cory Jan 21 '19 at 11:18

2 Answers2

1

Are the SSL certificates available in the supervisord environment? I assume you use requests.certs, so are the certificates there where expected requests.certs.where()?

Frans
  • 799
  • 6
  • 7
0

So it turns out this was a network proxy thing. The machine I was running on uses a squid proxy and I had to add the following line to set the right environment variables in my supervisor config for it to work:

environment=http_proxy=http://proxy.server:3128/,https_proxy=http://proxy.server:3128/
Cory
  • 22,772
  • 19
  • 94
  • 91