Python3 reques with cert and key "verified fail"

Question

I'm trying to request data from endpoints, I can do that with curl -k --key a-key.pem --cert a.pem https://<endpoint>

But when I using python3 to do that, I failed every time

Examples:

With curl:

root@control-plane-0:~# curl -k --key /etc/kubernetes/a-key.pem --cert /etc/kubernetes/a.pem https://127.0.0.1:6443/api/
{
  "kind": "APIVersions",
  "versions": [
    "v1"
  ],
  "serverAddressByClientCIDRs": [
    {
      "clientCIDR": "0.0.0.0/0",
      "serverAddress": "10.0.31.2:6443"
    }
  ]
}

With python: (code):

from flask import Flask, render_template
import requests
from ast import literal_eval



app = Flask(__name__)


@app.route('/metrics')
def metrics():
   data = requests.get("https://127.0.0.1:6443/api/, cert=('/etc/kubernetes/a.pem', '/etc/kubernetes/a-key.pem'))

   print(data)
   return data

if __name__ == '__main__':
   app.run(host='0.0.0.0',port="5001", debug=True)

Result:

    r = adapter.send(request, **kwargs)
  File "/usr/local/lib/python3.9/site-packages/requests/adapters.py", line 514, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='127.0.0.1', port=6443): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1121)')))

Are there any problems with requests libs ? I can't find a way to make it work

Answer 1

Have you got your certificates verified using

openssl verify -CAfile your-cert.pm

I got the same Problem and solved by using full-chain certificates.please see your certificate contains fullchain(root,intermediate). And you can try like

import requests
test=request.get("url",verify="certificate-with-path")