CODEWITHSUNDEEP
python-3.xazuressl
angel
angel

Reputation: 1

azure python sdk throwing SSL bad handshake error when connecting from Service Principal credentials

I have created a registered application in Azure, and trying to use it's client ID and key to connect to azure via python sdk. However, I'm getting the ssl error "msrest.exceptions.AuthenticationError: , SSLError: HTTPSConnectionPool(host='login.microsoftonline.com', port=443)".

Can someone please help me out here? Below is the complete error for your reference.

  File "C:\Users\user\AppData\Local\Programs\Python\Python37-32\lib\site-packages\urllib3\contrib\pyopenssl.py", line 472, in wrap_socket
    cnx.do_handshake()
  File "C:\Users\user\AppData\Local\Programs\Python\Python37-32\lib\site-packages\OpenSSL\SSL.py", line 1915, in do_handshake
    self._raise_ssl_error(self._ssl, result)
  File "C:\Users\user\AppData\Local\Programs\Python\Python37-32\lib\site-packages\OpenSSL\SSL.py", line 1647, in _raise_ssl_error
    _raise_current_error()
  File "C:\Users\user\AppData\Local\Programs\Python\Python37-32\lib\site-packages\OpenSSL\_util.py", line 54, in exception_from_error_queue
    raise exception_type(errors)
OpenSSL.SSL.Error: [('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')]

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Users\user\AppData\Local\Programs\Python\Python37-32\lib\site-packages\urllib3\connectionpool.py", line 603, in urlopen
    chunked=chunked)
  File "C:\Users\user\AppData\Local\Programs\Python\Python37-32\lib\site-packages\urllib3\connectionpool.py", line 344, in _make_request
    self._validate_conn(conn)
  File "C:\Users\user\AppData\Local\Programs\Python\Python37-32\lib\site-packages\urllib3\connectionpool.py", line 843, in _validate_conn
    conn.connect()
  File "C:\Users\user\AppData\Local\Programs\Python\Python37-32\lib\site-packages\urllib3\connection.py", line 370, in connect
    ssl_context=context)
  File "C:\Users\user\AppData\Local\Programs\Python\Python37-32\lib\site-packages\urllib3\util\ssl_.py", line 355, in ssl_wrap_socket
    return context.wrap_socket(sock, server_hostname=server_hostname)
  File "C:\Users\user\AppData\Local\Programs\Python\Python37-32\lib\site-packages\urllib3\contrib\pyopenssl.py", line 478, in wrap_socket
    raise ssl.SSLError('bad handshake: %r' % e)
ssl.SSLError: ("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])",)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Users\user\AppData\Local\Programs\Python\Python37-32\lib\site-packages\requests\adapters.py", line 449, in send
    timeout=timeout
  File "C:\Users\user\AppData\Local\Programs\Python\Python37-32\lib\site-packages\urllib3\connectionpool.py", line 641, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "C:\Users\user\AppData\Local\Programs\Python\Python37-32\lib\site-packages\urllib3\util\retry.py", line 399, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='login.microsoftonline.com', port=443): Max retries exceeded with url: /e16b516a-32bf-4115-bf43-a244c9fe3217/oauth2/token (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Users\user\AppData\Local\Programs\Python\Python37-32\lib\site-packages\msrestazure\azure_active_directory.py", line 478, in set_token
    proxies=self.proxies)
  File "C:\Users\user\AppData\Local\Programs\Python\Python37-32\lib\site-packages\requests_oauthlib\oauth2_session.py", line 284, in fetch_token
    verify=verify, proxies=proxies)
  File "C:\Users\user\AppData\Local\Programs\Python\Python37-32\lib\site-packages\requests\sessions.py", line 581, in post
    return self.request('POST', url, data=data, json=json, **kwargs)
  File "C:\Users\user\AppData\Local\Programs\Python\Python37-32\lib\site-packages\requests_oauthlib\oauth2_session.py", line 425, in request
    headers=headers, data=data, **kwargs)
  File "C:\Users\user\AppData\Local\Programs\Python\Python37-32\lib\site-packages\requests\sessions.py", line 533, in request
    resp = self.send(prep, **send_kwargs)
  File "C:\Users\user\AppData\Local\Programs\Python\Python37-32\lib\site-packages\requests\sessions.py", line 646, in send
    r = adapter.send(request, **kwargs)
  File "C:\Users\user\AppData\Local\Programs\Python\Python37-32\lib\site-packages\requests\adapters.py", line 514, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='login.microsoftonline.com', port=443): Max retries exceeded with url: /e16b516a-32bf-4115-bf43-a244c9fe3217/oauth2/token (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Users\user\Desktop\vm_create\get_vm_creation_details_script.py", line 23, in <module>
    tenant = tenant,
  File "C:\Users\user\AppData\Local\Programs\Python\Python37-32\lib\site-packages\msrestazure\azure_active_directory.py", line 453, in __init__
    self.set_token()
  File "C:\Users\user\AppData\Local\Programs\Python\Python37-32\lib\site-packages\msrestazure\azure_active_directory.py", line 480, in set_token
    raise_with_traceback(AuthenticationError, "", err)
  File "C:\Users\user\AppData\Local\Programs\Python\Python37-32\lib\site-packages\msrest\exceptions.py", line 51, in raise_with_traceback
    raise error.with_traceback(exc_traceback)
  File "C:\Users\user\AppData\Local\Programs\Python\Python37-32\lib\site-packages\msrestazure\azure_active_directory.py", line 478, in set_token
    proxies=self.proxies)
  File "C:\Users\user\AppData\Local\Programs\Python\Python37-32\lib\site-packages\requests_oauthlib\oauth2_session.py", line 284, in fetch_token
    verify=verify, proxies=proxies)
  File "C:\Users\user\AppData\Local\Programs\Python\Python37-32\lib\site-packages\requests\sessions.py", line 581, in post
    return self.request('POST', url, data=data, json=json, **kwargs)
  File "C:\Users\user\AppData\Local\Programs\Python\Python37-32\lib\site-packages\requests_oauthlib\oauth2_session.py", line 425, in request
    headers=headers, data=data, **kwargs)
  File "C:\Users\user\AppData\Local\Programs\Python\Python37-32\lib\site-packages\requests\sessions.py", line 533, in request
    resp = self.send(prep, **send_kwargs)
  File "C:\Users\user\AppData\Local\Programs\Python\Python37-32\lib\site-packages\requests\sessions.py", line 646, in send
    r = adapter.send(request, **kwargs)
  File "C:\Users\user\AppData\Local\Programs\Python\Python37-32\lib\site-packages\requests\adapters.py", line 514, in send
    raise SSLError(e, request=request)
msrest.exceptions.AuthenticationError: , SSLError: HTTPSConnectionPool(host='login.microsoftonline.com', port=443): Max retries exceeded with url: /e16b516a-32bf-4115-bf43-a244c9fe3217/oauth2/token (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))```

Upvotes: 0

Views: 3564

Answers (1)

Bhargavi Annadevara
Bhargavi Annadevara

Reputation: 5492

You could try the following:

  • Update certifi/msrest packages to the latest versions
  • Turn off the cert validation at SDK client object, or,
  • Supply the bundle file to the client

It would have helped to look at the code snippet that you are running, but do check if any of the above helps get around the problem. If not, here are some workarounds to explore from other similar issues from the past:

If the issue still persists, please open an issue with the azure-sdk-for-python repo on GitHub for the Team to look at.

Upvotes: 1

Related Questions