When I execute google-ads python sample code I get the following error
DEBUG:google.auth.transport.requests:Making request: POST https://accounts.google.com/o/oauth2/token
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): accounts.google.com:443
DEBUG:urllib3.connectionpool:https://accounts.google.com:443 "POST /o/oauth2/token HTTP/1.1" 200 None
E0421 09:57:53.365121806 21019 ssl_transport_security.cc:1455] Handshake failed with fatal error SSL_ERROR_SSL: error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED.
INFO:google.ads.googleads.client:Request
-------
Method: /google.ads.googleads.v6.services.GoogleAdsService/SearchStream
Host: googleads.googleapis.com
Headers: {
"developer-token": "REDACTED",
"x-goog-api-client": "gl-python/3.8.6 grpc/1.37.0 gax/1.26.3",
"x-goog-request-params": "customer_id="
}
Request: query: "\n SELECT\n campaign.id,\n campaign.name\n FROM campaign\n ORDER BY campaign.id"
Response
-------
Headers: {}
Fault: {
"created": "#1619013473.365323139",
"description": "Failed to pick subchannel",
"file": "src/core/ext/filters/client_channel/client_channel.cc",
"file_line": 5419,
"referenced_errors": [
{
"created": "#1619013473.365317068",
"description": "failed to connect to all addresses",
"file": "src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc",
"file_line": 397,
"grpc_status": 14
}
]
}
I am behind a corporate network that uses its own certificate for every Internet connection.
Our servers trust the internal certificates. I replaced the CA certs in certifi with our CA certs and urllib3 connects fine to both accounts.google.com and googleads.googleapis.com.
curl to both URLs work fine as well
From the error above looks like urllib3 connected fine but GRPC had an issue. Given curl works, the OS ca certs are fine so where does GRPC pick the ca certs from that I would need to add our corporate issuer certs to?
google-ads: 10.0.0 / python: 3.8.0 / RHEL7
If the corporate network has a proxy swaps the credentials, CERTIFICATE_VERIFY_FAILED might occur. You may want to supply your company's root credentials via https://grpc.github.io/grpc/python/grpc.html#create-client-credentials. I'm not sure how to do it with google-auth, you may want to post your question there: https://github.com/googleapis/google-auth-library-python
Related
I am pushing OTEL traces to splunk and facing below error.
{"kind": "exporter", "name": "splunk_hec", "error": "Post \https://prd-p-fyu1e.splunkcloud.com:8088/services/collector\: x509: certificate signed by unknown authority, but wanted to match prd-p-fyu1e.splunkcloud.com", "interval": "29.295443106s"}
I am using windows dockers desktop. Any pointers what is missing
Snippet of OTEL Collector exporters:
splunk_hec:
token: "11d4f458-XXXXX-42cd"
endpoint: "prd-p-fyu1e.splunkcloud.com:8088/services/collector"
I guess you are using splunkhecexporter, so disable cert verification:
insecure_skip_verify: true
Apparently, Splunk cloud doesn't use correct TLS cert from well known CA in this case.
I'm trying to make my build agent work with an already configured proxy server.
The proxy server address is : http://MY_SERVER_DNS:8081
On my build machine inside the agent directory I created a .proxy file which contains the above proxy address and created the relevant environment variables (VSTS_HTTP_PROXY_USERNAME, VSTS_HTTP_PROXY_PASSWORD).
After a restart to the build agent service the indicator in VSTS goes red (instead of green).
A partial (most relevant I guess) agent log is attached:
{ Request = Method: GET, RequestUri: 'https://siemplify.visualstudio.com/_apis/connectionData?connectOptions=1&lastChangeId=-1&lastChangeId64=-1', Version: 1.1, Content: <null>, Headers:
{
User-Agent: VSServices/15.255.65000.0
User-Agent: (NetStandard; Microsoft Windows 6.3.9600)
User-Agent: VstsAgentCore-win7-x64/2.120.2
User-Agent: (Microsoft Windows 6.3.9600)
X-VSS-E2EID: 5aadb1b3-6269-4998-b258-4a5fcc1b9345
Accept-Language: en-US
X-TFS-FedAuthRedirect: Suppress
X-TFS-Session: 13f3aaa0-7f5c-40e1-8af0-0b5feb53d4bc
Expect: 100-continue
}, LoggingRequestId = ab31853f-a392-486f-b288-f9ca4bdee28c, Timestamp = 237057153 }
[2018-03-08 14:15:50Z INFO HttpTrace] Trace System.Net.Http.Response event:
{ Response = StatusCode: 400, ReasonPhrase: 'Bad Request', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{
Connection: close
Date: Thu, 08 Mar 2018 14:15:32 GMT
Server: Microsoft-HTTPAPI/2.0
Content-Length: 324
Content-Type: text/html; charset=us-ascii
}, LoggingRequestId = ab31853f-a392-486f-b288-f9ca4bdee28c, TimeStamp = 237507550 }
[2018-03-08 14:15:51Z ERR VisualStudioServices] GET request to https://siemplify.visualstudio.com/_apis/connectionData?connectOptions=1&lastChangeId=-1&lastChangeId64=-1 failed. System.Net.Http.HttpRequestException: Error while copying content to a stream. ---> System.IO.IOException: Unable to read data from the transport connection. The connection was closed before all data could be read. Expected 324 bytes, read 0 bytes.
Any help would be greatly appreciated!
You could first upgrade your private build agent by right-click the agent pool, and then click Update all agents. The latest version of build agent is 2.129.1.
After updating the agent, try to follow the steps in the following link to run a v2 private agent behind a web proxy: VSTS, TFS 2018 RTM and newer:
Pass --proxyurl, --proxyusername and --proxypassword during agent configuration.
For example:
./config.cmd --proxyurl http://127.0.0.1:8888 --proxyusername "1" --proxypassword "1"
Make sure that the proxy file that you created doesn't have spaces around the proxy address which you mention in the proxy file. Make sure you trim it off.
More info here link
I'm developing a little project with microservices, I want to configure Kong as the API-Gateway for my structure but I'm not able to forward incoming requests from Kong to my services.
For example, I have a docker container running locally on address 172.18.0.15 and port 8006. I can access the api just fine at 172.18.0.15:8006/compute, I would like to configure kong in order to be able to make the same call at localhost:8001/compute. Am I missing something? Should api be present in my url in order for Kong to discover my api? This is the configuration that I've added to Kong, I basically just added all REST methods and set url:port as the upstream-url field.
{
"data": [
{
"created_at": 1514479841682,
"http_if_terminated": false,
"https_only": false,
"id": "9cf925a5-2c27-4dbc-ae2a-e70fba94ef53",
"methods": [
"GET",
"POST",
"PUT",
"DELETE"
],
"name": "compute",
"preserve_host": false,
"retries": 5,
"strip_uri": true,
"upstream_connect_timeout": 60000,
"upstream_read_timeout": 60000,
"upstream_send_timeout": 60000,
"upstream_url": "http://172.18.0.15:8006"
}
],
"total": 1
}
This is not working for me: when I try to access the API through localhost, the request times out with a 499 error. Any help is highly appreciated.
EDIT: I've tried adding my API by setting the URI field instead. I've inspected using docker logs kong and it looks like kong is definetely accessing the correct address, but is timing out for some unknown reason:
2017/12/28 17:55:25 [error] 47#0: *103 upstream timed out (110: Connection timed out) while connecting to upstream, client: 172.17.0.1, server: kong, request: "GET /compute?origin=20,20&destination=20,20 HTTP/1.1", upstream: "http://172.18.0.15:8006/compute?origin=20,20&destination=20,20", host: "localhost:8000"
However, if I access the same address using curl it works just fine:
# curl http://172.18.0.15:8006/compute?origin=20,20\&destination=20,20
[]
I highly doubt anybody else will encounter the same issue but the problem was in my Docker configuration, I forgot to put the api gateway on the same subnet as the services. Fixing this solved my issue.
In an effort to be OAuth'd with Etsy, I have tried countless solutions in C# to at least start the authentication process (ie get the login URL):
eg
mashery.com, http://term.ie/oauth/example/client.php and question #8321034
but the response is always the same:
oauth_problem=signature_invalid&debug_sbs=GET&https%3A%2F%2Fopenapi.etsy.com%2Fv2%2Foauth%2Frequest_token&oauth_consumer_key%3D...my-consumer-key...%26oauth_nonce%3D2de91e1361d1906bbae04b15f42ab38d%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1502362164%26oauth_version%3D1.0%26scope%3Dlistings_w%2520listings_r
and so I'm resorting to the dreaded world of PHP...
On my machine, I've installed the following (Windows 10):
XAMPP (xampp-win32-7.1.7-0-VC14-installer) with default options
JDK (jdk-8u144-windows-i586)
JRE (jre-8u144-windows-i586)
php_oauth.dll ([php_oauth-2.0.2-7.1-ts-vc14-x86.zip][4]) and copying it to C:\xampp\php\ext
[cacert.pem][4], (dated Jun 7 03:12:05 2017) and coping it to the following directories:
C:\xampp\perl\vendor\lib\Mozilla\CA
C:\xampp\phpMyAdmin\vendor\guzzle\guzzle\src\Guzzle\Http\Resources
Apache and Tomcat would not run to begin with from XAMPP because it said that ports 443 and 80 were being used/blocked and so I duly changed these to 444 and 122 in
C:\xampp\apache\conf\extra\httpd-ssl.conf
C:\xampp\apache\conf\httpd.conf
All good so far but when I run the following script in my browser (http://localhost:444/dashboard/etsy.php):
<?php
$base_uri = 'https://openapi.etsy.com';
$api_key = 'my-etsy-api-key';
$secret = 'my-etsy-api-secret';
$oauth = new OAuth($api_key, $secret, OAUTH_SIG_METHOD_HMACSHA1, OAUTH_AUTH_TYPE_URI);
$req_token = $oauth->getRequestToken($base_uri .= "/v2/oauth/request_token?scope=listings_w%20transactions_r", 'oob');
$login_url = $req_token['login_url'];
print "Please log in and allow access: $login_url \n\n";
$verifier = readline("Please enter verifier: ");
$verifier = trim($verifier);
$oauth->setToken($req_token['oauth_token'], $req_token['oauth_token_secret']);
$acc_token = $oauth->getAccessToken($base_uri .= "/v2/oauth/access_token", null, $verifier);
$oauth_token = $acc_token['oauth_token'];
$oauth_token_secret = $acc_token['oauth_token_secret'];
$oauth->setToken($oauth_token, $oauth_token_secret);
print "Token: $oauth_token \n\n";
print "Secret: $oauth_token_secret \n\n";
?>
I get the following error message:
Fatal error: Uncaught OAuthException: making the request failed (Peer
certificate cannot be authenticated with given CA certificates) in
C:\xampp\htdocs\dashboard\etsy.php:8 Stack trace: #0
C:\xampp\htdocs\dashboard\etsy.php(8):
OAuth->getRequestToken('https://openapi...', 'oob') #1 {main} thrown
in C:\xampp\htdocs\dashboard\etsy.php on line 8
I've tried running the script with each thread safe, x86 version of OAuth (http://windows.php.net/downloads/pecl/releases) - stop, restart Apache) but no luck.
I'm at my wits end.
How to I resolve this Peer certificate problem?
Simply disable the SSL on local.
$oauth->disableSSLChecks()
Oauth by default using CURL SSL Certificate. The simple way for local apache server is to disable it. Either configure the SSL for the CURL. It will also resolve the issue for oauth.
as per php documentation
we can set the certificate path simply.
$oauth->setCAPath("F:\xampp\php\extras\ssl\cacert.pem");
print_r($oauth->getCAPath());
You can also set the request engine to curl or php stream if the ssl is already configured.
Official PHP documentation
I am trying to use SSL with MQTT and gets following error,
1379677998: Client connection from 127.0.0.1 failed: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number.
1379678058: OpenSSL Error: error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure
1379678058: Socket read error on client (null), disconnecting.
My conf file has seetings as below,
port 8883
cafile /home/administrator/Downloads/mosquitto-1.2.1_dilip/test/ssl/test-root-ca.crt (also tried all-ca.crt here)
certfile /home/administrator/Downloads/mosquitto-1.2.1_dilip/test/ssl/server.crt
keyfile /home/administrator/Downloads/mosquitto-1.2.1_dilip/test/ssl/server.key
tls_version tlsv1
require_certificate true (tried commenting this too)
and I run, 08-ssl-connect-cert-auth.test from test folder. code snippet included below
mosquitto_tls_opts_set(mosq, 1, "tlsv1", NULL);
mosquitto_tls_set(mosq, "../ssl/test-root-ca.crt", "../ssl/certs", "../ssl/client.crt", "../ssl/client.key", NULL);
mosquitto_connect_callback_set(mosq, on_connect);
mosquitto_disconnect_callback_set(mosq, on_disconnect);
rc = mosquitto_connect(mosq, "localhost", 8883, 60);
Environment info:
Python 2.7.3
OpenSSL 1.0.1 14 Mar 2012
Description: Ubuntu 12.04.2 LTS
Release: 12.0
mosquitto-1.2.1/mosquitto-1.2
Please let me know what could go wrong here? I also tried generating certificates using gen.sh.
Thanks in advance.
-Dilip
On a general note - you should be generating your own certificates, don't use the ones provided by mosquitto for testing, or use the gen.sh script without modifying it for your own details.
To use the certificates provided, you should be using all-ca.crt in the broker. It contains the example root CA and intermediary CA certificates. The client only requires the root CA for verification purposes.
You are using a full path to the certificates in the broker configuration, but relative paths in the client. Are you sure that they are both correct?
Have you tried running the tests unmodified with make test? This would tell you if there is a problem with your openssl installation for example.