I am receiving an SSL error when trying to connect to a Jira instance using a client SSL certificate:
>>> jira.JIRA(server="https://jira.server", options={'client_cert':'/path/to/my/cert.pem', 'verify':False})
WARNING:root:HTTPSConnectionPool(host='https://jira.server', port=443): Max retries exceeded with url: /rest/api/2/serverInfo (Caused by SSLError(SSLError(1, '[SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:1056)'))) while doing GET https://jira.server/rest/api/2/serverInfo [{'params': None, 'headers': {'User-Agent': 'python-requests/2.22.0', 'Accept-Encoding': 'gzip, deflate', 'Accept': 'application/json,*.*;q=0.9', 'Connection': 'keep-alive', 'Cache-Control': 'no-cache', 'Content-Type': 'application/json', 'X-Atlassian-Token': 'no-check'}}]
WARNING:root:Got ConnectionError [HTTPSConnectionPool(host='jira.server', port=443): Max retries exceeded with url: /rest/api/2/serverInfo (Caused by SSLError(SSLError(1, '[SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:1056)')))] errno:None on GET https://jira.server/rest/api/2/serverInfo
{'response': None, 'request': <PreparedRequest [GET]>}\{'response': None, 'request': <PreparedRequest [GET]>}
WARNING:root:Got recoverable error from GET https://jira.server/rest/api/2/serverInfo, will retry [1/3] in 12.759554186699715s. Err: HTTPSConnectionPool(host='jira.server', port=443): Max retries exceeded with url: /rest/api/2/serverInfo (Caused by SSLError(SSLError(1, '[SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:1056)')))
^CTraceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/Users/toryan/.envs/python-jira/lib/python3.7/site-packages/jira/client.py", line 472, in __init__
si = self.server_info()
File "/Users/toryan/.envs/python-jira/lib/python3.7/site-packages/jira/client.py", line 2133, in server_info
j = self._get_json('serverInfo')
File "/Users/toryan/.envs/python-jira/lib/python3.7/site-packages/jira/client.py", line 2549, in _get_json
r = self._session.get(url, params=params)
File "/Users/toryan/.envs/python-jira/lib/python3.7/site-packages/jira/resilientsession.py", line 151, in get
return self.__verb('GET', url, **kwargs)
File "/Users/toryan/.envs/python-jira/lib/python3.7/site-packages/jira/resilientsession.py", line 136, in __verb
if self.__recoverable(response_or_exception, url, verb.upper(), retry_number):
File "/Users/toryan/.envs/python-jira/lib/python3.7/site-packages/jira/resilientsession.py", line 104, in __recoverable
time.sleep(delay)
KeyboardInterrupt
An identical request made using the requests module works correctly:
>>> requests.get("https://jira.server/rest/api/2/serverInfo", verify=False, cert='/path/to/my/cert.pem')
/Users/toryan/.envs/python-jira/lib/python3.7/site-packages/urllib3/connectionpool.py:851: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
InsecureRequestWarning)
<Response [200]>
The .pem file contains the certificate and private key. I get the same error when using a separate certificate and private key file, and passing these as a tuple to client_cert. I have also tried passing the contents of the .pem and .key files as strings, but this has not worked.
client_certis supposed to be "a tuple of (cert,key) for the requests library for client side SSL", not a filepath to the cert file.