SSLError on exchangelib : can't connect on the server - McMap

About

SSLError on exchangelib : can't connect on the server

Asked 11/10, 2017 at 14:59 Answered 24/10, 2019 at 1:35

python proxy ssl-certificate enterprise exchangelib

L

1

7

I have a problem with exchangelib. Here is my code:

creds = Credentials(
username="domain_name\\username", 
password="password")

config = Configuration(server='mail.solutec.fr', credentials=creds)

account = Account(
primary_smtp_address="[email protected]",
autodiscover=False, 
config = config,
access_type=DELEGATE)

Here is the error I get:

SSLError: HTTPSConnectionPool(host='mail.solutec.fr', port=443): Max retries exceeded with url: /EWS/Exchange.asmx (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",),))

I can make it work by adding this:

from exchangelib.protocol import BaseProtocol, NoVerifyHTTPAdapter
BaseProtocol.HTTP_ADAPTER_CLS = NoVerifyHTTPAdapter

But it's just bypassing the security, so it's not what we want. If i use shared connection from my phone there is no error, so it looks like there is a problem with my enterprise proxy. I saw things about transport adapters but don't really understood how to make it work.

So, how can I make it work nicely without this bypassing solution ?

Thank you !

Lambard answered 11/10, 2017 at 14:59 Comment(4)

Does a simple request to the mail server succeed? import requests; requests.get('https://mail.solutec.fr') If not, then the problem is with your local root certificate setup, not exchangelib itself. – Wahkuna 18/10, 2017 at 7:12

No it doesn't. I have the certificate but don't know where to put it. – Lambard 19/10, 2017 at 15:0

requests gives you two options. 1) Use the REQUESTS_CA_BUNDLE environment variable (docs.python-requests.org/en/master/user/advanced/…), and 2) use the options available in the certifi package (docs.python-requests.org/en/master/user/advanced/…) – Wahkuna 20/10, 2017 at 6:36

Maybe it's a bit late, but I had the same issue and solved it: Follow LINK – Loxodromic 12/7, 2018 at 11:11

V

0

Use the code for "Proxies and custom TLS validation"

https://pypi.org/project/exchangelib/

I did this and used my internal PKI teams's ca bundle (which housed the CA that signed the server's cert).

Now you're secured and are overriding the OS's cert store (which does not have the firm's CA bundle in my case)

Virilism answered 24/10, 2019 at 1:35 Comment(0)

Recommended topics

#Godot #Unity #Godot 4.X #Mongodb

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

© 2022 - 2024 — McMap. All rights reserved.