You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
given: there is a strimzi-kafka with authentication.type=tls and self-signed certificates.
on python 3.12 the application connects without problems. when upgrading to python 3.13 an error occurs: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Missing Authority Key Identifier (_ssl.c:1020)
The create_default_context() API now includes VERIFY_X509_PARTIAL_CHAIN and VERIFY_X509_STRICT in its default flags.
Note VERIFY_X509_STRICT may reject pre-RFC 5280 or malformed certificates that the underlying OpenSSL implementation might otherwise accept. Whilst disabling this is not recommended, you can do so using:
import ssl
ctx = ssl.create_default_context()
ctx.verify_flags &= ~ssl.VERIFY_X509_STRICT
disabling it works, but it's not quite right.
anybody run into this? I couldn't find anything in the issues.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Strimzi
-
given: there is a strimzi-kafka with authentication.type=tls and self-signed certificates.
on python 3.12 the application connects without problems. when upgrading to python 3.13 an error occurs:
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Missing Authority Key Identifier (_ssl.c:1020)the release (Oct. 7, 2024) has this:
https://docs.python.org/3/whatsnew/3.13.html#ssl
disabling it works, but it's not quite right.
anybody run into this? I couldn't find anything in the issues.
Beta Was this translation helpful? Give feedback.
All reactions