KX Community

Find answers, ask questions, and connect with our KX Community around the world.
KX Community Guidelines

Home Forums PyKX PyKX TLS Mode with company CA

  • PyKX TLS Mode with company CA

    Posted by mauricemoore on September 1, 2023 at 12:00 am

    Hi,

    Is it possible to use an internal company CA file with PyKX?

    From an ordinary q session, it’s possible to connect to a TLS enabled kdb server as long as env variable SSL_CA_CERT_FILE is set, and an openssl library is accessible.;

    h:hopen`$":tcps://…"

    I was hoping this would also work for PyKX IPC but I’ve had no luck so far.

     

    Thanks

    mauricemoore replied 9 months, 3 weeks ago 3 Members · 7 Replies
  • 7 Replies
  • cmccarthy1

    Member
    September 4, 2023 at 12:00 am

    Hi,

    This should work, could you provide the error that you’re seeing when attempting to initialise the connection?

    There are multiple IPC connection types with PyKX, my suggestion would be that for TLS enabled IPC you make use of the SecureQConnection class documented here

    If this does not work a minimal code example would be extremely helpful.

  • mauricemoore

    Member
    September 6, 2023 at 12:00 am

    Hi, Thanks for replying, I’m guessing it does not know where my company CA certificate is by default; >>> q = pykx.SecureQConnection(host = machineX, port = portX, username = userX, password = passwX, tls = True)Traceback (most recent call last):File “”, line 1, in File “C:UsersmmoorePycharmProjectsNodeJsvenvlibsite-packagespykxipc.py”, line 1971, in __init__self._init(host,File “C:UsersmmoorePycharmProjectsNodeJsvenvlibsite-packagespykxipc.py”, line 383, in _initraise PyKXException(self._ipc_errors.get(self._handle, ‘Unknown IPC error’))pykx.exceptions.PyKXException: OpenSSL initialization failed

  • mauricemoore

    Member
    September 6, 2023 at 12:00 am

    Hi,

    Thanks for replying, I’m guessing it does not know where my company CA certificate is by default;

    >>> q = pykx.SecureQConnection(host = machineX, port = portX, username = userX, password = passwX, tls = True)
    Traceback (most recent call last):
    File "<stdin>", line 1, in <module>
    File "C:UsersmmoorePycharmProjectsNodeJsvenvlibsite-packagespykxipc.py", line 1971, in __init__
    self._init(host,
    File "C:UsersmmoorePycharmProjectsNodeJsvenvlibsite-packagespykxipc.py", line 383, in _init
    raise PyKXException(self._ipc_errors.get(self._handle, 'Unknown IPC error'))
    pykx.exceptions.PyKXException: OpenSSL initialization failed
  • rocuinneagain

    Member
    September 7, 2023 at 12:00 am

    If you have a q process which is able to use TLS then you can compare the output of it’s -26![] with the output of pykx.ssl_info[] in Python. This often shows what differences are causing the problems. – https://code.kx.com/q/basics/internal/#-26x-sslhttps://code.kx.com/pykx/1.6/changelog.html#pykx-140

  • rocuinneagain

    Member
    September 7, 2023 at 12:00 am

    If you have a q process which is able to use TLS then you can compare the output of it’s -26![] with the output of pykx.ssl_info[] in Python. This often shows what differences are causing the problems.

     

  • mauricemoore

    Member
    September 11, 2023 at 12:00 am

    Thanks for providing this command – pykx.ssl_info() It seems the issue is on my side and related to the openssl library >>> pykx.ssl_info()Traceback (most recent call last):File “”, line 1, in File “pykx\_ipc.pyx”, line 74, in pykx._ipc.ssl_infoFile “pykx\_ipc.pyx”, line 79, in pykx._ipc.ssl_infoFile “pykx\_wrappers.pyx”, line 493, in pykx._wrappers.factorypykx.exceptions.QError: Could not initialize openssl. Error was The specified module could not be found. But it seems my openssl set up is okay; >>> os.system(‘openssl version’) OpenSSL 3.1.1 30 May 2023 (Library: OpenSSL 3.1.1 30 May 2023)0>>> I’ll update the thread if I find the issue on my side. Thanks.

  • mauricemoore

    Member
    September 11, 2023 at 12:00 am

    Thanks for providing this command – pykx.ssl_info()

    It seems the issue is on my side and related to the openssl library

    >>> pykx.ssl_info()
    Traceback (most recent call last):
    File "<stdin>", line 1, in <module>
    File "pykx\_ipc.pyx", line 74, in pykx._ipc.ssl_info
    File "pykx\_ipc.pyx", line 79, in pykx._ipc.ssl_info
    File "pykx\_wrappers.pyx", line 493, in pykx._wrappers.factory
    pykx.exceptions.QError: Could not initialize openssl. Error was The specified module could not be found.

     

    But it seems my openssl set up is okay;

    >>> os.system('openssl version') 
    OpenSSL 3.1.1 30 May 2023 (Library: OpenSSL 3.1.1 30 May 2023)
    0
    >>>

     

    I’ll update the thread if I find the issue on my side.

    Thanks.

Log in to reply.