-
PyKX TLS Mode with company CA
Hi,
Is it possible to use an internal company CA file with PyKX?
From an ordinary q session, it’s possible to connect to a TLS enabled kdb server as long as env variable SSL_CA_CERT_FILE is set, and an openssl library is accessible.;
h:hopen`$":tcps://…"
I was hoping this would also work for PyKX IPC but I’ve had no luck so far.
Thanks
-
7 Replies
-
Hi,
This should work, could you provide the error that you’re seeing when attempting to initialise the connection?
There are multiple IPC connection types with PyKX, my suggestion would be that for TLS enabled IPC you make use of the SecureQConnection class documented here
If this does not work a minimal code example would be extremely helpful.
-
Hi, Thanks for replying, I’m guessing it does not know where my company CA certificate is by default; >>> q = pykx.SecureQConnection(host = machineX, port = portX, username = userX, password = passwX, tls = True)Traceback (most recent call last):File “”, line 1, in File “C:UsersmmoorePycharmProjectsNodeJsvenvlibsite-packagespykxipc.py”, line 1971, in __init__self._init(host,File “C:UsersmmoorePycharmProjectsNodeJsvenvlibsite-packagespykxipc.py”, line 383, in _initraise PyKXException(self._ipc_errors.get(self._handle, ‘Unknown IPC error’))pykx.exceptions.PyKXException: OpenSSL initialization failed
-
Hi,
Thanks for replying, I’m guessing it does not know where my company CA certificate is by default;
>>> q = pykx.SecureQConnection(host = machineX, port = portX, username = userX, password = passwX, tls = True) Traceback (most recent call last): File "<stdin>", line 1, in <module> File "C:UsersmmoorePycharmProjectsNodeJsvenvlibsite-packagespykxipc.py", line 1971, in __init__ self._init(host, File "C:UsersmmoorePycharmProjectsNodeJsvenvlibsite-packagespykxipc.py", line 383, in _init raise PyKXException(self._ipc_errors.get(self._handle, 'Unknown IPC error')) pykx.exceptions.PyKXException: OpenSSL initialization failed
-
If you have a q process which is able to use TLS then you can compare the output of it’s -26![] with the output of pykx.ssl_info[] in Python. This often shows what differences are causing the problems. – https://code.kx.com/q/basics/internal/#-26x-ssl – https://code.kx.com/pykx/1.6/changelog.html#pykx-140
-
If you have a q process which is able to use TLS then you can compare the output of it’s
-26![]with the output ofpykx.ssl_info[]in Python. This often shows what differences are causing the problems.- https://code.kx.com/q/basics/internal/#-26x-ssl
- https://code.kx.com/pykx/1.6/changelog.html#pykx-140
-
Thanks for providing this command – pykx.ssl_info() It seems the issue is on my side and related to the openssl library >>> pykx.ssl_info()Traceback (most recent call last):File “”, line 1, in File “pykx\_ipc.pyx”, line 74, in pykx._ipc.ssl_infoFile “pykx\_ipc.pyx”, line 79, in pykx._ipc.ssl_infoFile “pykx\_wrappers.pyx”, line 493, in pykx._wrappers.factorypykx.exceptions.QError: Could not initialize openssl. Error was The specified module could not be found. But it seems my openssl set up is okay; >>> os.system(‘openssl version’) OpenSSL 3.1.1 30 May 2023 (Library: OpenSSL 3.1.1 30 May 2023)0>>> I’ll update the thread if I find the issue on my side. Thanks.
-
Thanks for providing this command – pykx.ssl_info()
It seems the issue is on my side and related to the openssl library
>>> pykx.ssl_info() Traceback (most recent call last): File "<stdin>", line 1, in <module> File "pykx\_ipc.pyx", line 74, in pykx._ipc.ssl_info File "pykx\_ipc.pyx", line 79, in pykx._ipc.ssl_info File "pykx\_wrappers.pyx", line 493, in pykx._wrappers.factory pykx.exceptions.QError: Could not initialize openssl. Error was The specified module could not be found.
But it seems my openssl set up is okay;
>>> os.system('openssl version') OpenSSL 3.1.1 30 May 2023 (Library: OpenSSL 3.1.1 30 May 2023) 0 >>>I’ll update the thread if I find the issue on my side.
Thanks.
Log in to reply.