Python-slack-sdk: aiohttp.client_exceptions.ClientConnectorSSLError with v2

Created on 2 Jul 2019  Â·  10Comments  Â·  Source: slackapi/python-slack-sdk

Description

I was following the Migration Guide and some calls now throw exceptions which didn't occur back to 1.3.x version. There is nothing in the migration documentation about that.

What type of issue is this? (place an x in one of the [ ])

  • [x] bug
  • [ ] enhancement (feature request)
  • [ ] question
  • [x] documentation related
  • [ ] testing related
  • [ ] discussion

Requirements (place an x in each of the [ ])

  • [x] I've read and understood the Contributing guidelines and have done my best effort to follow them.
  • [x] I've read and agree to the Code of Conduct.
  • [x] I've searched for any related issues and avoided creating a duplicate issue.

Bug Report

Reproducible in:

slackclient version: 2.1.0

python version: 3.7.3

OS version(s): Ubuntu 19.04

Steps to reproduce:

from os import environ
from slack import WebClient
slack_client = WebClient(environ["SLACK_API_TOKEN"], timeout=30)
api_call = slack_client.api_call('users.list')
if api_call.get('ok'):
    # retrieve all users so we can find our bot
    users = api_call.get('members')
    for user in users:
        if 'name' in user and user.get('name') == SLACK_BOT_NAME:
            BOT_ID = user.get('id')
else:
    print('Could not reach Slack with your SLACK_BOT_TOKEN. Please check if ' +
          'your SLACK_BOT_TOKEN and SLACK_BOT_NAME are both correct.')
    exit(1)

Expected result:

Code goes through IF statement to check the call result.

Actual result:

Exceptions are given such as:
aiohttp.client_exceptions.ClientConnectorSSLError: Cannot connect to host www.slack.com:443 ssl:None [[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:847)]

Attachments:

Sample project being migrated: https://github.com/staticdev/k8s-python-slackbot/blob/master/echobot.py

2x question

Most helpful comment

This SDK uses Python 3.6+ and as of this version :

macOS users: If you are using the Python 3.6 from the python.org binary installer linked on this page, please carefully read the Important Information displayed during installation; this information is also available after installation by clicking on /Applications/Python 3.6/ReadMe.rtf. There is important information there about changes in the 3.6.0 installer-supplied Python, particularly with regard to SSL certificate validation.

From ReadMe.rtf at the time of this writing:

Certificate verification and OpenSSL
NEW This variant of Python 3.6 now includes its own private copy of OpenSSL 1.0.2. Unlike previous releases, the deprecated Apple-supplied OpenSSL libraries are no longer used. This also means that the trust certificates in system and user keychains managed by the Keychain Access application and the security command line utility are no longer used as defaults by the Python ssl module. For 3.6.0, a sample command script is included in /Applications/Python 3.6 to install a curated bundle of default root certificates from the third-party certifi package (https://pypi.python.org/pypi/certifi). If you choose to use certifi, you should consider subscribing to the project's email update service to be notified when the certificate bundle is updated.
The bundled pip included with the Python 3.6 installer has its own default certificate store for verifying download connections.

There are only two resolutions I've seen thus far:

  1. Install Certifi.
$ pip install certifi

and update your code:

    ssl_context = ssl_lib.create_default_context(cafile=certifi.where())
    slack_token = os.environ["SLACK_BOT_TOKEN"]
    client = slack.WebClient(
        token=slack_token, ssl=ssl_context
    )
  1. Update your local Python certificates.
# Python 3.6
$ /Applications/Python\ 3.6/Install\ Certificates.command

# Python 3.7
$ /Applications/Python\ 3.7/Install\ Certificates.command

All 10 comments

I am following migration guide and get no further than:
`>>> import slack

client = slack.WebClient(token='testtoken')
Traceback (most recent call last):
File "", line 1, in
AttributeError: module 'slack' has no attribute 'WebClient'
`

These git repositories and all the documentation seems woefully out of date, despite being recently updated.... I'm trying to do a PoC in python and am getting nowhere.

==
Ubuntu 18.04
Python 3.6.8 (default, Jan 14 2019, 11:02:34)
[GCC 8.0.1 20180414 (experimental) [trunk revision 259383]] on linux
Type "help", "copyright", "credits" or "license" for more information.

import os
from slack import WebClient
Traceback (most recent call last):
File "", line 1, in
ImportError: cannot import name 'WebClient'

I imagine this is my issue:

slack==0.0.2
slackclient==1.0.2

any hints?

@cnemelka I am talking about slackclient==2.1.0. I don't know this slack package.

Issue was version of slack. Thank you for the responses
--cnemelka

On Tue, Jul 2, 2019 at 4:41 PM staticdev notifications@github.com wrote:

@cnemelka https://github.com/cnemelka I am talking about
slackclient==2.1.0. I don't know this slack package.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/slackapi/python-slackclient/issues/472?email_source=notifications&email_token=AGQQDJFP5A2KXXLVQFBLZJDP5PKRDA5CNFSM4H432AQKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODZCX5AA#issuecomment-507870848,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AGQQDJAXFM3R53Q4WK22T6TP5PKRDANCNFSM4H432AQA
.

Hi @staticdev, this issue stems from the internal HTTP Client aiohttp having trouble locating your SSL certificate. This often occurs when run inside a virtual machine. A solution that I've found was using a package called certifi. Here's an example of that usage:

    ssl_context = ssl_lib.create_default_context(cafile=certifi.where())
    slack_token = os.environ["SLACK_BOT_TOKEN"]
    rtm_client = slack.RTMClient(
        token=slack_token, ssl=ssl_context
    )

I hope this helps. If you're still having trouble please let me know.

@RodneyU215 Before migrating to 2.X no certificate was needed for a bot. Is it now required? Can't I use it without SSL? There is also nothing related to SSL or certificates in the Migration documentation.

I've followed the get started tutorial and written a simple script that should simply post a message on a slack channel.
Slack token is set correctly.

When I run the script I get the same error as many of you:
aiohttp.client_exceptions.ClientConnectorCertificateError: Cannot connect to host www.slack.com:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)')]

I've googled and found several people trying to apply not fully clear fixes, like downgrade some other libraries version. A clear solution or hint here would be appreciated. Thank you for you help.

Python version: 3.7
OS: Mac OS, with a virtualenv
slack-client version: 2.1.0

This SDK uses Python 3.6+ and as of this version :

macOS users: If you are using the Python 3.6 from the python.org binary installer linked on this page, please carefully read the Important Information displayed during installation; this information is also available after installation by clicking on /Applications/Python 3.6/ReadMe.rtf. There is important information there about changes in the 3.6.0 installer-supplied Python, particularly with regard to SSL certificate validation.

From ReadMe.rtf at the time of this writing:

Certificate verification and OpenSSL
NEW This variant of Python 3.6 now includes its own private copy of OpenSSL 1.0.2. Unlike previous releases, the deprecated Apple-supplied OpenSSL libraries are no longer used. This also means that the trust certificates in system and user keychains managed by the Keychain Access application and the security command line utility are no longer used as defaults by the Python ssl module. For 3.6.0, a sample command script is included in /Applications/Python 3.6 to install a curated bundle of default root certificates from the third-party certifi package (https://pypi.python.org/pypi/certifi). If you choose to use certifi, you should consider subscribing to the project's email update service to be notified when the certificate bundle is updated.
The bundled pip included with the Python 3.6 installer has its own default certificate store for verifying download connections.

There are only two resolutions I've seen thus far:

  1. Install Certifi.
$ pip install certifi

and update your code:

    ssl_context = ssl_lib.create_default_context(cafile=certifi.where())
    slack_token = os.environ["SLACK_BOT_TOKEN"]
    client = slack.WebClient(
        token=slack_token, ssl=ssl_context
    )
  1. Update your local Python certificates.
# Python 3.6
$ /Applications/Python\ 3.6/Install\ Certificates.command

# Python 3.7
$ /Applications/Python\ 3.7/Install\ Certificates.command

As Rodney mentioned, fixing certificates on the machine may address the issue shared here. For macOS, this thread looks like a quite similar one: https://stackoverflow.com/a/53310545

Personally, I haven't encountered this issue and I think no actions are needed on this package side. For now, I don't close this issue. However, we may be closing this sometime in the future. Allow us to do so to keep this place more manageable (I'm working on organizing the remaining issues).

If someone can share helpful information with others, that'd be greatly appreciated.

Personally, I haven't encountered this issue and I think no actions are needed on this package side. For now, I don't close this issue. However, we may be closing this sometime in the future. Allow us to do so to keep this place more manageable (I'm working on organizing the remaining issues).

Allow me to close this issue now due to the above reason.

When you have anything further to discuss here, please feel free to reopen this.

Was this page helpful?
0 / 5 - 0 ratings