Root CA not initialized if running in threads the first time #5831
Description
I want use mTLS for a server connection. If I start this in an thread, I get a connection refused message.
If I call them once in the main thread and then in the spawned thread, everything is fine.
It seems, that the RootCA is not initialized correct if I use them the first time within a thread.
Reproduction Steps
import requests
thread = None
stop_sync = False
def prooftoken_thread():
while not stop_sync:
with lock:
print("sync")
response = requests.get(PROOFTOKEN_URL, allow_redirects=True, cert=("./secrets/certificate", "./secrets/key"))
print(response.json())
time.sleep(10)
if __name__ == '__main__':
if PROOFTOKEN_URL:
print("start proof token sync job with URL: {}".format(PROOFTOKEN_URL))
###################################
# remove this line and the thread will fail
response = requests.get(PROOFTOKEN_URL, allow_redirects=True, cert=("./secrets/certificate", "./secrets/key"))
###################################
thread = threading.Thread(target=prooftoken_thread, daemon=True)
thread.start()
else:
print("No 'prooftoken_url' found. Running in 'app-only' mode.")
print("AuthZ Server Up and running")
app.run(host='0.0.0.0', port=8080, debug=False, threaded=False)StackTrace in case of failure
Exception in thread Thread-2:
Traceback (most recent call last):
File "/usr/local/lib/python3.8/site-packages/urllib3/connection.py", line 169, in _new_conn
conn = connection.create_connection(
File "/usr/local/lib/python3.8/site-packages/urllib3/util/connection.py", line 96, in create_connection
raise err
File "/usr/local/lib/python3.8/site-packages/urllib3/util/connection.py", line 86, in create_connection
sock.connect(sa)
ConnectionRefusedError: [Errno 111] Connection refused
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py", line 699, in urlopen
httplib_response = self._make_request(
File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py", line 382, in _make_request
self._validate_conn(conn)
File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py", line 1010, in _validate_conn
conn.connect()
File "/usr/local/lib/python3.8/site-packages/urllib3/connection.py", line 353, in connect
conn = self._new_conn()
File "/usr/local/lib/python3.8/site-packages/urllib3/connection.py", line 181, in _new_conn
raise NewConnectionError(
urllib3.exceptions.NewConnectionError: <urllib3.connection.HTTPSConnection object at 0x7fa17cce1f10>: Failed to establish a new connection: [Errno 111] Connection refused
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.8/site-packages/requests/adapters.py", line 439, in send
resp = conn.urlopen(
File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py", line 755, in urlopen
retries = retries.increment(
File "/usr/local/lib/python3.8/site-packages/urllib3/util/retry.py", line 574, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='eu-osb.accounts400.ondemand.com', port=443): Max retries exceeded with url: /sap/cp-kernel/identity/v1/prooftoken/1c30c40e-c434-41c1-a068-2036c08d2bb2/v2 (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7fa17cce1f10>: Failed to establish a new connection: [Errno 111] Connection refused'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.8/threading.py", line 932, in _bootstrap_inner
self.run()
File "/usr/local/lib/python3.8/threading.py", line 870, in run
self._target(*self._args, **self._kwargs)
File "src/main.py", line 137, in prooftoken_thread
response = requests.get(PROOFTOKEN_URL, allow_redirects=True, cert=("./secrets/certificate", "./secrets/key"))
File "/usr/local/lib/python3.8/site-packages/requests/api.py", line 76, in get
return request('get', url, params=params, **kwargs)
File "/usr/local/lib/python3.8/site-packages/requests/api.py", line 61, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/local/lib/python3.8/site-packages/requests/sessions.py", line 542, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python3.8/site-packages/requests/sessions.py", line 655, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python3.8/site-packages/requests/adapters.py", line 516, in send
raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='eu-osb.accounts400.ondemand.com', port=443): Max retries exceeded with url: /sap/cp-kernel/identity/v1/prooftoken/1c30c40e-c434-41c1-a068-2036c08d2bb2/v2 (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7fa17cce1f10>: Failed to establish a new connection: [Errno 111] Connection refused'))
System Information
$ python -m requests.help
{
"chardet": {
"version": "4.0.0"
},
"cryptography": {
"version": ""
},
"idna": {
"version": "2.10"
},
"implementation": {
"name": "CPython",
"version": "3.9.2"
},
"platform": {
"release": "20.4.0",
"system": "Darwin"
},
"pyOpenSSL": {
"openssl_version": "",
"version": null
},
"requests": {
"version": "2.25.1"
},
"system_ssl": {
"version": "101010bf"
},
"urllib3": {
"version": "1.26.4"
},
"using_pyopenssl": false
}