I got an error when using setCredentials

[cryptid11]

ValueError: Invalid header value 'Basic pokwepdokwo\n'

pokwepdokwo is the actual encoding of user:password that I see also in the Authorization field in the Request header for example in Chrome, so there is a wrongfully added \n at the end, is this an error or it's me do something wrong?

[joernhees]

seems related to #55

[cryptid11]

Perfect, it's exactly what I suspect, I change and now it works perfectly.

[cryptid11]

But I have another problem you can add to resolve in a row,

 urllib2.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)>

(Because now I'm using a test server with no ssl certificate.)

I solve this replacing line 537 in Wrapper.py with:

        import ssl
        ctx = ssl.create_default_context()
        ctx.check_hostname = False
        ctx.verify_mode = ssl.CERT_NONE
        response = urlopener(request, context=ctx)

[joernhees]

hmm, might be an ad-hoc fix for you, but i'm against adding this by default as it disables SSL certificate verification

[cryptid11]

I think adding an option will be very useful, an option that is visible only if people need it. Obviously the standard setting will be to check SSL cert.

[AlexanderWillner]

Definitely need an option to specify some SSL related parameters. Either a verify='/path/to/public_key.pem' or a verify = False

[joernhees]

first, let me point you to https://www.python.org/dev/peps/pep-0476/

python by default uses and verifies the system provided ssl certs, which is a good thing.

if you want to ignore ssl verification for whatever reason you can already achieve this right now (but you should not) by using the 2nd attempt mentioned in https://www.python.org/dev/peps/pep-0476/#opting-out .

Another (IMO) much better approach is to actually verify the certificate with the help of the following two environment variables SSL_CERT_DIR and SSL_CERT_FILE:

$ python -c 'import ssl ; print ssl.get_default_verify_paths()'
DefaultVerifyPaths(cafile='/usr/local/etc/openssl/cert.pem', capath='/usr/local/etc/openssl/certs', openssl_cafile_env='SSL_CERT_FILE', openssl_cafile='/usr/local/etc/openssl/cert.pem', openssl_capath_env='SSL_CERT_DIR', openssl_capath='/usr/local/etc/openssl/certs')
$ SSL_CERT_DIR='/some/cert/dir' SSL_CERT_FILE='/some/cert/file.pem' python -c 'import ssl ; print ssl.get_default_verify_paths()'
DefaultVerifyPaths(cafile='/some/cert/file.pem', capath='/some/cert/dir', openssl_cafile_env='SSL_CERT_FILE', openssl_cafile='/usr/local/etc/openssl/cert.pem', openssl_capath_env='SSL_CERT_DIR', openssl_capath='/usr/local/etc/openssl/certs')

that said, i'm not against the possibility of customizing request parameters in any way. I'm just strongly against offering a default "ignore ssl" flag, which might give a false impression that it's somehow ok or a common case to ignore ssl errors.

So if someone wants to go ahead and allow passing along more options to urlopener, e.g. a context i won't stand in the way. What you should know though is that it long term SPARQLWrapper will probably base on the requests library (see #51), so maybe this is just a minor add-on then.