SSL Verify Failed with TUS Protocol

fixed-term.louis · February 13, 2023, 11:06am

Hey !
I’m trying to upload some files to Pantaris API using the File API. I can reach the Platform API and retrieve the folder ids.
However, when I’m trying to send my files to the platform, I receive this error :
tusclient.exceptions.TusCommunicationError: HTTPSConnectionPool(host='upload.pantaris.io', port=443): Max retries exceeded with url: /files/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:992)')))

Details : Working on Python with tuspy library, trying to upload a single json file.

self.__tus_client = client.TusClient("https://upload.pantaris.io/files/",headers={"Authorization":"Token "+self.__token})
uploader = self.__tus_client.uploader(file_path = "test.json",metadata = {"directoryId":self.__project_ID,"fileName":"test.json","authorization":"Token "+self.__token},chunk_size = 200)
uploader.upload()

thomas.schuerle · February 13, 2023, 11:21am

hi and welcome @fixed-term.louis ,

are you using a proxy within, which could influence the connection?

Simple check from multiple clients, which are connected directly to the internet, are all fine:

curl -X POST -v https://upload.pantaris.io/files/
Tus-Resumable Required

fixed-term.louis · February 13, 2023, 12:06pm

We do use a proxy and your curl command get me a “Host not found error”. However I do not understand why it is working for api.pantaris.io and not upload.pantaris.io while I get the same answer with the curl command. Is it possible that the TUS Protocol is not recognized by our Proxy ?

fixed-term.louis · February 13, 2023, 1:14pm

okay I did some quick tests and I found that :

>>>
 r = requests.get("https://upload.pantaris.io/files")
print(r.status_code)
print(r.content)
>>>
requests.exceptions.SSLError: HTTPSConnectionPool(host='upload.pantaris.io', port=443): Max retries exceeded with url: /files (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate 
verify failed: unable to get local issuer certificate (_ssl.c:992)')))

but if I do this :

>>>
 r = requests.get("https://api.pantaris.io/v2/directories/search")
print(r.status_code)
print(r.content)

>>>
401
b'{"error":{"status":401,"code":"NOT_AUTHORIZED","title":"No valid authorization provided","detail":"The request requires authorization, but a valid one was not provided."}}'

I understand totally why I got the second answer, but why do I get the first one ?

thomas.schuerle · February 13, 2023, 1:28pm

I am pretty sure, both endpoints using the same certificate, so this is a good question. However, I can’t support you on proxy issues

christoph.jahn2 · March 22, 2023, 12:23pm

We are facing the same issue from JS. Could you please indicate a person who could support us to solve this?

hans.ferchland · March 24, 2023, 8:27am

Hello Christoph,

the forum is a place where users can help users. We try to answer as many questions as we can, but we are a small team and do not off any dedicated development support. We maintain our documentation page and have several samples.

If you have an issue with the cerificates broken, it is most likely due to a corporate proxy. We cannot do anything in this case.

To give a working example (tested without a corporate proxy):

import * as tus from 'tus-js-client'

const file = ...

const metadata = {
  fileName: "my-file",
  directoryId: "target-dir-uuid",
  authorization: `Token <ACCESSTOKEN>`
}

const upload = new tus.Upload(file, {
  endpoint: `https://upload.pantaris.io/files/`,
  // Metadata (directoryId, fileName and authorization)
  metadata: metadata,
  // Make sure to use the cookie header
  onBeforeRequest: function (req) {
    const xhr = req.getUnderlyingObject()
    xhr.withCredentials = true
  },
  onError: function (error) {
    console.error(error)
  },
})

upload.start()

If you have certificate errors you may have to set NODE_TLS_REJECT_UNAUTHORIZED to '0': Command-line API | Node.js v19.8.1 Documentation - but this is discouraged and may only used for testing. In order to fix it correctly you would have to add the certificate authority (CA) of your corporate proxy to the known CAs in the system making the requests.

fixed-term.louis · March 24, 2023, 9:46am

Hey ! Here is how we solved the problem : two point were missing :

first I had two specify my proxy variables inside my code : it is the env variables HTTP_PROXY and HTTPS_PROXY (in windows)
I had also to execute my script in a corporate approved environment : in my case it was anaconda. If you don’t do this, you may not have access to your corporate’s certificate, which will result in an SSL error.

I hope this will help