PyKX TLS Mode with company CA

mauricemoore · September 1, 2023, 12:00am

https://learninghub.kx.com/forums/topic/pykx-tls-mode-with-company-ca

Hi,

Is it possible to use an internal company CA file with PyKX?

From an ordinary q session, it's possible to connect to a TLS enabled kdb server as long as env variable SSL_CA_CERT_FILE is set, and an openssl library is accessible.;

h:hopen`$":tcps://..."

I was hoping this would also work for PyKX IPC but I've had no luck so far.

Thanks

cmccarthy1 · September 4, 2023, 12:00am

Hi,

This should work, could you provide the error that you’re seeing when attempting to initialise the connection?

There are multiple IPC connection types with PyKX, my suggestion would be that for TLS enabled IPC you make use of the SecureQConnection class documented here

If this does not work a minimal code example would be extremely helpful.

mauricemoore · September 11, 2023, 12:00am

Thanks for providing this command - pykx.ssl_info()

It seems the issue is on my side and related to the openssl library

>>> pykx.ssl_info()
Traceback (most recent call last):
File "", line 1, in 
File "pykx\_ipc.pyx", line 74, in pykx._ipc.ssl_info
File "pykx\_ipc.pyx", line 79, in pykx._ipc.ssl_info
File "pykx\_wrappers.pyx", line 493, in pykx._wrappers.factory
pykx.exceptions.QError: Could not initialize openssl. Error was The specified module could not be found.

But it seems my openssl set up is okay;

>>> os.system('openssl version') 
OpenSSL 3.1.1 30 May 2023 (Library: OpenSSL 3.1.1 30 May 2023)
0
>>>

I’ll update the thread if I find the issue on my side.

Thanks.

mauricemoore · September 6, 2023, 12:00am

Hi,

Thanks for replying, I’m guessing it does not know where my company CA certificate is by default;

>>> q = pykx.SecureQConnection(host = machineX, port = portX, username = userX, password = passwX, tls = True)
Traceback (most recent call last):
File "", line 1, in 
File "C:UsersmmoorePycharmProjectsNodeJsvenvlibsite-packagespykxipc.py", line 1971, in __init__
self._init(host,
File "C:UsersmmoorePycharmProjectsNodeJsvenvlibsite-packagespykxipc.py", line 383, in _init
raise PyKXException(self._ipc_errors.get(self._handle, 'Unknown IPC error'))
pykx.exceptions.PyKXException: OpenSSL initialization failed

rocuinneagain · September 7, 2023, 12:00am

If you have a q process which is able to use TLS then you can compare the output of it’s -26! with the output of pykx.ssl_info in Python. This often shows what differences are causing the problems.

Topic		Replies	Views
PyKX TLS Mode with company CA Community Support pykx	4	0	September 11, 2023
Building REST API KDB - Issues setting up SSL-TLS Community Support imported , kdb-and-q	3	1	September 6, 2021
how does a client server make connection to TLS enabled KDB server? Community Support kdb-and-q	3	0	August 11, 2023
Adding CA Cert when using KDB+ Studio Community Support kdb-and-q	3	0	June 5, 2019
how does a client server make connection to TLS enabled KDB server? Community Support imported , kdb-and-q	3	0	August 11, 2023

PyKX TLS Mode with company CA

Related topics