[jira] [Comment Edited] (IMPALA-14452) Impala shell with hs2-http + certificate does not work on Python 3.12

Michael Smith (Jira) Fri, 17 Oct 2025 12:11:45 -0700


    [ 
https://issues.apache.org/jira/browse/IMPALA-14452?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18028476#comment-18028476
 ]


Michael Smith edited comment on IMPALA-14452 at 10/8/25 11:54 PM:
------------------------------------------------------------------

It turns out all of 
[https://github.com/apache/impala/blob/master/shell/impala_shell/TSSLSocketWithWildcardSAN.py#L63-L170]
 has been ignored since we moved to Thrift 0.16. It started relying on OpenSSL 
for cert validation. Which used {{ssl.match_hostname}} when it was available, 
but that's gone in Python 3.12 so it falls back to {{legacy_validate_callback}} 
(which is the method we original needed to override). Looking into what we 
should be using in Python 3.12, since providing our own implementation seems 
like a regression.


was (Author: JIRAUSER288956):
It turns out all of 
[https://github.com/apache/impala/blob/master/shell/impala_shell/TSSLSocketWithWildcardSAN.py#L63-L170]
 has been ignored since we moved to Thrift 0.16. It started relying on OpenSSL 
for cert validation. Which hopefully works, since our tests passed, but doesn't 
seem to like our certs with Python 3.12/OpenSSL 3.0.

> Impala shell with hs2-http + certificate does not work on Python 3.12
> ---------------------------------------------------------------------
>
>                 Key: IMPALA-14452
>                 URL: https://issues.apache.org/jira/browse/IMPALA-14452
>             Project: IMPALA
>          Issue Type: Bug
>          Components: Clients
>            Reporter: Csaba Ringhofer
>            Assignee: Michael Smith
>            Priority: Major
>
> {code}
> impala-shell --ssl --protocol=hs2-http 
> --ca_cert=be/src/testutil/wildcardCA.pem
> Starting Impala Shell with no authentication using Python 3.12.9
> 2025-09-18 18:31:02 [Exception] Error connectingTypeError 
> HTTPSConnection.__init__() got an unexpected keyword argument 'key_file'
> {code}
> The same issue came up in Thrift and in impyla:
> THRIFT-5847
> https://github.com/cloudera/impyla/issues/529



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Comment Edited] (IMPALA-14452) Impala shell with hs2-http + certificate does not work on Python 3.12

Reply via email to