Skip to content

HTTP SSL Verification flag not passed to SpooledSegment class which fails HTTP requests #543

New issue
New issue
Open
Open
HTTP SSL Verification flag not passed to SpooledSegment class which fails HTTP requests#543
@JustinObanor

Description

@JustinObanor
JustinObanor
opened on Mar 28, 2025

Expected behavior

SSL Verification flag set to False when initialising a connection to Trino is used in HTTP requests for spooled segments.

Actual behavior

SSL Verification flag set to False when initialising a connection to Trino is not passed to HTTP requests for spooled segments and therefore fails with HTTP SSL errors

Steps To Reproduce

Configure Trino spooling manager properties

[trino@trino-0 /]$ cat /etc/trino/spooling-manager.properties
spooling-manager.name=filesystem
fs.gcs.enabled=true
fs.location=gs://xyz-base-trino-1/spooling-segments/product

Configure Trino to use Spooling

[trino@trino-0 /]$ cat /etc/trino/config.properties
...TRUNCATED...
protocol.spooling.enabled=true
protocol.spooling.shared-secret-key=<secret-key>
protocol.spooling.retrieval-mode=COORDINATOR_STORAGE_REDIRECT

Initialise a connection to Trino

from trino.dbapi import connect
from xyzplatform.sql import xyzTrinoAuth
import logging
import warnings
import requests

logging.basicConfig()
logging.getLogger().setLevel(logging.DEBUG)

session = requests.Session()
session.verify = False

conn = connect(
    http_scheme="https",
    host="trino.trino",
    port=443,
    catalog="hive",
    schema="tpcds_europe_west1_1000",
    verify=False,
    auth=xyzTrinoAuth(),
    encoding="json+zstd",
    http_session=session,
)

Make a request

warnings.filterwarnings(
    "ignore", message=f"Unverified HTTPS request is being made to host https"
    )

cur = conn.cursor()
cur.execute("SELECT * FROM hive.tpcds_europe_west1_1000.date_dim")
rows = cur.fetchall()

With a debug session, we see Verify is False, which is correct
Image

But right before we make a request to send_spooling_segment, Verify is True, which wasn't expected
Image

Log output

STORAGE mode

ERROR:trino.client:Failed to acknowledge spooling request for segment SpooledSegment(metadata={'segmentSize': 151242, 'uncompressedSize': 1261742, 'rowsCount': 7514, 'expiresAt': '2025-03-29T02:30:56.641', 'rowOffset': 65535}): HTTPSConnectionPool(host='trino.trino-product-primary', port=443): Max retries exceeded with url: /v1/spooled/ack/BknNfrjG9rI6GsNoAlSOKB9yZ6zxt-SyPySruC9HMHI= (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1006)')))

COORDINATOR_STORAGE_REDIRECT mode

INFO:trino.client:failed after 3 attempts
Traceback (most recent call last):
  File "/opt/conda/envs/python3/lib/python3.11/site-packages/trino/client.py", line 1222, in __next__
    return next(self._rows)
           ^^^^^^^^^^^^^^^^
StopIteration
....TRUNCATED....
  File "/opt/conda/envs/python3/lib/python3.11/site-packages/trino/client.py", line 1226, in __next__
    self._load_next_segment()
  File "/opt/conda/envs/python3/lib/python3.11/site-packages/trino/client.py", line 1239, in _load_next_segment
    self._rows = iter(self._decoder.decode(self._current_segment.segment))
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/conda/envs/python3/lib/python3.11/site-packages/trino/client.py", line 1254, in decode
    return self._decoder.decode(spooled_data.data, spooled_data.metadata)
                                ^^^^^^^^^^^^^^^^^
  File "/opt/conda/envs/python3/lib/python3.11/site-packages/trino/client.py", line 1134, in data
    http_response = self._send_spooling_request(self.uri)
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/conda/envs/python3/lib/python3.11/site-packages/trino/client.py", line 1168, in _send_spooling_request
    return self._request._get(uri, headers=headers_with_single_value, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
....TRUNCATED....
  File "/opt/conda/envs/python3/lib/python3.11/site-packages/requests/adapters.py", line 698, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='trino.trino-product-primary', port=443): Max retries exceeded with url: /v1/spooled/download/8lBbwpZIUaXfOYFoXbcdCR9yZ6zxt-SyPySruC9HMHI= (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1006)')))

Operating System

PRETTY_NAME="Ubuntu 22.04.5 LTS" NAME="Ubuntu" VERSION_ID="22.04" VERSION="22.04.5 LTS (Jammy Jellyfish)"

Trino Python client version

0.333.0

Trino Server version

472

Python version

Python 3.11.11

Are you willing to submit PR?

  • Yes I am willing to submit a PR!

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions