Connecting to Snowflake not working with the newest version, possible asn1crypto incompatibility

[vikkulat]

Please answer these questions before submitting your issue. Thanks!

1. What version of Python are you using (python --version)?
   Python 3.7.4

2. What operating system and processor architecture are you using (python -c 'import platform; print(platform.platform())')?
   Linux-4.14.47-64.38.amzn2.x86_64-x86_64-with-glibc2.2.5

3. What are the component versions in the environment (pip list)?

Package                    Version  
-------------------------- ---------
asn1crypto                 1.0.0    
atomicwrites               1.3.0    
attrs                      19.2.0   
azure-common               1.1.23   
azure-storage-blob         2.1.0    
azure-storage-common       2.1.0    
boto3                      1.9.241  
botocore                   1.12.241 
certifi                    2019.9.11
cffi                       1.12.3   
chardet                    3.0.4    
cryptography               2.7      
docutils                   0.15.2   
future                     0.17.1   
idna                       2.8      
ijson                      2.5.1    
importlib-metadata         0.23     
jmespath                   0.9.4    
more-itertools             7.2.0    
numpy                      1.17.2   
packaging                  19.2     
pip                        9.0.3    
pluggy                     0.13.0   
py                         1.8.0    
pyarrow                    0.14.1   
pycparser                  2.19     
pycryptodomex              3.9.0    
PyJWT                      1.7.1    
pyOpenSSL                  19.0.0   
pyparsing                  2.4.2    
pytest                     5.2.0    
pytest-html                2.0.0    
pytest-metadata            1.8.0    
python-dateutil            2.8.0    
pytz                       2019.2   
PyYAML                     5.1.2    
requests                   2.22.0   
s3transfer                 0.2.1    
setuptools                 38.4.0   
six                        1.12.0   
snowflake                  0.0.3    
snowflake-connector-python 2.0.0    
sqlparse                   0.3.0    
urllib3                    1.25.6   
watchtower                 0.7.3    
wcwidth                    0.1.7    
zipp                       0.6.0  

4. What did you do?
   Try to connect to Snowflake from a Python program using the python Snowflake connector. The program worked fine until updating the latest version of the connector library

5. What did you expect to see?
   To be able to connect to Snowflake using the Python connector

6. What did you see instead?

We got this trace:

[2019-10-03 06:58:40,137] 22853 ERROR snowflake.connector.network:_request_exec_wrapper:666 - 'APIException' object has no attribute 'errno'
Traceback (most recent call last):
File "/home/ec2-user/.local/lib/python3.7/site-packages/snowflake/connector/ocsp_snowflake.py", line 1131, in validate_by_direct_connection
self.process_ocsp_response(issuer, cert_id, ocsp_response)
File "/home/ec2-user/.local/lib/python3.7/site-packages/snowflake/connector/ocsp_asn1crypto.py", line 280, in process_ocsp_response
tbs_response_data)
File "/home/ec2-user/.local/lib/python3.7/site-packages/snowflake/connector/ocsp_asn1crypto.py", line 316, in verify_signature
pubkey = cert.public_key.unwrap().dump()
File "/home/ec2-user/.local/lib/python3.7/site-packages/asn1crypto/keys.py", line 1065, in unwrap
'asn1crypto.keys.PublicKeyInfo().unwrap() has been removed, '
asn1crypto._errors.APIException: asn1crypto.keys.PublicKeyInfo().unwrap() has been removed, please use oscrypto.asymmetric.PublicKey().unwrap() instead

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/home/ec2-user/.local/lib/python3.7/site-packages/snowflake/connector/network.py", line 790, in _request_exec
auth=SnowflakeAuth(token),
File "/home/ec2-user/.local/lib/python3.7/site-packages/botocore/vendored/requests/sessions.py", line 465, in request
resp = self.send(prep, **send_kwargs)
File "/home/ec2-user/.local/lib/python3.7/site-packages/botocore/vendored/requests/sessions.py", line 573, in send
r = adapter.send(request, **kwargs)
File "/home/ec2-user/.local/lib/python3.7/site-packages/botocore/vendored/requests/adapters.py", line 370, in send
timeout=timeout
File "/home/ec2-user/.local/lib/python3.7/site-packages/botocore/vendored/requests/packages/urllib3/connectionpool.py", line 544, in urlopen
body=body, headers=headers)
File "/home/ec2-user/.local/lib/python3.7/site-packages/botocore/vendored/requests/packages/urllib3/connectionpool.py", line 341, in _make_request
self._validate_conn(conn)
File "/home/ec2-user/.local/lib/python3.7/site-packages/botocore/vendored/requests/packages/urllib3/connectionpool.py", line 761, in _validate_conn
conn.connect()
File "/home/ec2-user/.local/lib/python3.7/site-packages/botocore/vendored/requests/packages/urllib3/connection.py", line 238, in connect
ssl_version=resolved_ssl_version)
File "/home/ec2-user/.local/lib/python3.7/site-packages/snowflake/connector/ssl_wrap_socket.py", line 395, in ssl_wrap_socket_with_ocsp
).validate(server_hostname, ret.connection)
File "/home/ec2-user/.local/lib/python3.7/site-packages/snowflake/connector/ocsp_snowflake.py", line 996, in validate
return self._validate(hostname, cert_data, telemetry_data, do_retry, no_exception)
File "/home/ec2-user/.local/lib/python3.7/site-packages/snowflake/connector/ocsp_snowflake.py", line 1002, in _validate
cert_data, telemetry_data, hostname, do_retry=do_retry)
File "/home/ec2-user/.local/lib/python3.7/site-packages/snowflake/connector/ocsp_snowflake.py", line 1184, in _validate_certificates_sequential
issuer, subject, telemetry_data, hostname, do_retry=do_retry)
File "/home/ec2-user/.local/lib/python3.7/site-packages/snowflake/connector/ocsp_snowflake.py", line 1153, in validate_by_direct_connection
err = self.verify_fail_open(ex, telemetry_data)
File "/home/ec2-user/.local/lib/python3.7/site-packages/snowflake/connector/ocsp_snowflake.py", line 1166, in verify_fail_open
if ex_obj.errno is ER_SERVER_CERTIFICATE_REVOKED:
AttributeError: 'APIException' object has no attribute 'errno'

We assume this might be due to asn1crypto library recently updating to 1.0.0 and snowflake-connector-python library might not have compatibility to this new version.

We tried this with asn1crypto version 0.24.0 and this worked fine

[paulpmi]

reverted the library to 0.24.0

CPython version working fine.
Pypy version contiues to retry the connection and ending with: snowflake.connector.errors.InternalServerError: HTTP 500: Internal Server Error

[erikselin]

@vikkulat I opened #208 yesterday for this same reason. Locking asn2crypto to 0.24.0. I'm trying to get a 1.9.1 release in that patch with the fix since I thought that this issue only exists in 1.* versions of the snowflake connector. But it seems this is an issue in 2.0.0 as well?

[smtakeda]

We'll patch this in 2.0.1

[nehiljain]

snowflake-sqlalchemy (https://github.com/snowflakedb/snowflake-sqlalchemy) is also broken because of this.

https://github.com/snowflakedb/snowflake-sqlalchemy/blob/master/setup.py#L37

[smtakeda]

#210 has the fix.

[whitelynx]

According to the asn1crypto v1.0.0 changelog, it looks like they moved these functions into oscrypto:

• keys.PublicKeyInfo().unwrap() is now oscrypto.asymmetric.PublicKey().unwrap()

[smtakeda]

yes, I found the solution and am checking with the author: wbond/asn1crypto#154

[smtakeda]

Closing this for the patch. Will work on proper fix later.