stackoom
  简体   繁体   中英

TLS Handshake Error while calling Google Vision API

 原文  2021-11-08 14:47:27       python/ dns/ google-cloud-vision

Question

We are trying to deploy a codebase in corporate/enterprise network. This code was working fine in open internet network but not in corporate/enterprise network

We get the following error google.api_core.exceptions.ServiceUnavailable: 503 failed to connect to all addresses

We use Python v3.8

Note: The API call from a rest client such as Postman is successful from the same corporate/enterprise network

Tried enabling debug, it throws an error

Are we missing something, i dont see any port issue as the same url and port is accessible from REST Client/postman app successfully and getting correct response.

from __future__ import print_function
from google.cloud import vision
import os

os.environ['http_proxy'] = "http://internalproxyserver.com:8080"
os.environ['https_proxy'] = "http://internalproxyserver.com:8080"
# os.environ['GRPC_DNS_RESOLVER'] = 'native'
# os.environ["GRPC_TRACE"] = "api,client_channel_routing,cares_resolver,transport_security,tsi"
# os.environ["GRPC_VERBOSITY"] = "debug"
os.environ['GOOGLE_APPLICATION_CREDENTIALS'] = r"C:\abc.json"
content = b'iVBORw0KGgoAAAANSUhEUgAAAGQAAAAZCAYAAADHXotLAAAABmJLR0QA/wD/AP+gvaeTAAAACXBIWXMAAAsTAAALEwEAmpwYAAAENElEQVRo3u1ay0u6Sxh+PjWzLI0vxRZWdCEqughGCbWxVu2jG7WIdm3CRYuoP6CoKLpA0CYIg6hNQRTYoqhlBQVBFF1Nu2lmRqBl71n9Bj1mxzodz89zvgcGZuad533Hefzme2eUIyKCgN8GImEJBEEECIIIgggQBBEEYRgcHATHcSFlZGSEjdHpdB+OcTgcYfkfFYPB8GlMjuMgl8tRXFyMnp4ePD4+hp231+vF0NAQysvLoVQqIZfLUVRUhN7eXrhcrn9HEfoBDA8PE4CQMjY2xsbo9foQu0gkIqfTSWazmXie/9DHn0tFRQURUcScrKwsstlsIXO22WxUWFgYlqfRaGh3d5eiDfyUo9PTU0pKSiIAxPM8nZ2dBdl9Ph9NTk6yD9zU1ERutztojFKpZPzNzc2g0tbWFiTIZ5z5+XkyGAwsVmNjYxDH6/VSSUkJs7e0tNDS0hKtrq6SyWQiiURCAEilUpHdbo9NQQIXR6PRfGhfWVlhi9DZ2fkl/vj4OMnlcjIajRFxHh4eSKFQEABKSEig19dXZuvr62Pz6OrqCok1PT0d9MURBAnD/2rMwKfk7u6O9aenpxMAkslk5HA4Qnjv7++Um5tLAEgsFtP19XXUBPnPZllEhJubGwBAQkICeJ4HABwfH8NqtQIAqqurkZqaGsLlOA4NDQ0AAL/fj42NjajNW/JPOPX5fFhfXw/p39/fj4h/e3sLjuOC+mpqarC2thYR/+7uDoODgzg/PwcAtLe3QywWAwBOTk7YuIyMjLA+MjMzWT2QE5OCuFwuGI3GqD4RH4kIAC0tLRgaGmJtj8fD6iqVKqw/tVrN6k9PT7EtyN8Fz/NYXFwM6ktJSfmyH7FYDI7j8PLyAqlUCgBITk5mdofDEZZ7f3/P6gqFIrYF0Wg0bP8OxOrqKmpra/+SHxcXh6qqqm+L+Pz8jJmZGczOzmJmZgZOpxPLy8sAgJycHMa5uLgI6y/Qlp2dHVsHw98xy/L7/ZSfn/9hlqXVagkAxcfHh82y8vLyhCzrM0xNTUEmk6GysjKyOyGRCKWlpaxts9lYvaOjg12d9Pf3h3BnZ2dxdHQEAKirq0NaWtr/+x3y+vqKra2toL6dnR14vV54vd6I/QS+L+x2O3Q6HQDAZDLBbDbj4OAAAwMDuL6+Rn19PaRSKSwWC0ZHR9k2GJgQxMyWNTc3x7aBXyU9PZ0WFhbYmNbWVna1AoAkEgmVlpaS2+0ms9lMKpUqorssvV4fccyJiQlmS05OJovFwmxWq5UKCgrCxlGr1bS9vR31u6wf2bIuLy9xdXUV1Ge1WtkB7NcZ5Pn5mbXf3t6wt7cHn88Hu93+acbz3ZhtbW1obm6GUqmEx+MJSjS0Wi12d3cxMDCAsrIyJCUlITExEYWFheju7sbh4SH0en3UdwdO+JOD8AOVAEEQQRAB38QfQtVPbkCRvTgAAAAASUVORK5CYII='

image = vision.Image(content=content)

client = vision.ImageAnnotatorClient()
texts = client.text_detection(image=image).text_annotations

for text in texts:
    print('\n"{}"'.format(text.description))

Excerpt from debug log

I1108 20:09:43.273000000 10292 src/core/tsi/ssl_transport_security.cc:223]      HANDSHAKE START -       TLS client start_connect  - !!!!!!
I1108 20:09:43.280000000 10292 src/core/tsi/ssl_transport_security.cc:223]                 LOOP -    TLS client enter_early_data  - !!!!!!
I1108 20:09:43.286000000 10292 src/core/tsi/ssl_transport_security.cc:223]                 LOOP -   TLS client read_server_hello  - !!!!!!
I1108 20:09:43.296000000 10292 src/core/ext/filters/client_channel/http_connect_handshaker.cc:329] Connecting to server vision.googleapis.com:443 via HTTP proxy ipv4:172.17.0.5:8080
I1108 20:09:43.476000000 10292 src/core/lib/surface/completion_queue.cc:977] grpc_completion_queue_next(cq=000001F89F023B40, deadline=gpr_timespec { tv_sec: 1636382383, tv_nsec: 676000000, clock_type: 1 }, reserved=0000000000000000)
I1108 20:09:43.521000000 10292 src/core/tsi/ssl_transport_security.cc:223]                 LOOP - TLS client read_server_certifi  - !!!!!!
I1108 20:09:43.554000000 10292 src/core/tsi/ssl_transport_security.cc:223]                 LOOP - TLS client read_certificate_st  - !!!!!!
I1108 20:09:43.565000000 10292 src/core/tsi/ssl_transport_security.cc:223]                 LOOP - TLS client verify_server_certi  - !!!!!!
E1108 20:09:43.581000000 10292 src/core/tsi/ssl_transport_security.cc:1439] Handshake failed with fatal error SSL_ERROR_SSL: error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED.
D1108 20:09:43.594000000 10292 src/core/lib/security/transport/security_handshaker.cc:184] Security handshake failed: {"created":"@1636382383.594000000","description":"Handshake failed","file":"src/core/lib/security/transport/security_handshaker.cc","file_line":307,"tsi_code":10,"tsi_error":"TSI_PROTOCOL_FAILURE"}
I1108 20:09:43.614000000 10292 src/core/ext/filters/client_channel/subchannel.cc:1073] Connect failed: {"created":"@1636382383.594000000","description":"Handshake failed","file":"src/core/lib/security/transport/security_handshaker.cc","file_line":307,"tsi_code":10,"tsi_error":"TSI_PROTOCOL_FAILURE"}
I1108 20:09:43.627000000 10292 src/core/ext/filters/client_channel/client_channel.cc:1070] chand=000001F8A00D86D8: connectivity change for subchannel wrapper 000001F8A03C4C50 subchannel 000001F8A0213AD0; hopping into work_serializer

1 answers

solution1
 0  2021-11-09 17:14:47

This type of error is usually encountered due to a number of reasons, including the following:

  • reset reason: connection failure If you receive HTTP code 503 or gRPC code 14 and the message upstream connect error or disconnect/reset before headers. reset reason: connection failure, this indicates that ESPv2 can't reach the service's backend. To troubleshoot, double check the items below.

  • Error code 502 or 503 App Engine may take a few minutes to respond successfully to requests. If you send a request and get back an HTTP 502, 503, or some other server error, wait a minute and try the request again.

  • Networking configurations and any proxy that can cause the handshake to fail.

  • Antivirus , firewalls, or any other software that are preventing the traffic.

  • Corporate certificates are being used.

You can see more possible errors .

Depending on the situation, you can check your proxy and ensure that traffic/connections to accounts.google.com are allowed for authorization. To use corporate certificates , it is necessary to append your corporate certificate to google-cloud-sdk/lib/third_party/httplib2/cacerts.txt to allow connections from Google cloud.

Another solution could be to turn certificate verification off, by:

Set PYTHONHTTPSVERIFY environment variable to 0. For example, run

export PYTHONHTTPSVERIFY=0
python your_script

Or

PYTHONHTTPSVERIFY=0 python your_script

Alternatively, you can add this to your code before doing the https request

import os, ssl
if (not os.environ.get('PYTHONHTTPSVERIFY', '') and
getattr(ssl, '_create_unverified_context', None)):
ssl._create_default_https_context = ssl._create_unverified_context

You can see more documentation here .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Google Vision API Error Code PyCURL: TLS Handshake Error Google Api Vision, "before_request" error Calling Google cloud Vision API's on numpy matrices Getting KeyError: 'Endpoint' error in Python when calling Custom Vision API error while calling google api from python command line Error running Google's Cloud Vision API Example (Face Detection) Google Cloud Vision API error "Invalid language hints." Google Vision API and language detection Google Cloud Vision API - Python
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM