PYTHON-5414 Fix "module service_identity has no attribute SICertificateError" when using pyopenssl #2382
+3 −3
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
When there is a mistake in the certificates configuration, PyMongo would give the following error: ``` pymongo.errors.ServerSelectionTimeoutError: module service_identity has no attribute SICertificateError, Timeout: 30s, Topology Description: <…> ``` Because the `except` block expected non-existing errors, the error gets transformed to "module … has no attribute …". The errors in the `service_identity` have never had the `SI` prefix: https://github.com/pyca/service-identity/blob/18.1.0/src/service_identity/exceptions.py It looks like the errors were imported with an alias before, but this aliasing was (only partially) removed when rewriting to lazy imports in this commit: mongodb@42a08c4#diff-b277a2f4cfbb5decab333d0b90a08a4ad64b91fb1691ed8412b15949d1aaceee The lazy imports were removed again in this commit, but the error remained: mongodb@49987e6#diff-b277a2f4cfbb5decab333d0b90a08a4ad64b91fb1691ed8412b15949d1aaceee Most likely, the `# type: ignore[misc]` comment can now also be removed.
ShaneHarvey changed the title 
| Thanks for the detailed report and fix! It looks good to me but I'm going to see if I can add a regression test before merging. |
| Sounds good, thanks! If it helps coming up with the test: in the end, I had two mistakes in my configuration, I forgot which one triggered this code path (maybe it was both):
|
ShaneHarvey approved these changes Jun 12, 2025
| I see that the regression test will be added in #2385 🙂 Thanks for merging! 😄 ❤️ |
ShaneHarvey pushed a commit to ShaneHarvey/mongo-python-driver that referenced this pull request Jun 13, 2025
…teError" when using pyopenssl (mongodb#2382) (cherry picked from commit c2aefc2)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Add this suggestion to a batch that can be applied as a single commit. This suggestion is invalid because no changes were made to the code. Suggestions cannot be applied while the pull request is closed. Suggestions cannot be applied while viewing a subset of changes. Only one suggestion per line can be applied in a batch. Add this suggestion to a batch that can be applied as a single commit. Applying suggestions on deleted lines is not supported. You must change the existing code in this line in order to create a valid suggestion. Outdated suggestions cannot be applied. This suggestion has been applied or marked resolved. Suggestions cannot be applied from pending reviews. Suggestions cannot be applied on multi-line comments. Suggestions cannot be applied while the pull request is queued to merge. Suggestion cannot be applied right now. Please check back later.
When there is a mistake in the certificates configuration, PyMongo would give the following error:
Because the
exceptblock expected non-existing errors, the error gets transformed to "module … has no attribute …". The errors in theservice_identityhave never had theSIprefix:https://github.com/pyca/service-identity/blob/18.1.0/src/service_identity/exceptions.py
It looks like the errors were imported with an alias before, but this aliasing was (only partially) removed when rewriting to lazy imports in this commit:
42a08c4#diff-b277a2f4cfbb5decab333d0b90a08a4ad64b91fb1691ed8412b15949d1aaceee
The lazy imports were removed again in this commit, but the error remained:
49987e6#diff-b277a2f4cfbb5decab333d0b90a08a4ad64b91fb1691ed8412b15949d1aaceee
After changing the expected errors manually in my virtual environment, the error I received earlier turned into this, so I could continue debugging my certificates configuration:
Most likely, the
# type: ignore[misc]comment can now also be removed (but I have not set up this repository for development on my machine, so I'll let the automated checks be the judge of that).