Python 3.13.7 compatibility issue

[omron93]

napalm library finally supports python 3.13 (napalm-automation/napalm#2137). When I try napalm srl driver with python 3.13.7 and napalm 5.0.1 I'm getting this failure.

Is there some known compatibility issue? or some different configuration is needed?

We're using following optional_args for the driver.

{
            'gnmi_port': config.get('gnmi_port', 57400),
            'jsonrpc_port': config.get('jsonrpc_port', 57401),
            'tls_ca': tls_ca,
            'tls_cert': tls_cert,
            'tls_key': tls_key,
            'commit_save': True,
            'use_exclusive_candidate': True,
            'running_format': 'cli',
            'encoding': 'JSON_IETF'})
}

WARNING:root:Enabled TLS ciphers: TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES256-SHA
WARNING:root:Non-default JSON RPC port configured (57401), typically only 443(default) or 80 are used
NAPALM didn't catch this exception. Please, fill a bugfix on https://github.com/napalm-automation/napalm/issues
Don't forget to include this traceback.
Traceback (most recent call last):
  File "/home/marek/.conda/envs/napalmcli-marek/lib/python3.13/site-packages/urllib3/connectionpool.py", line 464, in _make_request
    self._validate_conn(conn)
    ~~~~~~~~~~~~~~~~~~~^^^^^^
  File "/home/marek/.conda/envs/napalmcli-marek/lib/python3.13/site-packages/urllib3/connectionpool.py", line 1093, in _validate_conn
    conn.connect()
    ~~~~~~~~~~~~^^
  File "/home/marek/.conda/envs/napalmcli-marek/lib/python3.13/site-packages/urllib3/connection.py", line 790, in connect
    sock_and_verified = _ssl_wrap_socket_and_match_hostname(
        sock=sock,
    ...<14 lines>...
        assert_fingerprint=self.assert_fingerprint,
    )
  File "/home/marek/.conda/envs/napalmcli-marek/lib/python3.13/site-packages/urllib3/connection.py", line 969, in _ssl_wrap_socket_and_match_hostname
    ssl_sock = ssl_wrap_socket(
        sock=sock,
    ...<8 lines>...
        tls_in_tls=tls_in_tls,
    )
  File "/home/marek/.conda/envs/napalmcli-marek/lib/python3.13/site-packages/urllib3/util/ssl_.py", line 480, in ssl_wrap_socket
    ssl_sock = _ssl_wrap_socket_impl(sock, context, tls_in_tls, server_hostname)
  File "/home/marek/.conda/envs/napalmcli-marek/lib/python3.13/site-packages/urllib3/util/ssl_.py", line 524, in _ssl_wrap_socket_impl
    return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
           ~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/marek/.conda/envs/napalmcli-marek/lib/python3.13/ssl.py", line 455, in wrap_socket
    return self.sslsocket_class._create(
           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~^
        sock=sock,
        ^^^^^^^^^^
    ...<5 lines>...
        session=session
        ^^^^^^^^^^^^^^^
    )
    ^
  File "/home/marek/.conda/envs/napalmcli-marek/lib/python3.13/ssl.py", line 1076, in _create
    self.do_handshake()
    ~~~~~~~~~~~~~~~~~^^
  File "/home/marek/.conda/envs/napalmcli-marek/lib/python3.13/ssl.py", line 1372, in do_handshake
    self._sslobj.do_handshake()
    ~~~~~~~~~~~~~~~~~~~~~~~~~^^
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Missing Authority Key Identifier (_ssl.c:1032)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/marek/.conda/envs/napalmcli-marek/lib/python3.13/site-packages/urllib3/connectionpool.py", line 787, in urlopen
    response = self._make_request(
        conn,
    ...<10 lines>...
        **response_kw,
    )
  File "/home/marek/.conda/envs/napalmcli-marek/lib/python3.13/site-packages/urllib3/connectionpool.py", line 488, in _make_request
    raise new_e
urllib3.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Missing Authority Key Identifier (_ssl.c:1032)

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/home/marek/.conda/envs/napalmcli-marek/lib/python3.13/site-packages/requests/adapters.py", line 644, in send
    resp = conn.urlopen(
        method=request.method,
    ...<9 lines>...
        chunked=chunked,
    )
  File "/home/marek/.conda/envs/napalmcli-marek/lib/python3.13/site-packages/urllib3/connectionpool.py", line 841, in urlopen
    retries = retries.increment(
        method, url, error=new_e, _pool=self, _stacktrace=sys.exc_info()[2]
    )
  File "/home/marek/.conda/envs/napalmcli-marek/lib/python3.13/site-packages/urllib3/util/retry.py", line 519, in increment
    raise MaxRetryError(_pool, url, reason) from reason  # type: ignore[arg-type]
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='edge1-xd2-dev2.linx.net', port=57401): Max retries exceeded with url: /jsonrpc (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Missing Authority Key Identifier (_ssl.c:1032)')))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/marek/.conda/envs/napalmcli-marek/bin/pysrl", line 7, in <module>
    sys.exit(srl())
             ~~~^^
  File "/home/marek/.conda/envs/napalmcli-marek/lib/python3.13/site-packages/napalmcli/command_line.py", line 305, in srl
    main()
    ~~~~^^
  File "/home/marek/.conda/envs/napalmcli-marek/lib/python3.13/site-packages/napalmcli/command_line.py", line 20, in wrapper
    func()
    ~~~~^^
  File "/home/marek/.conda/envs/napalmcli-marek/lib/python3.13/site-packages/napalmcli/command_line.py", line 262, in main
    device.discard_config()
    ~~~~~~~~~~~~~~~~~~~~~^^
  File "/home/marek/.conda/envs/napalmcli-marek/lib/python3.13/site-packages/napalm_srl/srl.py", line 2324, in discard_config
    output = self.device._jsonrpcRunCli(cmds)
  File "/home/marek/.conda/envs/napalmcli-marek/lib/python3.13/site-packages/napalm_srl/srl.py", line 2567, in _jsonrpcRunCli
    return self._jsonrpcPost(data)
           ~~~~~~~~~~~~~~~~~^^^^^^
  File "/home/marek/.conda/envs/napalmcli-marek/lib/python3.13/site-packages/napalm_srl/srl.py", line 2603, in _jsonrpcPost
    resp = self.jsonrpc_session.post(geturl, headers=headers, json=json_data,
                               timeout=timeout if timeout else self.timeout,
                               auth=(self.username, self.password), cert=cert,
                               verify=False if self.skip_verify else self.tls_ca)
  File "/home/marek/.conda/envs/napalmcli-marek/lib/python3.13/site-packages/requests/sessions.py", line 637, in post
    return self.request("POST", url, data=data, json=json, **kwargs)
           ~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/marek/.conda/envs/napalmcli-marek/lib/python3.13/site-packages/requests/sessions.py", line 589, in request
    resp = self.send(prep, **send_kwargs)
  File "/home/marek/.conda/envs/napalmcli-marek/lib/python3.13/site-packages/requests/sessions.py", line 703, in send
    r = adapter.send(request, **kwargs)
  File "/home/marek/.conda/envs/napalmcli-marek/lib/python3.13/site-packages/requests/adapters.py", line 675, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='edge1-xd2-dev2.linx.net', port=57401): Max retries exceeded with url: /jsonrpc (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Missing Authority Key Identifier (_ssl.c:1032)')))

[hellt]

I think this invites you to the rabbit hole with certs openssl/openssl#28391 python/cpython#138193