Python Pyopenssl


TLS with SNI-support for Python 2. Follow these instructions if you wouldlike to verify TLS certificates in Python 2. Note, the default libraries donot do certificate checking; you need to do additional work to validatecertificates yourself.

PyOpenSSL is a rather thin wrapper around (a subset of) the OpenSSL library. With thin wrapper we mean that a lot of the object methods do nothing more than calling a corresponding function in the OpenSSL library. $ python -m pip install pyopenssl cryptography idna To activate certificate checking, call injectintourllib3 from your Python code before you begin making HTTP requests. This can be done in a sitecustomize module, or at any other time before your application begins using urllib3, like this. PyOpenSSL is a set of Python bindings for OpenSSL.

This needs the following packages installed:

  • pyOpenSSL (tested with 16.0.0)

  • cryptography (minimum 1.3.4, from pyopenssl)

  • idna (minimum 2.0, from cryptography)

However, pyopenssl depends on cryptography, which depends on idna, so while weuse all three directly here we end up having relatively few packages required.

You can install them with the following command:

To activate certificate checking, callinject_into_urllib3() from your Python codebefore you begin making HTTP requests. This can be done in a sitecustomizemodule, or at any other time before your application begins using urllib3,like this:

Now you can use urllib3 as you normally would, and it will support SNIwhen the required modules are installed.

Activating this module also has the positive side effect of disabling SSL/TLScompression in Python 2 (see CRIME attack).


Undo monkey-patching by inject_into_urllib3().


Monkey-patch urllib3 with PyOpenSSL-backed SSL-support.

This topic provides instructions for installing the Snowflake Connector for Python. The connector can currently be installed in Linux, macOS, and Windows environments.

The developer notes are hosted on GitHub, along with the source code.


In this Topic:


For a list of the operating systems supported by Snowflake clients, see Operating System Support.

The following software packages are required to install the Snowflake Connector for Python.


The Snowflake Connector for Python requires Python 3.6, 3.7, 3.8, or 3.9.

To verify your version of Python:

For more information about installing the required version of Python, see:

Python Package Installer and Setup Tools¶

The Snowflake Connector for Python is installed by pip, a standard Python package installer and manager.

Use pip version 19.0 or later. Execute the following command to ensure the required version is installed:


  • On macOS, use either virtualenv or venv to install Python and the connector.

  • If both Python 2.7.x and Python 3.x are installed, use pip3 to install the connector with Python 3.x.

Python Packages¶

The Snowflake Connector for Python uses many Python packages. The connector supports a range of versions for each package. (Fordetails, see Dependency Management Policy for the Python Connector.)

For these packages, Snowflake recommends that you use the same versions that Snowflake used during testing (the minimum supportedversions of these packages). Snowflake also recommends that you avoid overriding pinned dependencies and using applications thatmight override pinned dependencies.

The package versions that were tested with the connector are documented inthese requirements files. Eachrequirements file applies to a specific version of Python. For example, requirements_36.reqs lists the versions that weretested with Python 3.6.

Each requirements file consists of lines like the following:

The element to the left of the is the name of the package, and the element to the right of the is the version number of that package.

For instructions on using these requirements files to install the required packages, seeStep 1: Install the Connector.

pyOpenSSL (macOS only)¶

macOS (Yosemite and higher versions) includes Python 2.7.x. If you are using python 2.7.x, and ifyour version of pyOpenSSL is out-of-date,you might encounter the following error if you are not using virtualenv:

To fix this issue, use one of the following two options:

  • Use either virtualenv or venv to isolate the Python runtime environments.

  • Set the PYTHONPATH environment variable so that the newly-installed pyOpenSSL is used instead. For example:


Recent and future versions of the Python connector do not support Python 2.x. If you are still using Python 2.7and an older version of the Python connector, Snowflake encourages you to upgrade both the connector and Python.

OpenSSL and FFI (Linux only)¶

When the Snowflake Connector for Python is installed, pip compiles native codes in the packages on Linux platforms. In order to install it successfully, install the requiredpackages:

  • For CentOS, use yum:

  • For Ubuntu, use apt-get:

Other platforms do not need the OS packages installed because they are bundled in the Python packages.

Step 1: Install the Connector¶


The Snowflake Connector for Python is available in PyPI. A change log isavailable on the site, so you can determine the changes that have been implemented in each release.

When installing a version of the Snowflake Connector for Python, Snowflake recommends installing the versions of the dependentlibraries that have been tested with that version of the connector.

To install the Snowflake Connector for Python and the dependent libraries:

Python Import Openssl

  1. Determine the version of the Snowflake Connector for Python that you plan to install.

  2. To install the dependent libraries, run the pip (or pip3) command and point tothe requirements file for that version of the connector.

    For example, suppose the latest Snowflake Connector for Python version is 2.4.3 and you are using Python 3.6. Toinstall the dependent libraries for that version of the connector, run the following command:

    In the example above, the path to the requirements file specifies the version of the connector (“/v2.4.3/”). Therequirements filename (“requirements_36.reqs”) specifies the version of Python (Python 3.6).


    If you need to install a version of the Snowflake Connector for Python that is between 2.2.0 and 2.3.5, replace .reqs inthe requirements filename with .txt. For example, use requirements_36.txt, rather than requirements_36.reqs.

    If running the pip command results in compilation errors, you might need to install the C compiler and Pythondevelopment package to build some of the required modules, such as PyCryptoDome.

    For more information about installing a C compiler, see (Linux) or

  3. To install the connector, run the following command:

    where version is the version of the connector that you want to install.

    For example, to install version 2.4.3 of the Snowflake Connector for Python, run:


    If you plan to cache connections with browser-based SSO, you must alsoinstall the secure-local-storage extra. For details, see Using Connection Caching to Minimize the Number of Prompts for Authentication — Optional.

    If you plan to use the API support for Pandas DataFrames, you must also install the pandas extra. For details, seeUsing Pandas DataFrames with the Python Connector.

Step 2: Verify Your Installation¶

Create a file (e.g. containing the following Python sample code, which connects to Snowflake and displays the Snowflake version:

Make sure to replace <user_name>, <password>, and <account_name> with the appropriate values for your Snowflake account.


Account name is required. In addition, note that your full account name might include additional segments thatidentify the region and cloud platform where your account is hosted.

Account name examples by region

If your account locator is xy12345:

Using openssl in python

Cloud Platform / . Region

Account Locator . (with additional segments if required)

Amazon Web Services (AWS)




Google Cloud Platform (GCP)



Microsoft Azure


If either of the following conditions is true, your account locator is different than the structure described in theabove examples:

  • If your Snowflake Edition is VPS, please contactSnowflake Support fordetails about your account locator.

  • If AWS PrivateLink or Azure Private Link is enabled for your account and you wish to use private connectivity to connect to Snowflake,run the SYSTEM$GET_PRIVATELINK_CONFIG function to determine the private connectivity URL to use.

    For more details on private connectivity, see:

Also, note that you do not include the Snowflake domain name ( as part of your account name. Snowflake automatically appendsthe domain name to your account name to create the required connection.

For more information about the Snowflake Python API, see Python Connector API, specifically the snowflake.connectormethodsfor details about the supported connector parameters.

Ubuntu Python-openssl

Next, execute the sample code. For example, if you created a file named

The Snowflake version (e.g. 3.5.0) should be displayed.

If you see the following error message, your Python installation likely does not have the appropriate security fixes:

Step 3: Specify a Temporary Directory¶

The Snowflake Connector for Python uses a temporary directory to store data for loading and unloading (PUT, GET), as well as othertypes of temporary data.

The temporary directory can be explicitly specified by setting the TMPDIR, TEMP or TMP environment variables, otherwise the operating system’s default temporarydirectory (i.e. /tmp, C:temp) is used.

If the system’s default temporary directory volume is not large enough for the data being processed, you should specify a different directory using any of the supported environmentvariables.

For example, from a terminal window, execute the following command: