I'm trying to run a simple SSL-enabled application using gevent.pywsgi's WSGIServer. However, I keep getting SSLError: [Errno 8] _ssl.c:510: EOF occurred in violation of protocol after about 10-15 second after first request is made (from Chrome), during what I assume is an attempt to re-handshake:
Traceback (most recent call last):
File "D:\SOMEPATH\lib\site-packages\gevent\greenlet.py", line 327, in run
result = self._run(*self.args, **self.kwargs)
File "D:\SOMEPATH\lib\site-packages\gevent\server.py", line 102, in wrap_socket_and_handle
ssl_socket = self.wrap_socket(client_socket, **self.ssl_args)
File "D:\SOMEPATH\lib\site-packages\gevent\ssl.py", line 383, in wrap_socket
ciphers=ciphers)
File "D:\SOMEPATHK\lib\site-packages\gevent\ssl.py", line 94, in __init__
self.do_handshake()
File "D:\SOMEPATH\lib\site-packages\gevent\ssl.py", line 305, in do_handshake
return self._sslobj.do_handshake()
SSLError: [Errno 8] _ssl.c:510: EOF occurred in violation of protocol
<Greenlet at 0x4998850: <bound method WSGIServer.wrap_socket_and_handle of <WSGIServer at 0x499d6d0 fileno=500 address=127.0.0.1:12344>>(<socket at 0x49f50d0 fileno=912 sock=127.0.0.1:123, ('127.0.0.1', 6398))> failed with SSLError
The page loads just fine. My minimal working example is as follows:
from gevent import monkey
monkey.patch_all()
from gevent import ssl
from flask import Flask
from gevent.pywsgi import WSGIServer
app = Flask(__name__)
#app.route('/')
def main():
return 'hi!'
server = WSGIServer(
('127.0.0.1', 12344),
app,
keyfile='server.key',
certfile='server.crt',
ssl_version=ssl.PROTOCOL_TLSv1,
)
print 'Serving..'
server.serve_forever()
I have tried forcing the TLSv1 version of the protocol, as suggested in numerous other threads, most of which reference this answer. This can be seen in the MWE.
I have verified that I get no error using Flask's default, non-gevent in-built server, with SSL setup in a way similar to this snippet.
Studying the sources. Eventually, the exception comes from a wrapped C function after several SSL_ERROR_WANT_READ "exceptions" are handled in do_handshake().
I use gevent==1.0.1 and Python 2.7.8 (default, Jun 30 2014, 16:03:49) on a Windows machine right now.
How do I get rid of that error?
Make sure you specify full path of your files server.key and server.crt.
Also, when making a HTTP request to the server, don't forget to specify 'https' in https://127.0.0.1:12344/
This is probably due to the reason that, when using gevent, server(or client) is not guaranteed to answer immediately for the handshake, and the connectin times out
Look what happened in my case, though I am getting this on the client side
Related
We're currently using the redshift-connector driver in Python to connect to a a Redshift database.
This is working locally however when deploying to a server with limited internet connectivity we're seeing SSL handshake errors.
When observing this on Wireshark we see locally the handshake uses TLSv1.2, however on the server we see TLSv1 and no response which we believe is the culprit. Is there a way of specifying the TLS version on a connection made with the redshift-connector?
Code:
import redshift_connector
connection = redshift_connector.connect(
host='hostip',
database='db',
user=’username’,
password=’password’,
timeout=120
)
Error:
Traceback (most recent call last):
File "redshift.py", line 9, in <module>
timeout=20
File "C:\Python37\lib\site-packages\redshift_connector\__init__.py", line 334, in connect
credentials_provider=info.credentials_provider,
File "C:\Python37\lib\site-packages\redshift_connector\core.py", line 587, in __init__
raise InterfaceError("communication error", e)
redshift_connector.error.InterfaceError: ('communication error', timeout('_ssl.c:1074: The handshake operation timed out'))
We've verified the port is open via telnet so this isn't a firewall issue. Additionally we used ssl=false and can connect without any problems but would prefer this to be enabled
Many thanks for any help!
I am getting
urllib2.URLError:
error while calling mechanize.browser.open('my https site').
I searched the web but nothing worked for me.
Here is my code:
import ssl
try:
_create_unverified_https_context = ssl._create_unverified_context
except AttributeError:
# Legacy Python that doesn't verify HTTPS certificates by default
pass
else:
# Handle target environment that doesn't support HTTPS verification
ssl._create_default_https_context = _create_unverified_https_context
import mechanize
import operator
from bs4 import BeautifulSoup
import os
myBrowser = mechanize.Browser()
myBrowser.set_handle_robots(False)
myBrowser.set_handle_refresh(False)
myBrowser.open("https://uwp.puchd.ac.in/common/viewmarks.aspx")
Here is the error I am getting:
Traceback (most recent call last):
File "C:/Users/Himanshu/Desktop/UIET Rank system.py", line 27, in <module>
myBrowser.open("https://uwp.puchd.ac.in/common/viewmarks.aspx")
File "C:\Python27\lib\site-packages\mechanize\_mechanize.py", line 254, in open
return self._mech_open(url_or_request, data, timeout=timeout)
File "C:\Python27\lib\site-packages\mechanize\_mechanize.py", line 284, in _mech_open
response = UserAgentBase.open(self, request, data)
File "C:\Python27\lib\site-packages\mechanize\_opener.py", line 195, in open
response = urlopen(self, req, data)
File "C:\Python27\lib\site-packages\mechanize\_urllib2_fork.py", line 352, in _open
'_open', req)
File "C:\Python27\lib\site-packages\mechanize\_urllib2_fork.py", line 340, in _call_chain
result = func(*args)
File "C:\Python27\lib\site-packages\mechanize\_urllib2_fork.py", line 1215, in https_open
return self.do_open(conn_factory, req)
File "C:\Python27\lib\site-packages\mechanize\_urllib2_fork.py", line 1160, in do_open
raise URLError(err)
urllib2.URLError: <urlopen error EOF occurred in violation of protocol (_ssl.c:661)>
Process finished with exit code 1
Other information:
import ssl
print ssl.OPENSSL_VERSION
output>> OpenSSL 1.0.2j 26 Sep 2016
python version
Python 2.7.13 (v2.7.13:a06454b1afa1, Dec 17 2016, 20:42:59) [MSC v.1500 32 bit (Intel)] on win32
Is there any way to bypass this error?
Note:
I want to use mechanize only, since my application is ready and it
used to work a year before but now it's not working and I don't want to change the entire code again.
I am using Pycharm on windows.
Please try to open this webpage which I am trying to open it shows "Insecure connection" in chrome also and we need to proceed to the webpage. It might be the problem. Also, I don't have the certificate for this webpage.
My application has nothing to do with security, so it will be perfectly fine to set SSL verification to false (I tried to do so from other posts, but it didn't work for me) or something like that. Only the goal is that application should work.
The problem with this site is not the certificate validation since you have successfully switched it off. The problem instead is that the site only supports ciphers which are no longer considered secure, i.e. 3DES and RC4 based ciphers.
The default ciphers in the ssl library don't include these ciphers for security reasons.
To add support for these ciphers you can manually set the default cipher set. The following line sets DES-CBC3-SHA as the offered cipher. This way you can access the broken site:
ssl._DEFAULT_CIPHERS = ('DES-CBC3-SHA')
myBrowser = mechanize.Browser()
...
Note that you should use this setting only for the specific site. While it might in theory be also possible to just set a larger cipher set for _DEFAULT_CIPHERS to handle all sites, this specific site suffers from additional problems: it looks like it will fail with the TLS handshake even if DES-CBC3-SHA is included in the offered cipher set but if newer ciphers (like GCM) are offered before DES-CBC3-SHA.
This error doc at Fix urlopen error EOF occurred in violation of protocol (_ssl.c:719) Error – Python Web Crawler Tutorial says that the error can be thrown when the SSL version is outdated. Try updating SSL to what your python version allows. This is also the answer on Stack Overflow at Python and SSL -- EOF occurred in violation of protocol.
Since in a legacy project that usually might throw such an error, updating SSL would also mean updating Python, you might try running the code again instead. In my use case of URLError: <urlopen error EOF occurred in violation of protocol (_ssl.c:661), the error was not thrown anymore during the second run.
I'm in the process of writing a minimal websocket server with Python 3. I am using flask, socketio, and eventlet per the instructions on the latest docs. The problem is that when the webpage with the socket connection is reloaded, the server throws the following exception:
Traceback (most recent call last):
File "C:\Users\Noah\AppData\Local\Programs\Python\Python35-32\lib\site-packages\eventlet\greenpool.py", line 88, in _spawn_n_impl
func(*args, **kwargs)
File "C:\Users\Noah\AppData\Local\Programs\Python\Python35-32\lib\site-packages\eventlet\wsgi.py", line 734, in process_request
proto.__init__(sock, address, self)
File "C:\Users\Noah\AppData\Local\Programs\Python\Python35-32\lib\socketserver.py", line 686, in __init__
self.finish()
File "C:\Users\Noah\AppData\Local\Programs\Python\Python35-32\lib\site-packages\eventlet\wsgi.py", line 651, in finish
greenio.shutdown_safe(self.connection)
File "C:\Users\Noah\AppData\Local\Programs\Python\Python35-32\lib\site-packages\eventlet\greenio\base.py", line 479, in shutdown_safe
return sock.shutdown(socket.SHUT_RDWR)
OSError: [WinError 10038] An operation was attempted on something that is not a socket
I took a look at the source, and it seems like shutdown_safe is supposed to just catch any exceptions while shutting down a connection. In short, it seems like the author of this part of the library didn't foresee Windows throwing an OSError on shutdown.
Although this is a benign issue, I was wondering if there are any existing fixes/tweaks, and if not, whether I should submit this to the python-socketio GitHub issues list.
I am writing an in house application where my main web server is Apache web server hosting the main web portal which is being accessed by HTTPS. The certificates are self signed certificate and sites will not be accessed over internet but VPN may be.
On one of the webpage in my application I am establishing the separate connection to the socketio based server using HTTPS again but on different port. Hostnames are same for main URL and socketio's URL.
If I use two different SSL certificates for both URLs, all goes fine. However, if I try to use the same SSL certificate , application is unable to connect to socket io server.
I want to use the same certificate for both the URLs (same host , different ports). Isn't it possible?
I recieve below Error at the backend through gevent socketio.
Traceback (most recent call last):
File "/nobackup/kdhotre/Intracer/16.0.293/C-Int/3rdparty/python2.6.1/lib/python2.6/site-packages/gevent-1.0-py2.6-linux-x86_64.egg/gevent/greenlet.py", line 327, in run
result = self._run(*self.args, **self.kwargs)
File "/nobackup/kdhotre/Intracer/16.0.293/C-Int/3rdparty/python2.6.1/lib/python2.6/site-packages/gevent-1.0-py2.6-linux-x86_64.egg/gevent/server.py", line 102, in wrap_socket_and_handle
ssl_socket = self.wrap_socket(client_socket, **self.ssl_args)
File "/nobackup/kdhotre/Intracer/16.0.293/C-Int/3rdparty/python2.6.1/lib/python2.6/site-packages/gevent-1.0-py2.6-linux-x86_64.egg/gevent/ssl.py", line 383, in wrap_socket
ciphers=ciphers)
File "/nobackup/kdhotre/Intracer/16.0.293/C-Int/3rdparty/python2.6.1/lib/python2.6/site-packages/gevent-1.0-py2.6-linux-x86_64.egg/gevent/ssl.py", line 87, in __init__
cert_reqs, ssl_version, ca_certs)
SSLError: [Errno 336445442] _ssl.c:351: error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib
<Greenlet at 0x1b363050: <bound method SocketIOServer.wrap_socket_and_handle of
<SocketIOServer at 0x1b25bc90 fileno=10 address=72.163.134.156:5501>>
(<socket at 0x1b35de50 fileno=11 sock=72.163.134.15, ('10.142.149.112', 64062))> failed with SSLError
I am attempting to use the requests.py library for calls to a rest web service. I wrote a quick prototype for my usage under windows and everything worked fine, but when I attempted to run the same prototype under linux I get a "requests.exceptions.Timeout: Request timed out" error. Does anyone know why this might be happening? If I try to use the library to access a non https url it works fine under both windows and linux.
import requests
url = 'https://path.to.rest/svc/?options'
r = requests.get(url, auth=('uid','passwd'), verify=False)
print(r.content)
I did notice that if I leave off the verify=False parameter from the get call, I get a different exception, namely "requests.exceptions.SSLError: Can't connect to HTTPS URL because the SSL module is not available". This appears to be a possible underlying cause, though I dont know why they would change the errorcode, but I cant find any reference to an ssl module and I verified that certifi was installed. Interestingly, if I leave off the verify parameter in windows I get a different exception, "requests.exceptions.SSLError: [Errno 1] _ssl.c:503: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed"
EDIT:
Tracebacks for all cases/scenarios mentioned
Full code as shown above:
Traceback(most recent call last):
File "testRequests.py", line 15, in <module>
r = requests.get(url, auth=('uid','passwd'), verify=False)
File "build/bdist.linux-x86_64/egg/requests/api.py", line 52, in get
File "build/bdist.linux-x86_64/egg/requests/api.py", line 40, in request
File "build/bdist.linux-x86_64/egg/requests/sessions.py", line 208, in request
File "build/bdist.linux-x86_64/egg/requests/models.py", line 586, in send
requests.exceptions.Timeout: Request timed out
Code as shown above minus the "verify=False" paramter:
Traceback(most recent call last):
File "testRequests.py", line 15, in <module>
r = requests.get(url, auth=('uid','passwd'))
File "build/bdist.linux-x86_64/egg/requests/api.py", line 52, in get
File "build/bdist.linux-x86_64/egg/requests/api.py", line 40, in request
File "build/bdist.linux-x86_64/egg/requests/sessions.py", line 208, in request
File "build/bdist.linux-x86_64/egg/requests/models.py", line 584, in send
requests.exceptions.SSLError: Can't connect to HTTPS URL because the SSL module is not available
Code as show above minus the "verify=False" parameter and run under windows:
Traceback(most recent call last):
File "testRequests.py", line 59, in <module>
r = requests.get(url, auth=('uid','passwd'))
File "c:\Python27\lib\site-packages\requests\api.py", line 52, in get
return request('get', url, **kwargs)
File "c:\Python27\lib\site-packages\requests\api.py", line 40, in request
return s.request(method=method, url=url, **kwargs)
File "c:\Python27\lib\site-packages\requests\sessions.py", line 208, in request
r.send(prefetch=prefetch)
File "c:\Python27\lib\site-packages\requests\models.py", line 584, in send
raise SSLError(e)
requests.exceptions.SSLError: [Errno 1] _ssl.c:503: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
I'm not an expert on the matter but it looks like the certificate from the server can't be verified correctly. I don't know how Python and ssl handles certificate verification but the first option is to try ignoring the exception, or maybe change https to http in an attempt to see if the web-service allows non-secure service calls.
If the issue is revolving around an import error for ssl, the module is part of CPython and you may need to ensure that the Python interpreter is compiled with SSL support (from openssl). Look into removing the package for python (be careful) and compiling it with openssl support, personally I would strongly advise you looking into a virtualenv before removing anything, compiling Python is not too difficult and it would give you a finer grain of control for what you aim to do.