The first resulted in this error message:
SSLError: [Errno 336265218] _ssl.c:337: error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system libIt turned out to be a permissions issue. I ran "cat" on the file, and it turned out that I didn't have access to it:
cat: /etc/mycompany/certs/httpd/mycompany-wildcard.key: Permission deniedI ran the command with sudo, and the problem went away.
The second error was related to using urllib2 under gevent:
URLError: <urlopen error [Errno 2] _ssl.c:490: The operation did not complete (read)>This problem was because I was using gevent to monkeypatch the socket module, but I wasn't using it to monkeypatch the ssl module. Once I monkeypatched the ssl module, everything worked.
<Greenlet at 0x2add8d0: start_publisher> failed with URLError
SSLError: [Errno 8] _ssl.c:490: EOF occurred in violation of protocol
<Greenlet at 0x2add958: <bound method WSGIServer.wrap_socket_and_handle of <WSGIServer at 0x2b48750 fileno=3 address=127.0.0.1:34848>>(<socket at 0x2b48a10 fileno=5 sock=127.0.0.1:34848, ('127.0.0.1', 37858))> failed with SSLError
I had a heck of a time writing nosetests that would fire up a server using gevent and connect to it over SSL using urllib2. However, those nosetests proved very valuable in helping me figure out when and where SSL was breaking for me.
Here's what one of those nose tests looked like:
# Unfortunately, this monkey patching is not isolated to just this module.
from gevent import monkey
monkey.patch_all(thread=False) # Nose uses threads.
from myproj import server
TEST_INTERFACE = "127.0.0.1"
TEST_PORT = 34848
URL = "https://%s:%s" % (TEST_INTERFACE, TEST_PORT)
test_successful_box = [False]
response = urllib2.urlopen(URL)
assert response.msg == "OK"
test_successful_box = True
greenlets = [gevent.spawn(start_server), gevent.spawn(start_publisher)]