Python: SSL Hell
I was having a hard time getting SSL to work with gevent on Python 2.6. It turns out I had two problems.
The first resulted in this error message:
The second error was related to using urllib2 under gevent:
I had a heck of a time writing nosetests that would fire up a server using gevent and connect to it over SSL using urllib2. However, those nosetests proved very valuable in helping me figure out when and where SSL was breaking for me.
Here's what one of those nose tests looked like:
The first resulted in this error message:
SSLError: [Errno 336265218] _ssl.c:337: error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system libIt turned out to be a permissions issue. I ran "cat" on the file, and it turned out that I didn't have access to it:
cat: /etc/mycompany/certs/httpd/mycompany-wildcard.key: Permission deniedI ran the command with sudo, and the problem went away.
The second error was related to using urllib2 under gevent:
URLError: <urlopen error [Errno 2] _ssl.c:490: The operation did not complete (read)>This problem was because I was using gevent to monkeypatch the socket module, but I wasn't using it to monkeypatch the ssl module. Once I monkeypatched the ssl module, everything worked.
<Greenlet at 0x2add8d0: start_publisher> failed with URLError
...
SSLError: [Errno 8] _ssl.c:490: EOF occurred in violation of protocol
<Greenlet at 0x2add958: <bound method WSGIServer.wrap_socket_and_handle of <WSGIServer at 0x2b48750 fileno=3 address=127.0.0.1:34848>>(<socket at 0x2b48a10 fileno=5 sock=127.0.0.1:34848, ('127.0.0.1', 37858))> failed with SSLError
I had a heck of a time writing nosetests that would fire up a server using gevent and connect to it over SSL using urllib2. However, those nosetests proved very valuable in helping me figure out when and where SSL was breaking for me.
Here's what one of those nose tests looked like:
# Unfortunately, this monkey patching is not isolated to just this module.
from gevent import monkey
monkey.patch_all(thread=False) # Nose uses threads.
import urllib2
import gevent
from myproj import server
TEST_INTERFACE = "127.0.0.1"
TEST_PORT = 34848
URL = "https://%s:%s" % (TEST_INTERFACE, TEST_PORT)
def test_server():
test_successful_box = [False]
def start_server():
server.main(interface=TEST_INTERFACE, port=TEST_PORT)
def start_publisher():
response = urllib2.urlopen(URL)
assert response.msg == "OK"
test_successful_box[0] = True
gevent.killall(greenlets)
greenlets = [gevent.spawn(start_server), gevent.spawn(start_publisher)]
gevent.joinall(greenlets)
assert test_successful_box[0]
Comments
why is test_successful_box a list rather than just assigned to directly?
i.e. why not
test_successful_box = True
It's curious.. thanks
It has something to do with how closures work in Python. I'm on a version of Python that doesn't have the "nonlocal" keyword.
Yeah, I got it working.
> In the second case, any idea how we can improve gevent to make the error less cryptic?
I have no clue. I thought the whole point of OpenSSL was to be cryptic :-P
I'm having one of the errors you mentioned: 'ssl.SSLError: [Errno 8] _ssl.c:504: EOF occurred in violation of protocol'
I'm not up to your level with command line stuff. Would you mind walking me through how I monkey patch the SSL module?
I think I monkey patched the socket module when I set up a new version of Python but that was the first time I'd touched and of this stuff and I'm not clear or it. Is monkey patching setting up a symbolic link? Pretty ure that's what I did.