from:"lkraav"

[issue46156] 3.9.9: python built-in SSL module unable to connect to an IIS server (104 Connection reset by peer), but pyopenssl works fine

2021-12-22 Thread lkraav



New submission from lkraav :

Problems emerged when Requests phased out PyOpenSSL as their default backend 
https://github.com/psf/requests/blob/main/HISTORY.md#2240-2020-06-17

Suddenly my script wasn't able to connect to a remote server that it had been 
working with for years.

All connection attempts with Python built-in SSL module, with various 
certificate or TLS configurations tested, result in a blunt 
ConnectionResetError during `do_handshake()`

This leads me to believe Python SSL module is maybe incompatible [with some IIS 
thing] in some perhaps fixable way, because going with PyOpenSSL backend via 
`urllib3.contrib.pyopenssl.inject_into_urllib3()`

I can provide the real server name in a private email if any maintainers is 
interested in doing a debug run in some more thorough way that I'm unable to, 
let me know.

Example test:

```
$ ipython
Python 3.9.9 (main, Dec 21 2021, 17:21:49) 
Type 'copyright', 'credits' or 'license' for more information
IPython 7.29.0 -- An enhanced Interactive Python. Type '?' for help.

In [1]: import ssl

In [2]: context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)

In [3]: import socket

In [4]: context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT, 
verify_mode=ssl.CERT_NONE)

In [5]: conn = context.wrap_socket(socket.socket(socket.AF_INET), 
server_hostname="webapi.remote")

In [6]: conn.connect(("webapi.remote", 52100))
---
ConnectionResetError  Traceback (most recent call last)
 in 
> 1 conn.connect(("webapi.remote", 52100))

/usr/lib/python3.9/ssl.py in connect(self, addr)
   1340 """Connects to remote ADDR, and then wraps the connection in
   1341 an SSL channel."""
-> 1342 self._real_connect(addr, False)
   1343 
   1344 def connect_ex(self, addr):

/usr/lib/python3.9/ssl.py in _real_connect(self, addr, connect_ex)
   1331 self._connected = True
   1332 if self.do_handshake_on_connect:
-> 1333 self.do_handshake()
   1334 return rc
   1335 except (OSError, ValueError):

/usr/lib/python3.9/ssl.py in do_handshake(self, block)
   1307 if timeout == 0.0 and block:
   1308 self.settimeout(None)
-> 1309 self._sslobj.do_handshake()
   1310 finally:
   1311 self.settimeout(timeout)

ConnectionResetError: [Errno 104] Connection reset by peer
```

--
assignee: christian.heimes
components: SSL
messages: 409050
nosy: christian.heimes, lkraav
priority: normal
severity: normal
status: open
title: 3.9.9: python built-in SSL module unable to connect to an IIS server 
(104 Connection reset by peer), but pyopenssl works fine
type: behavior
versions: Python 3.9

___
Python tracker 
<https://bugs.python.org/issue46156>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue46156] 3.9.9: python built-in SSL module unable to connect to an IIS server (104 Connection reset by peer), but pyopenssl works fine

2021-12-24 Thread lkraav



lkraav  added the comment:

> I need more information to diagnose the issue. Could you please provide:
> - your operating system and vendor/distribution

Gentoo, so rolling, but 20 years of maintenance experience.

> - your OpenSSL version (ssl.OPENSSL_VERSION)

$ python
Python 3.9.9 (main, Dec 21 2021, 17:21:49) 
[GCC 10.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
@>>> import ssl
@>>> print(ssl.OPENSSL_VERSION)
OpenSSL 1.1.1l  24 Aug 2021


> - how did you install Python (self-compiled, pyenv, system Python)?

System Python. On Gentoo, features configuration revolve around USE flags, but 
I don't have anything curious built with "gdbm ncurses readline sqlite ssl xml" 
being active:

$ eix dev-lang/python$
[U] dev-lang/python
 Available versions:  
 ...
 (3.9)  3.9.9^t{xpak}
 ...
   {berkdb bluetooth build examples gdbm hardened libedit lto +ncurses pgo 
+readline +sqlite +ssl test tk verify-sig wininst +xml ELIBC="uclibc"}
 Installed versions:  3.9.9(3.9)^t{xpak}(17:22:24 21.12.2021)(gdbm ncurses 
readline sqlite ssl xml -bluetooth -build -examples -hardened -lto -pgo -test 
-tk -verify-sig -wininst)
 Homepage:https://www.python.org/
 Description: An interpreted, interactive, object-oriented 
programming language


> - how did you install PyOpenSSL and cryptography?

Regular system package manager install

$ eix pyopenssl
[I] dev-python/pyopenssl
 Available versions:  20.0.1^t{xpak} {doc test PYTHON_TARGETS="pypy3 
python3_8 python3_9 python3_10"}
 Installed versions:  20.0.1^t{xpak}(11:43:07 03.06.2021)(-doc -test 
PYTHON_TARGETS="python3_9 -pypy3 -python3_8 -python3_10")
 Homepage:https://www.pyopenssl.org/ 
https://pypi.org/project/pyOpenSSL/ https://github.com/pyca/pyopenssl/
 Description: Python interface to the OpenSSL library

$ eix cryptography
[I] dev-python/cryptography
 Available versions:  3.4.7-r2^t{xpak} **36.0.0^t {debug test 
PYTHON_TARGETS="pypy3 python3_8 python3_9 python3_10"}
 Installed versions:  3.4.7-r2^t{xpak}(16:35:10 21.12.2021)(-test 
PYTHON_TARGETS="python3_9 -pypy3 -python3_8 -python3_10")
 Homepage:https://github.com/pyca/cryptography/ 
https://pypi.org/project/cryptography/
 Description: Library providing cryptographic recipes and primitives

> - the full output of: openssl s_client -connect webapi.remote:52100

$ openssl s_client -connect webapi.remote:52100 

  
CONNECTED(0003)
depth=0 CN = webapi.remote
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = webapi.remote
verify return:1
---
Certificate chain
 0 s:CN = webapi.remote
   i:CN = webapi.remote
---
Server certificate
-BEGIN CERTIFICATE-

-END CERTIFICATE-
subject=CN = webapi.remote

issuer=CN = webapi.remote

---
No client certificate CA names sent
Peer signing digest: SHA1
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1254 bytes and written 502 bytes
Verification error: self signed certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol  : TLSv1.2
Cipher: ECDHE-RSA-AES256-SHA384
Session-ID: 2706127E5AA837E96D63F5DE532C53FAD1D5C034CBF3D305B7978E9636A0
Session-ID-ctx: 
Master-Key: 
FAE8DE30BF627E7F02F8B4AA856075675FAF3A92365A1E9E8041F799E29CE809749B35514065255C62F0D449405C02B8
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1640346190
Timeout   : 7200 (sec)
Verify return code: 18 (self signed certificate)
Extended master secret: yes
---
DONE

--

___
Python tracker 
<https://bugs.python.org/issue46156>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue1669349] make install fails if no previous Python installation

2010-11-18 Thread lkraav


lkraav  added the comment:

i think i am running into this trying to cross-compile for 
i686-gentoo-linux-uclibc and have been unable to figure out how to get 
altinstall to succeed:

http://bugs.gentoo.org/show_bug.cgi?id=269111#c12

build log available at 
http://bugs.gentoo.org/attachment.cgi?id=253831&action=view

any thoughts?

--
nosy: +lkraav

___
Python tracker 
<http://bugs.python.org/issue1669349>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue1669349] make install fails if no previous Python installation

2010-11-18 Thread lkraav


lkraav  added the comment:

i have managed to get past unicodedata fails by manually enabling unicodedata 
(https://groups.google.com/group/comp.lang.python/browse_thread/thread/21a3b6db8f5a246b?hl=en).
 got another error right after that, but that might be something further 
gentoo/xcompile specific, details in gentoo bug for those interested.

--

___
Python tracker 
<http://bugs.python.org/issue1669349>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue15108] ERROR: SystemError: ./../Objects/tupleobject.c:118: bad argument to internal function

2014-10-03 Thread lkraav


Changes by lkraav :


--
nosy: +lkraav

___
Python tracker 
<http://bugs.python.org/issue15108>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue15108] ERROR: SystemError: ./../Objects/tupleobject.c:118: bad argument to internal function

2014-10-03 Thread lkraav


lkraav added the comment:

I may be seeing this running tracd-1.1.2b1 on python 2.7.7

http://trac.edgewall.org/ticket/11772

--
versions: +Python 2.7

___
Python tracker 
<http://bugs.python.org/issue15108>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue46156] 3.9.9: python built-in SSL module unable to connect to an IIS server (104 Connection reset by peer), but pyopenssl works fine

[issue46156] 3.9.9: python built-in SSL module unable to connect to an IIS server (104 Connection reset by peer), but pyopenssl works fine

[issue1669349] make install fails if no previous Python installation

[issue1669349] make install fails if no previous Python installation

[issue15108] ERROR: SystemError: ./../Objects/tupleobject.c:118: bad argument to internal function

[issue15108] ERROR: SystemError: ./../Objects/tupleobject.c:118: bad argument to internal function

6 matches

Site Navigation

Mail list logo

Footer information