I've built a ppa containing the fix here
https://launchpad.net/~raineszm/+archive/ubuntu/lp2147117.
** Description changed:
[ Impact ]
* Gunicorn 20.1.0 uses the ssl.wrap_socket function, which was removed
in python 3.11. Because noble ships python3.12 this means that enabling
SSL causes an AttributeError on every connection, which gunicorn catches
and returns a 500 code.
* This issue causes the octavia amphora-agent to fail to start when building
amphorae from the noble packages.
- - As a consequence it's currently not possible to build an octavia
amphorae from noble packages.
+ - As a consequence it's currently not possible to build an octavia
amphorae from noble packages.
[ Test Plan ]
1. Spawn a noble LXD container
2. Install
- - python3-flask
- - gunicorn
+ - python3-flask
+ - gunicorn
3. Create a minimal flask app
bug.py
---------
import flask
app = flask.Flask(__name__)
@app.route("/")
def hello():
- return "hello\n"
+ return "hello\n"
-----------
4. Run app with gunicorn
gunicorn -b 0.0.0.0:8080 bug:app
5. Test with curl
curl http://localhost:8080
Expected Output
---------------
hello
---------------
6. Generate a self-signed certificate
openssl req -x509 -newkey rsa:2048 -nodes \
- -keyout key.pem \
- -out cert.pem \
- -days 365 \
- -subj "/CN=localhost"
+ -keyout key.pem \
+ -out cert.pem \
+ -days 365 \
+ -subj "/CN=localhost"
7. Run app with gunicorn and SSL
- gunicorn -b 0.0.0.0:8080 bug:app --certfile ~/server.pem --keyfile
+ gunicorn -b 0.0.0.0:8080 bug:app --certfile ~/cert.pem --keyfile
~/key.pem
8. Test with curl: `curl -k https://localhost:8080`
Expected Output
---------------
hello
---------------
Actual Output
-------------
curl: (35) OpenSSL/3.0.13: error:0A00010B:SSL routines::wrong version number
-------------
In fact we're just serving a 500 error over regular http
If we `curl http://localhost:8080`
Actual Output
-------------
<html>
- <head>
- <title>Internal Server Error</title>
- </head>
- <body>
- <h1><p>Internal Server Error</p></h1>
+ <head>
+ <title>Internal Server Error</title>
+ </head>
+ <body>
+ <h1><p>Internal Server Error</p></h1>
- </body>
+ </body>
</html>
-------------
[ Where problems could occur ]
* This introduces a new setting which could require users to adjust
their settings for SSL.
* This change only touches the code paths where SSL is enabled, which
already doesn't work.
-
[ Other Info ]
* This issue was fixed in gunicorn 21, which updated for python 3.11
compatibility.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2147117
Title:
[SRU] Workers return 500 when SSL is enabled
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gunicorn/+bug/2147117/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
