Reputation: 40664
urlfetch.UrlfetchException: _ssl.c:510: EOF occurred in violation of protocol
I am using python 2.7.6 on ubuntu
I am getting this error when I use urlfetch (1.0.2) to post data to a remote server. It starts 2 days ago after the ssl certificate of the server was updated.
Similar problems have been reported to another python package request. The solution is to update some dependencies by running
pip install --force-reinstall requests[security]
but I only got this
Requirement already satisfied: requests[security] in /usr/lib/python2.7/dist-packages
requests 2.2.1 does not provide the extra 'security'
Nothing seems to be downloaded and installed.
Some post suggests it is related to cipher (https://github.com/kennethreitz/requests/issues/3608#issuecomment-250681069)
openssl s_client -connect www.example.com:443
CONNECTED(00000003)
140353237063328:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 305 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
Does it look normal ? Is there anything I can do to fix it?
The target server is living on Google App Engine. The new SSL cert does not support vip.
Ubuntu version info:
NAME="Ubuntu"
VERSION="14.04.2 LTS, Trusty Tahr"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 14.04.2 LTS"
VERSION_ID="14.04"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
Upvotes: 0
Views: 423
Answers (2)
Reputation: 138
This error occurs on older versions of Python, which don't support the TLS SNI (Server Name Indication) extension. You need to use SNI to connect to sites hosted on App Engine with HTTPS. It looks like SNI support is present in Python 2.7.9 and later.
If you're making requests from an App Engine app written in Python and need SNI support, you need to reference version 2.7.11 of the ssl library in your app.yaml file or you'll run into this same issue.
Upvotes: 2
Reputation: 40664
My first choice was to use this answer to resolve the issue by monkey-patching ssl.py.
import ssl
from functools import wraps
def sslwrap(func):
@wraps(func)
def bar(*args, **kw):
kw['ssl_version'] = ssl.PROTOCOL_TLSv1
return func(*args, **kw)
return bar
ssl.wrap_socket = sslwrap(ssl.wrap_socket)
However it did not work.
At the end I find that I can resolve it by upgrading python to 2.7.13 from source. Here are the steps:
1) Install python dev dependency
sudo apt-get install -y \
autotools-dev \
blt-dev \
bzip2 \
dpkg-dev \
g++-multilib \
gcc-multilib \
libbluetooth-dev \
libbz2-dev \
libexpat1-dev \
libffi-dev \
libffi6 \
libffi6-dbg \
libgdbm-dev \
libgpm2 \
libncursesw5-dev \
libreadline-dev \
libsqlite3-dev \
libssl-dev \
libtinfo-dev \
mime-support \
net-tools \
netbase \
python-crypto \
python-mox3 \
python-pil \
python-ply \
quilt \
tk-dev \
zlib1g-dev
2) Download source code
wget https://www.python.org/ftp/python/2.7.13/Python-2.7.13.tgz
3) Unpack
tar xfz Python-2.7.13.tgz
4) configure
cd Python-2.7.13/
./configure --prefix /usr/local/lib/python2.7.13 --enable-ipv6
5) build
make
6) deploy
sudo make install
7) Install pip and urlfetch and other dependencies
Upvotes: 2
Related Questions
- ssl handshake error while deploying google app engine
- AppEngine urlfetch validate_certificate=False/None not being respected
- Google App Engine Python 2.7 SSL stopped working
- HTTPS get using "requests" module in Google App Engine fails
- appcfg.py request_logs certificate verify failed (_ssl.c:661)
- Google App Engine - SSL InsecurePlatformWarning
- python requests on Google App Engine not working for HTTPS
- TypeError: __init__() got an unexpected keyword argument 'check_hostname' in GAE with https
- SSLError on Google App Engine (local dev-server)
- How to use SSL in Python?