You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Michal Zerola (JIRA)" <ji...@apache.org> on 2012/05/16 16:51:02 UTC
[jira] [Commented] (QPID-3175) SSL support in Python client
libraries
[ https://issues.apache.org/jira/browse/QPID-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13276773#comment-13276773 ]
Michal Zerola commented on QPID-3175:
-------------------------------------
Hi,
we are encountering problems when using the ssl transport layer in Python clients. When the client is sending messages in burst to the broker in asynchronous manner (sync=False in Sender.send) the exception is occasionally thrown with the following output:
[Errno 1] _ssl.c:1217: error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write retry
It seems, like the client's socket gets full, so the next underlying SSLSocket.write() throws the SSLError (with SSL_ERROR_WANT_WRITE as a code) but this situation is not handled properly. One can see, that in qpid/messaging/transports.py in the constructor of the SSL transport the socket is set to NON BLOCKING. Such a non blocking socket then behaves that write() doesn't wait till there is enough space on the socket and may throw the above exception. The question is therefore:
* Why is SSLSocket set to NON BLOCKING state in contrast to the non SSL transport?
* Is handling of the above SSL_ERROR_WANT_{WRITE,READ} errors implemented properly in the Python's API?
Thanks for answers. Best,
Michal
> SSL support in Python client libraries
> --------------------------------------
>
> Key: QPID-3175
> URL: https://issues.apache.org/jira/browse/QPID-3175
> Project: Qpid
> Issue Type: Bug
> Components: Python Client
> Affects Versions: 0.8
> Environment: Windows XP, Python 2.7.1, (broker Red Hat MRG 1.3 on RHEL 5.5)
> Reporter: JAkub Scholz
> Assignee: Rafael H. Schloming
> Labels: possibly_complete
> Fix For: 0.15
>
> Attachments: QPID-3175.patch, QPID-3175a.patch, sasl_external.patch
>
>
> I was trying to connect to my broker with SSL encrypted connection (both PLAIN and EXTERNAL authentication methods). However, it seems to be not working. I get following error messages:
> Traceback (most recent call last):
> File "ssl-external.py", line 20, in <module>
> connection.open()
> File "<string>", line 6, in open
> File "c:\opt\!_EUREX14\tests\qpid.python-0.8\python\qpid\messaging\endpoints.py", line 244, in open
> self.attach()
> File "<string>", line 6, in attach
> File "c:\opt\!_EUREX14\tests\qpid.python-0.8\python\qpid\messaging\endpoints.py", line 262, in attach
> self._ewait(lambda: self._transport_connected and not self._unlinked())
> File "c:\opt\!_EUREX14\tests\qpid.python-0.8\python\qpid\messaging\endpoints.py", line 197, in _ewait
> self.check_error()
> File "c:\opt\!_EUREX14\tests\qpid.python-0.8\python\qpid\messaging\endpoints.py", line 190, in check_error
> raise self.error
> qpid.messaging.exceptions.ConnectError: [Errno 1] _ssl.c:499: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate
> In the source codes (messaging/transports.py), the SSL seems to be supported and implemented, but it is not working. I didn't found any possibilities how to pass the certificates to the SSL libraries and the wrap_socket call in transports.py is calling the wrap_socket without any additional attributes except the original socket.
> I didn't had the chance to test other platforms or Python versions, except Python 2.4.3 on RHEL 5.5, where the SSL is not supported at all (the SSL support in Python changed significantly with 2.6)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org