[
https://issues.apache.org/jira/browse/QPID-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13276773#comment-13276773
]
Michal Zerola commented on QPID-3175:
-------------------------------------
Hi,
we are encountering problems when using the ssl transport layer in Python
clients. When the client is sending messages in burst to the broker in
asynchronous manner (sync=False in Sender.send) the exception is occasionally
thrown with the following output:
[Errno 1] _ssl.c:1217: error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write
retry
It seems, like the client's socket gets full, so the next underlying
SSLSocket.write() throws the SSLError (with SSL_ERROR_WANT_WRITE as a code) but
this situation is not handled properly. One can see, that in
qpid/messaging/transports.py in the constructor of the SSL transport the socket
is set to NON BLOCKING. Such a non blocking socket then behaves that write()
doesn't wait till there is enough space on the socket and may throw the above
exception. The question is therefore:
* Why is SSLSocket set to NON BLOCKING state in contrast to the non SSL
transport?
* Is handling of the above SSL_ERROR_WANT_{WRITE,READ} errors implemented
properly in the Python's API?
Thanks for answers. Best,
Michal
> SSL support in Python client libraries
> --------------------------------------
>
> Key: QPID-3175
> URL: https://issues.apache.org/jira/browse/QPID-3175
> Project: Qpid
> Issue Type: Bug
> Components: Python Client
> Affects Versions: 0.8
> Environment: Windows XP, Python 2.7.1, (broker Red Hat MRG 1.3 on
> RHEL 5.5)
> Reporter: JAkub Scholz
> Assignee: Rafael H. Schloming
> Labels: possibly_complete
> Fix For: 0.15
>
> Attachments: QPID-3175.patch, QPID-3175a.patch, sasl_external.patch
>
>
> I was trying to connect to my broker with SSL encrypted connection (both
> PLAIN and EXTERNAL authentication methods). However, it seems to be not
> working. I get following error messages:
> Traceback (most recent call last):
> File "ssl-external.py", line 20, in <module>
> connection.open()
> File "<string>", line 6, in open
> File
> "c:\opt\!_EUREX14\tests\qpid.python-0.8\python\qpid\messaging\endpoints.py",
> line 244, in open
> self.attach()
> File "<string>", line 6, in attach
> File
> "c:\opt\!_EUREX14\tests\qpid.python-0.8\python\qpid\messaging\endpoints.py",
> line 262, in attach
> self._ewait(lambda: self._transport_connected and not self._unlinked())
> File
> "c:\opt\!_EUREX14\tests\qpid.python-0.8\python\qpid\messaging\endpoints.py",
> line 197, in _ewait
> self.check_error()
> File
> "c:\opt\!_EUREX14\tests\qpid.python-0.8\python\qpid\messaging\endpoints.py",
> line 190, in check_error
> raise self.error
> qpid.messaging.exceptions.ConnectError: [Errno 1] _ssl.c:499:
> error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate
> In the source codes (messaging/transports.py), the SSL seems to be supported
> and implemented, but it is not working. I didn't found any possibilities how
> to pass the certificates to the SSL libraries and the wrap_socket call in
> transports.py is calling the wrap_socket without any additional attributes
> except the original socket.
> I didn't had the chance to test other platforms or Python versions, except
> Python 2.4.3 on RHEL 5.5, where the SSL is not supported at all (the SSL
> support in Python changed significantly with 2.6)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
