[
https://issues.apache.org/jira/browse/LIBCLOUD-791?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15098079#comment-15098079
]
Tomaz Muraus commented on LIBCLOUD-791:
---------------------------------------
To clarify it further - another option is to use *ssl.PROTOCOL_SSLv23*
constants which will let the client and server negotiate the highest supported
protocol version (>= SSL v3.0 <= TLS v1.2). That's also the default option used
by Python.
The reason why we explicitly chose TLS v1.0 and not this constant is that it's
more secure. Using ssl.PROTOCOL_SSLv23 exposes user to potential downgrade
attacks to SSL v3.0 and SSL v3.0 is considered broken and unsafe.
I added some clarifications about that to our documentation -
https://github.com/apache/libcloud/commit/4bb534c063b222f94fe56c22e54345826280cbae
In addition to that, I opened a pull request so we will now throw a more
user-friendly error message if this conditions occurs -
https://github.com/apache/libcloud/pull/682
> Connection to the Linode API drops
> ----------------------------------
>
> Key: LIBCLOUD-791
> URL: https://issues.apache.org/jira/browse/LIBCLOUD-791
> Project: Libcloud
> Issue Type: Bug
> Components: Compute
> Environment: apache-libcloud==0.18.0
> Ubuntu 14.04
> Python2.7
> Reporter: Jacob Riley
>
> When attempting to connect to Linode through the Linode provider, I am
> receiving a dropped connection. The following DEBUG information is attached.
> I have also found that when taking the below curl request and sending it
> normally, I do not have any errors on getting a response.
> # -------- begin 140040111659984 request ----------
> curl -i -X GET -H 'Host: api.linode.com' -H 'X-LC-Request-ID:
> 140040111659984' -H 'Accept-Encoding: gzip,deflate' -H 'User-Agent:
> libcloud/0.18.0 (Linode) ' --compress
> 'https://api.linode.com:443/?api_key=sekrit&api_responseFormat=json&api_action=avail.linodeplans'
> Traceback (most recent call last):
> File "test.py", line 6, in <module>
> p.worker.consume_queue()
> File "/srv/auction-balancer/Auction-Balancer/sae/prov/util/worker.py", line
> 53, in wrapped_func
> channel.start_consuming()
> File
> "/srv/auction-balancer/Auction-Balancer/provenv/local/lib/python2.7/site-packages/pika/adapters/blocking_connection.py",
> line 1681, in start_consuming
> self.connection.process_data_events(time_limit=None)
> File
> "/srv/auction-balancer/Auction-Balancer/provenv/local/lib/python2.7/site-packages/pika/adapters/blocking_connection.py",
> line 656, in process_data_events
> self._dispatch_channel_events()
> File
> "/srv/auction-balancer/Auction-Balancer/provenv/local/lib/python2.7/site-packages/pika/adapters/blocking_connection.py",
> line 469, in _dispatch_channel_events
> impl_channel._get_cookie()._dispatch_events()
> File
> "/srv/auction-balancer/Auction-Balancer/provenv/local/lib/python2.7/site-packages/pika/adapters/blocking_connection.py",
> line 1310, in _dispatch_events
> evt.body)
> File "/srv/auction-balancer/Auction-Balancer/sae/prov/util/worker.py", line
> 45, in callback
> success = func(message)
> File "/srv/auction-balancer/Auction-Balancer/sae/prov/util/worker.py", line
> 102, in consume_queue
> node = server.create_node('linode', name=machine_name, size_id='Linode
> 1024', image_id='Ubuntu 14.04 LTS')
> File "/srv/auction-balancer/Auction-Balancer/sae/prov/util/provider.py",
> line 78, in create_node
> size = [s for s in driver.list_sizes() if s.name == size_id][0]
> File
> "/srv/auction-balancer/Auction-Balancer/provenv/local/lib/python2.7/site-packages/libcloud/compute/drivers/linode.py",
> line 405, in list_sizes
> data = self.connection.request(API_ROOT, params=params).objects[0]
> File
> "/srv/auction-balancer/Auction-Balancer/provenv/local/lib/python2.7/site-packages/libcloud/common/base.py",
> line 784, in request
> headers=headers)
> File
> "/srv/auction-balancer/Auction-Balancer/provenv/local/lib/python2.7/site-packages/libcloud/common/base.py",
> line 443, in request
> headers)
> File "/usr/lib/python2.7/httplib.py", line 979, in request
> self._send_request(method, url, body, headers)
> File "/usr/lib/python2.7/httplib.py", line 1013, in _send_request
> self.endheaders(body)
> File "/usr/lib/python2.7/httplib.py", line 975, in endheaders
> self._send_output(message_body)
> File "/usr/lib/python2.7/httplib.py", line 835, in _send_output
> self.send(msg)
> File "/usr/lib/python2.7/httplib.py", line 797, in send
> self.connect()
> File
> "/srv/auction-balancer/Auction-Balancer/provenv/local/lib/python2.7/site-packages/libcloud/httplib_ssl.py",
> line 280, in connect
> ssl_version=libcloud.security.SSL_VERSION)
> File "/usr/lib/python2.7/ssl.py", line 487, in wrap_socket
> ciphers=ciphers)
> File "/usr/lib/python2.7/ssl.py", line 243, in __init__
> self.do_handshake()
> File "/usr/lib/python2.7/ssl.py", line 405, in do_handshake
> self._sslobj.do_handshake()
> socket.error: [Errno 104] Connection reset by peer
> Testing with a separate library also based on httplib , I found that it is
> not failing when connecting to the Linode API however.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)