Public bug reported: >From a Python program (system-config-printer) I need to access an https URL (on OpenPrinting) assuring that the answer really comes from OpenPrinting and not from an attacker. This serves for automatically downloading and installing driver packages for detected and locally unsupported printers.
A typical URL sent by system-config-printer to find driver packages for a detected printer is https://www.openprinting.org/query.cgi?moreinfo=1&showprinterid=1&onlynewestdriverpackages=0&architectures=amd64&noobsoletes=1&onlyfree=0&onlymanufacturer=0&onlydownload=1&packagesystem=deb&onlysigneddriverpackages=0&format=xml&type=drivers&printer=MFG:EPSON;MDL :EP-805A%20Series;DES:EPSON%20EP-805A%20Series;CLS:PRINTER; The "https://..."; allows for checking whether the answer really comes from OpenPrinting. It is no problem accessing this URL with a browser or by the command line: curl 'https://www.openprinting.org/query.cgi?moreinfo=1&showprinterid=1&onlynewestdriverpackages=0&architectures=amd64&noobsoletes=1&onlyfree=0&onlymanufacturer=0&onlydownload=1&packagesystem=deb&onlysigneddriverpackages=0&format=xml&type=drivers&printer=MFG:EPSON;MDL :EP-805A%20Series;DES:EPSON%20EP-805A%20Series;CLS:PRINTER;' wget 'https://www.openprinting.org/query.cgi?moreinfo=1&showprinterid=1&onlynewestdriverpackages=0&architectures=amd64&noobsoletes=1&onlyfree=0&onlymanufacturer=0&onlydownload=1&packagesystem=deb&onlysigneddriverpackages=0&format=xml&type=drivers&printer=MFG:EPSON;MDL :EP-805A%20Series;DES:EPSON%20EP-805A%20Series;CLS:PRINTER;' In all cases I get an XML data set in a reasonable amount of time (so server performance is OK). The XML data set tells about a driver package from Epson with all info to download it and to establish automatic updates via the facilities of the distro. RPM- and DEB-based distros with 32-bit or 64-bit Intel architectures are supported. system-config-printer is written completely in Python and uses the pycurl library to call the URL with verification that the communication is done with the actual OpenPrinting server. This does not work any more. If I run the following simple Python code it fails: ---------- import pycurl def collect_data(result): print(result) return len(result) curl = pycurl.Curl() curl.setopt(pycurl.SSL_VERIFYPEER, 1) curl.setopt(pycurl.SSL_VERIFYHOST, 2) curl.setopt(pycurl.WRITEFUNCTION, collect_data) curl.setopt(pycurl.URL, 'https://www.openprinting.org/query.cgi?moreinfo=1&showprinterid=1&onlynewestdriverpackages=0&architectures=amd64&noobsoletes=1&onlyfree=0&onlymanufacturer=0&onlydownload=1&packagesystem=deb&onlysigneddriverpackages=0&format=xml&type=drivers&printer=MFG:EPSON;MDL:EP-805A%20Series;DES:EPSON%20EP-805A%20Series;CLS:PRINTER;') status = curl.perform() repr(status) quit() ---------- You can paste the lines into a text editor to get a Python program or run "python" or "python3" (Python version seems not to matter) and paste the bunch of lines to the prompt. The result is always the same, the "status = curl.perform()" line gives: Traceback (most recent call last): File "<stdin>", line 1, in <module> pycurl.error: (51, 'gnutls_handshake() warning: The server name sent was not recognized') For me it looks like that something has changed, as formerly this Python code worked correctly. If I change "https://..."; to "http://..."; all works correctly and I get the XML data, but then there is no verification any more that the communication is really done with OpenPrinting. See also http://stackoverflow.com/questions/568247/pycurl-fails-but-curl-from- bash-works-in-ubuntu This all looks like a bug in pycurl. ** Affects: pycurl (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pycurl in Ubuntu. https://bugs.launchpad.net/bugs/1394244 Title: pycurl gives 'gnutls_handshake() warning: The server name sent was not recognized', curl on command line and wget work with same URL Status in “pycurl” package in Ubuntu: New Bug description: From a Python program (system-config-printer) I need to access an https URL (on OpenPrinting) assuring that the answer really comes from OpenPrinting and not from an attacker. This serves for automatically downloading and installing driver packages for detected and locally unsupported printers. A typical URL sent by system-config-printer to find driver packages for a detected printer is https://www.openprinting.org/query.cgi?moreinfo=1&showprinterid=1&onlynewestdriverpackages=0&architectures=amd64&noobsoletes=1&onlyfree=0&onlymanufacturer=0&onlydownload=1&packagesystem=deb&onlysigneddriverpackages=0&format=xml&type=drivers&printer=MFG:EPSON;MDL :EP-805A%20Series;DES:EPSON%20EP-805A%20Series;CLS:PRINTER; The "https://..."; allows for checking whether the answer really comes from OpenPrinting. It is no problem accessing this URL with a browser or by the command line: curl 'https://www.openprinting.org/query.cgi?moreinfo=1&showprinterid=1&onlynewestdriverpackages=0&architectures=amd64&noobsoletes=1&onlyfree=0&onlymanufacturer=0&onlydownload=1&packagesystem=deb&onlysigneddriverpackages=0&format=xml&type=drivers&printer=MFG:EPSON;MDL :EP-805A%20Series;DES:EPSON%20EP-805A%20Series;CLS:PRINTER;' wget 'https://www.openprinting.org/query.cgi?moreinfo=1&showprinterid=1&onlynewestdriverpackages=0&architectures=amd64&noobsoletes=1&onlyfree=0&onlymanufacturer=0&onlydownload=1&packagesystem=deb&onlysigneddriverpackages=0&format=xml&type=drivers&printer=MFG:EPSON;MDL :EP-805A%20Series;DES:EPSON%20EP-805A%20Series;CLS:PRINTER;' In all cases I get an XML data set in a reasonable amount of time (so server performance is OK). The XML data set tells about a driver package from Epson with all info to download it and to establish automatic updates via the facilities of the distro. RPM- and DEB-based distros with 32-bit or 64-bit Intel architectures are supported. system-config-printer is written completely in Python and uses the pycurl library to call the URL with verification that the communication is done with the actual OpenPrinting server. This does not work any more. If I run the following simple Python code it fails: ---------- import pycurl def collect_data(result): print(result) return len(result) curl = pycurl.Curl() curl.setopt(pycurl.SSL_VERIFYPEER, 1) curl.setopt(pycurl.SSL_VERIFYHOST, 2) curl.setopt(pycurl.WRITEFUNCTION, collect_data) curl.setopt(pycurl.URL, 'https://www.openprinting.org/query.cgi?moreinfo=1&showprinterid=1&onlynewestdriverpackages=0&architectures=amd64&noobsoletes=1&onlyfree=0&onlymanufacturer=0&onlydownload=1&packagesystem=deb&onlysigneddriverpackages=0&format=xml&type=drivers&printer=MFG:EPSON;MDL:EP-805A%20Series;DES:EPSON%20EP-805A%20Series;CLS:PRINTER;') status = curl.perform() repr(status) quit() ---------- You can paste the lines into a text editor to get a Python program or run "python" or "python3" (Python version seems not to matter) and paste the bunch of lines to the prompt. The result is always the same, the "status = curl.perform()" line gives: Traceback (most recent call last): File "<stdin>", line 1, in <module> pycurl.error: (51, 'gnutls_handshake() warning: The server name sent was not recognized') For me it looks like that something has changed, as formerly this Python code worked correctly. If I change "https://..."; to "http://..."; all works correctly and I get the XML data, but then there is no verification any more that the communication is really done with OpenPrinting. See also http://stackoverflow.com/questions/568247/pycurl-fails-but-curl-from- bash-works-in-ubuntu This all looks like a bug in pycurl. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pycurl/+bug/1394244/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
