Search code examples
python-2.7google-app-enginesni

urlfetch.UrlfetchException: _ssl.c:510: EOF occurred in violation of protocol

I am using python 2.7.6 on ubuntu

I am getting this error when I use urlfetch (1.0.2) to post data to a remote server. It starts 2 days ago after the ssl certificate of the server was updated.

Similar problems have been reported to another python package request. The solution is to update some dependencies by running 

pip install --force-reinstall requests[security]

but I only got this

Requirement already satisfied: requests[security] in /usr/lib/python2.7/dist-packages
  requests 2.2.1 does not provide the extra 'security'

Nothing seems to be downloaded and installed.

Some post suggests it is related to cipher (https://github.com/kennethreitz/requests/issues/3608#issuecomment-250681069)

openssl s_client -connect www.example.com:443 
CONNECTED(00000003)
140353237063328:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 305 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---

Does it look normal ? Is there anything I can do to fix it?

The target server is living on Google App Engine. The new SSL cert does not support vip.

Ubuntu version info:

NAME="Ubuntu"
VERSION="14.04.2 LTS, Trusty Tahr"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 14.04.2 LTS"
VERSION_ID="14.04"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
Solution

  • My first choice was to use this answer to resolve the issue by monkey-patching ssl.py.

    import ssl
from functools import wraps
def sslwrap(func):
    @wraps(func)
    def bar(*args, **kw):
        kw['ssl_version'] = ssl.PROTOCOL_TLSv1
        return func(*args, **kw)
    return bar

ssl.wrap_socket = sslwrap(ssl.wrap_socket)

    However it did not work.

    At the end I find that I can resolve it by upgrading python to 2.7.13 from source. Here are the steps:

    1) Install python dev dependency

    sudo apt-get install -y \
autotools-dev      \
blt-dev            \
bzip2              \
dpkg-dev           \
g++-multilib       \
gcc-multilib       \
libbluetooth-dev   \
libbz2-dev         \
libexpat1-dev      \
libffi-dev         \
libffi6            \
libffi6-dbg        \
libgdbm-dev        \
libgpm2            \
libncursesw5-dev   \
libreadline-dev    \
libsqlite3-dev     \
libssl-dev         \
libtinfo-dev       \
mime-support       \
net-tools          \
netbase            \
python-crypto      \
python-mox3        \
python-pil         \
python-ply         \
quilt              \
tk-dev             \
zlib1g-dev

    2) Download source code

    wget https://www.python.org/ftp/python/2.7.13/Python-2.7.13.tgz

    3) Unpack

    tar xfz Python-2.7.13.tgz

    4) configure

    cd Python-2.7.13/
./configure --prefix /usr/local/lib/python2.7.13 --enable-ipv6

    5) build

    make

    6) deploy

    sudo make install

    7) Install pip and urlfetch and other dependencies