Message 230934 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	Dustin.Oprea
Recipients	Dustin.Oprea
Date	2014-11-10.05:57:05
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1415599026.97.0.589284650072.issue22835@psf.upfronthosting.co.za>
In-reply-to

Content
I am trying to do an authenticated-SSL request to an Nginx server using requests, which wraps urllib2/httplib. It's worked perfectly for months until Friday on my local system (Mac 10.9.5), and there have been no upgrades/patches. My Python 2.7.6 client fails when connecting to Nginx, locally. I get a 400, with this: <html> <head><title>400 No required SSL certificate was sent</title></head> <body bgcolor="white"> <center><h1>400 Bad Request</h1></center> <center>No required SSL certificate was sent</center> <hr><center>nginx/1.4.6 (Ubuntu)</center> </body> </html> This is an example that uses urllib2/httplib, directly: import urllib2 import httplib cert_filepath = '/var/lib/rt_data/ssl/rt.crt.pem' key_filepath = '/var/lib/rt_data/ssl/rt.private_key.pem' url = 'https://deploy_api.local:8443/auth/admin/1/hosts' class HTTPSClientAuthHandler(urllib2.HTTPSHandler): """Wrapper to allow for authenticated SSL connections.""" def __init__(self, key, cert): urllib2.HTTPSHandler.__init__(self) self.key = key self.cert = cert def https_open(self, req): # Rather than pass in a reference to a connection class, we pass in # a reference to a function which, for all intents and purposes, # will behave as a constructor return self.do_open(self.getConnection, req) def getConnection(self, host, timeout=300): return httplib.HTTPSConnection(host, key_file=self.key, cert_file=self.cert) opener = urllib2.build_opener(HTTPSClientAuthHandler(key_filepath, cert_filepath)) response = opener.open(url) response_data = response.read() print(response_data) These are the factors: - It works when connecting to the remote server. Both local and remote are Nginx with similar configs. - cURL works perfectly: curl -s -v -X GET -k --cert /var/lib/rt_data/ssl/rt.crt.pem --key /var/lib/rt_data/ssl/rt.private_key.pem https://server.local:8443/auth/admin/1/hosts - I've tried under Vagrant with Ubuntu 12.04 (2.7.3) and 14.04 (2.7.6). No difference. - It works with Python 3.4 on the local system. This only has only affected 2.7 very suddenly. Due to the error-message above, it seems like there's a break down in sending the certificate/key. I have no idea what's going on, and this has caused me a fair amount of distress. Can you provide me a direction?

I am trying to do an authenticated-SSL request to an Nginx server using *requests*, which wraps urllib2/httplib. It's worked perfectly for months until Friday on my local system (Mac 10.9.5), and there have been no upgrades/patches. 

My Python 2.7.6 client fails when connecting to Nginx, locally. I get a 400, with this:

<html>
<head><title>400 No required SSL certificate was sent</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<center>No required SSL certificate was sent</center>
<hr><center>nginx/1.4.6 (Ubuntu)</center>
</body>
</html>

This is an example that uses urllib2/httplib, directly:

import urllib2
import httplib

cert_filepath = '/var/lib/rt_data/ssl/rt.crt.pem'
key_filepath = '/var/lib/rt_data/ssl/rt.private_key.pem'

url = 'https://deploy_api.local:8443/auth/admin/1/hosts'


class HTTPSClientAuthHandler(urllib2.HTTPSHandler):
    """Wrapper to allow for authenticated SSL connections."""

    def __init__(self, key, cert):
        urllib2.HTTPSHandler.__init__(self)
        self.key = key
        self.cert = cert

    def https_open(self, req):
        # Rather than pass in a reference to a connection class, we pass in
        # a reference to a function which, for all intents and purposes,
        # will behave as a constructor
        return self.do_open(self.getConnection, req)

    def getConnection(self, host, timeout=300):
        return httplib.HTTPSConnection(host, key_file=self.key, cert_file=self.cert)

opener = urllib2.build_opener(HTTPSClientAuthHandler(key_filepath, cert_filepath))
response = opener.open(url)

response_data = response.read()
print(response_data)

These are the factors:

- It works when connecting to the remote server. Both local and remote are Nginx with similar configs.
- cURL works perfectly:

  curl -s -v -X GET -k --cert /var/lib/rt_data/ssl/rt.crt.pem --key /var/lib/rt_data/ssl/rt.private_key.pem https://server.local:8443/auth/admin/1/hosts

- I've tried under Vagrant with Ubuntu 12.04 (2.7.3) and 14.04 (2.7.6). No difference.
- It works with Python 3.4 on the local system. This only has only affected 2.7 very suddenly.

Due to the error-message above, it seems like there's a break down in sending the certificate/key.

I have no idea what's going on, and this has caused me a fair amount of distress. Can you provide me a direction?

History
Date	User	Action	Args
2014-11-10 05:57:07	Dustin.Oprea	set	recipients: + Dustin.Oprea
2014-11-10 05:57:06	Dustin.Oprea	set	messageid: <1415599026.97.0.589284650072.issue22835@psf.upfronthosting.co.za>
2014-11-10 05:57:06	Dustin.Oprea	link	issue22835 messages
2014-11-10 05:57:05	Dustin.Oprea	create