Trying to connect to an uWSGI (or any other) server, from Solaris, will fail with the following error:
-bash-3.00# /opt/opsware/agent/bin/python3 client.py
/tmp/client.py:9: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
context = ssl.SSLContext(ssl.PROTOCOL_TLS)
Exception in thread Thread-1 (make_connection):
Traceback (most recent call last):
File "/opt/opsware/agent/lib/python3.10/threading.py", line 1009, in _bootstrap_inner
self.run()
File "/opt/opsware/agent/lib/python3.10/threading.py", line 946, in run
self._target(*self._args, **self._kwargs)
File "/tmp/client.py", line 13, in make_connection
with context.wrap_socket(sock, server_hostname=hostname) as ssock:
File "/opt/opsware/agent/lib/python3.10/ssl.py", line 512, in wrap_socket
return self.sslsocket_class._create(
File "/opt/opsware/agent/lib/python3.10/ssl.py", line 1070, in _create
self.do_handshake()
File "/opt/opsware/agent/lib/python3.10/ssl.py", line 1341, in do_handshake
self._sslobj.do_handshake()
BlockingIOError: [Errno 11] Resource temporarily unavailable
I used the following client code (based on https://docs.python.org/3.10/library/ssl.html#socket-creation):
import socket
import ssl
import threading
hostname = '192.168.135.9'
port = 1004
def make_connection():
context = ssl.SSLContext(ssl.PROTOCOL_TLS)
with socket.create_connection((hostname, port)) as sock:
sock.settimeout(300) # use non-blocking I/O
with context.wrap_socket(sock, server_hostname=hostname) as ssock:
print(ssock.version())
t=threading.Thread(target=make_connection)
t.start()
t.join()
This works fine on multiple Linux distros, AIX, and HP-UX. It even seems to work on Solaris Sparc. There seems to be an issue only on Solaris (5.10/5.11) x86.
Furthermore, in order to reproduce the issue, the SSL handshake needs to be performed from a thread and use non-blocking I/O. If I use blocking I/O or don't use thread, the issue doesn't reproduce anymore.
The issues first started to appear in python 3.8.5 when I switched from openssl 1.0.2u to 1.1.1k. The issue is still reproducible with python 3.10 and openssl 3.0.0
|