Error opening ssl connection using httplib2

StackOverflow https://stackoverflow.com/questions/8759077

Question

I am using httplib2 for opening up an ssl connection. Following is the code.

import httplib2

if __name__=='__main__':
    conn = httplib2.Http(disable_ssl_certificate_validation=True)
    conn.add_certificate('serverkey.pem', 'servercert.pem', '')
    resp, content = conn.request(uri = 'https://xxx.xxx.xxx.xxx:xxxx/Konfigurator
                   /REST/login?userName=xxx&pass=xxx', method = 'POST')
    print resp

this is the error I am getting.

Traceback (most recent call last):
File "C:\eclipse-workspace\REST\src\examples.py", line 7, in <module>
resp, content = conn.request(uri = 'https://xxx.xxx.xxx.xxx:xxx/Konfigurator/REST/login?userName=xxx&pass=xxx', method = 'POST')
File "C:\Python27\lib\site-packages\httplib2-0.7.1-py2.7.egg\httplib2\__init__.py", line 1437, in request
(response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
 File "C:\Python27\lib\site-packages\httplib2-0.7.1-py2.7.egg\httplib2\__init__.py", line 1189, in _request
(response, content) = self._conn_request(conn, request_uri, method, body, headers)
 File "C:\Python27\lib\site-packages\httplib2-0.7.1-py2.7.egg\httplib2\__init__.py", line 1163, in _conn_request
conn.connect()
File "C:\Python27\lib\site-packages\httplib2-0.7.1-py2.7.egg\httplib2\__init__.py", line 925, in connect
raise socket.error, msg
socket.error: [Errno 10054] An existing connection was forcibly closed by the remote host

Is the code correct or am I missing something here?

Was it helpful?

Solution

I got it working. The problem was the server supported only TLSv1 and SSLv3 encryptions. The httplib2 module had defaulted to SSLv23 if no version was specified. This was resulting in the server responding with RST packets. Probably a bug in their code. Made the change in their init.py to include "ssl_version=3" (3 for TLS) in the wrap_socket function and it worked.

OTHER TIPS

Your code seems correct, i.e. the following simplified version is correctly able to GET the HTTPS front page of Google:

>>> import httplib2
... from pprint import pprint
... conn = httplib2.Http()
... resp, content = conn.request(uri="https://encrypted.google.com")
... pprint(resp)
{'cache-control': 'private, max-age=0',
 'content-location': 'https://encrypted.google.com',
 'content-type': 'text/html; charset=ISO-8859-1',
 'date': 'Fri, 04 Nov 2011 09:56:58 GMT',
 'expires': '-1',
 'server': 'gws',
 'set-cookie': 'PREF=ID=efe3264c0da8b563:FF=0:TM=1320400618:LM=1320400618:S=AsZHdP7eQQXrsYOw; expires=Sun, 03-Nov-2013 09:56:58 GMT; path=/; domain=.google.com, NID=52=RJx7UWMiVEQGLvS3nVLz4iit6Z-V0pMSXzbReygHwJVt40kg4rhs1NS2U025XEyz_0ajtbGhsUDqbqIK5gje16sxka4sStsV4KmQRPOnbpNoeL4mN9Nge-NSEoziU8yH; expires=Sat, 05-May-2012 09:56:58 GMT; path=/; domain=.google.com; HttpOnly',
 'status': '200',
 'transfer-encoding': 'chunked',
 'x-frame-options': 'SAMEORIGIN',
 'x-xss-protection': '1; mode=block'}

So I'm guessing that your certificates are causing the remote server to barf and forcibly disconnect the session. Do you control the server, and if so do you have any logs or diagnostics from the server?

Actually, looking closer, I'm trying to understand your "add_certificate" call. Why do you specify that particular IP address as the domain of the certificate? Is the server's key actually representing that IP address? Have you tried an empty string?

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top