New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tlsv1 alert protocol version on 1.7.1 and 1.7.2 but not on 1.7.0 #963
Comments
What happens if you |
@shin- Just tested again with docker-py 1.7.2 and
But, I'm still seeing the same exception:
|
I can confirm I'm seeing the same pattern on one of the two Macs I'm running this on currently. Not sure what difference might matter, but the one exhibiting the broken behavior is on 10.10 and the newer docker-py versions are working on my box with 10.11. |
I'm running latest Mac OS X 10.11.3 and have the problem, so I doubt it's directly related to the OS version. |
Could you run the following code snippet to help pinpoint the issue, and post the output here? import docker
import ssl
protocols = [
'PROTOCOL_SSLv23', 'PROTOCOL_TLSv1', 'PROTOCOL_TLSv1_1', 'PROTOCOL_TLSv1_2'
]
kwargs = docker.utils.kwargs_from_env(assert_hostname=False)
client = docker.Client(**kwargs)
tls_config = kwargs['tls']
for proto in protocols:
if not hasattr(ssl, proto):
print('Protocol {0} not found in SSL protocol list'.format(proto))
tls_config.ssl_version = getattr(ssl, proto)
tls_config.configure_client(client)
try:
client.version()
print('Successful connection with protocol {0}'.format(proto))
except Exception as e:
print('Connection error with protocol {0}: "{1}"'.format(proto, e)) |
@shin- Here's the requested output:
|
Seeing the same thing on my box exhibiting the problem
Might be a slight error in the script, on my box which works fine with the newer docker-py versions I get the following:
|
FWIW this is the code I run normally to get a client, this client works fine on my good box with 1.7.1+ def get_docker_client():
"""Ripped off and slightly modified based on docker-py's
kwargs_from_env utility function."""
env = get_docker_env() # this populates based off docker-machine env
host, cert_path, tls_verify = env['DOCKER_HOST'], env['DOCKER_CERT_PATH'], env['DOCKER_TLS_VERIFY']
params = {'base_url': host.replace('tcp://', 'https://'),
'timeout': None,
'version': 'auto'}
if tls_verify and cert_path:
params['tls'] = docker.tls.TLSConfig(
client_cert=(os.path.join(cert_path, 'cert.pem'),
os.path.join(cert_path, 'key.pem')),
ca_cert=os.path.join(cert_path, 'ca.pem'),
verify=True,
ssl_version=None,
assert_hostname=False)
return docker.Client(**params) |
Trying to dump any info which might be relevant: my working box is using Python 2.7.9, non-working box is on 2.7.6. I think there were big changes to the SSL module in 2.7.9? |
My non-working box is running Python 2.7.6 as well. This should be the default Python version running on latest official Mac OS X, so would be great to have it working there as well. |
I realize nobody's said anything to the contrary yet but I agree, requiring 2.7.9+ would be a huge inconvenience. Hopefully we can restore functionality for 2.7.0+. |
Hmm, that's interesting. Python doc says
|
BTW, looking at the commit log of the Python |
Looks like there is an issue with Python 2.7.6 which comes by default with latest Mac OS X (v10.11.3 at that time).
A workaround for now would be to call |
I can try that tomorrow and let you know if it works |
That'd be great. If you can give #971 a spin as well and tell me how it behaves for you , that's even better. 👍 thanks! |
Hi, I had an issue with docker-compose originated in the problem discussed here and tried the fix #971. It works, thanks! |
I can confirm that both the This is a major regression, right, if we think it's broken all versions < 2.7.9? What are the reasons to not get the fix out as 1.7.3? |
The issue can be worked around by passing an explicit |
What would be the steps to build and use the master branch for this fix? I'm currently unable to use docker-compose because of this. |
@adamdecaf You should be able to install
|
@benjixx I'm not seeing that having done anything to have docker-compose see the updated version. Do you know of a timeline for
|
@adamdecaf Could it be that I would suggest you try to create a new Python |
@benjixx An upgrade of the underlying python version (from an upgrade to 10.11) seems to have fixed the issue. I'm on python 2.7.10 now |
Does anyone know whether the latest binary released by Compose works on pre-2.7.9 systems? |
It may be a little different environment from @thieman mentioned but I tested the #971 patch with Python 2.7.5 on MacOS 10.9.5. I'm using docker-compose installed by Homebrew so I manually applied the patch to |
Similar to #949 I'm discovering issues with latest versions of
docker-py
running against docker 1.10.2 instance. I'm usingdocker.utils.kwargs_from_env(assert_hostname=False)
. Things work fine with version 1.7.0.Docker client is initialized via
with docker environment variables being set to the following (via docker-machine)
docker-py 1.7.1 and 1.7.2 now raise the following exception:
Any idea what's happening here?
The text was updated successfully, but these errors were encountered: