-
Notifications
You must be signed in to change notification settings - Fork 321
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Using both eventlet.monkey_patch() and eventlet.wsgi.server() together with SSL fails with ssl.SSLWantReadError #308
Comments
Ouch, that's a very unhappy situation. Also, my deepest recommendation: do not use Python for SSL/TLS public servers. Put a reliable TLS terminator software (like haproxy, nginx, stunnel, stud) in front to sleep well. |
Just wanted to confirm that this still happens using eventlet 0.19.0 (with the fix). (and this is being used for a private server with no access to the Internet at large - your warning is well taken and quite correct). |
Hi. I'm the maintainer of all OpenStack packages in Debian. Using OpenStack Glance, and eventlet 0.20.0 or 0.23.0 (I tried both versions), I have the same problem. It works ok without SSL, and it seems to also work with Python 2.7 (though I couldn't test this). |
Thanks for ping, I will look at this today. |
wsgi excluded version. setblocking is definitely one to blame, but probably need a bit smarter move than removing it.
|
Workaround version. Warning: SSL IO may block everything. Better tested version is coming tonight.
|
@temoto we aslo faceing this issue using eventlet 0.25.1, do we have any plan about this issue? |
@temoto thanks for your quickly reply, I have tried 339c7ad, api service can works, but still have errors print in logs. |
@zhur0ng and same code without |
@temoto sorry, Our service using monkey_patch, so I just care about the code with monkey_patch. |
@zhur0ng I'm trying to narrow down the problem. Can you help? |
@temoto sure, I can help this. |
@temoto I remove the monkey_patch code, still have this error. Traceback (most recent call last): File "/usr/lib/python3.6/site-packages/eventlet/wsgi.py", line 402, in _read_request_line File "/usr/lib64/python3.6/socket.py", line 586, in readinto File "/usr/lib64/python3.6/ssl.py", line 587, in read |
Okay that didn't help because eventlet ssl was still used, but I found where errno 0 come from and half confident it is not related to this issue so can publish the fix. @zhur0ng you may want to subscribe to this https://bugs.python.org/issue31122 |
Fix was merged into master 4501932 please reopen if SSLWantReadError still present. |
@temoto Thanks for the fix, that works for me. I'm wondering when are you available for doing a release? |
@lingxiankong 0.25.2 uploaded |
Thanks so much! |
Eventlet package prior to 0.25.2 has broken SSL [1] [1] eventlet/eventlet#308 Change-Id: Ib7bbdc0891640772008cdf087c6bb271cca4290c
The following simple test script fails (when connected to using the
openssl
command-line client, or from a browser):with the following exception chain:
I've tracked this down to the
set_nonblocking(newsock)
call in theGreenSSLSocket.accept()
method ineventlet/green/ssl.py
around line 318. The issue is fixed by either commenting out this call or by not callingeventlet.monkey_patch()
at the start of the script (the second not really being an option for our use case).Of course, I'm not sure what the adverse effects of removing the
set_nonblocking()
call might be, or if there is some other, better solution to the problem.The text was updated successfully, but these errors were encountered: