Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SSLSocket.accept fails when monkey-patched #651

Closed
Xandaros opened this issue Oct 5, 2020 · 5 comments
Closed

SSLSocket.accept fails when monkey-patched #651

Xandaros opened this issue Oct 5, 2020 · 5 comments

Comments

@Xandaros
Copy link

@Xandaros Xandaros commented Oct 5, 2020

Currently setting up a fairly simple SSL server and I wanted to use eventlet to spawn handler threads for the clients. Unfortunately, if I use eventlet.monkey_patch, the code stops working (with no other modification).

Traceback (most recent call last):
  File "./test.py", line 45, in <module>
    main()
  File "./test.py", line 38, in main
    client_sock, addr = ssl_sock.accept()
  File "/home/xandaros/workspace/company/test/server/venv/lib/python3.8/site-packages/eventlet/green/ssl.py", line 405, in accept
    new_ssl = type(self)(
  File "/home/xandaros/workspace/company/test/server/venv/lib/python3.8/site-packages/eventlet/green/ssl.py", line 79, in __new__
    ret = _original_wrap_socket(
  File "/usr/lib/python3.8/ssl.py", line 1393, in wrap_socket
    raise ValueError("certfile must be specified for server-side "
ValueError: certfile must be specified for server-side operations

The monkey-patching happens right at the top of the file:

import eventlet
eventlet.monkey_patch()

To create the SSL socket, I don't use ssl.wrap_socket, but instead create my own SSL socket and load the certificates:

    context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
    context.load_cert_chain(certfile="server.crt", keyfile="server.key")

Then I wrap the socket:

    sock = socket.create_server(('0.0.0.0', 1234))
    ssl_sock = context.wrap_socket(sock, server_side=True)

And finally, I call ssl_sock.accept(), which causes aforementioned error when a client connects; but only if the environment is monkey-patched.

@temoto
Copy link
Member

@temoto temoto commented Oct 18, 2020

@Xandaros thank you, that's a shame to fail such basic interaction. Sorry.

I've found the culprit of problem, it's a one line fix, but I'm afraid it may potentially break a lot of other things. So asking you to participate in as extensive testing as you can afford before it may be released to public. Please read shortest instruction and report problems here #655

temoto added a commit that referenced this issue Oct 18, 2020
temoto added a commit that referenced this issue Oct 18, 2020
temoto added a commit that referenced this issue Oct 18, 2020
temoto added a commit that referenced this issue Oct 18, 2020
temoto added a commit that referenced this issue Oct 18, 2020
temoto added a commit that referenced this issue Oct 18, 2020
@Xandaros
Copy link
Author

@Xandaros Xandaros commented Oct 18, 2020

Due to time constraints I had to move away from eventlet, so I don't actually have a use-case to test this on, sorry.

At this point it would be too much work to move everything back to eventlet, especially when using an unpublished version we wouldn't be able to deploy.

@temoto
Copy link
Member

@temoto temoto commented Oct 18, 2020

@Xandaros ok anyway thanks for reporting this. Good job with development speed. Just curious, have you done it on asyncio then?

@Xandaros
Copy link
Author

@Xandaros Xandaros commented Oct 18, 2020

No, we switched to gevent.

temoto added a commit that referenced this issue Oct 19, 2020
temoto added a commit that referenced this issue Oct 19, 2020
temoto added a commit that referenced this issue Oct 20, 2020
@temoto
Copy link
Member

@temoto temoto commented Oct 20, 2020

Since it's a change in important ssl code path, fix was released separately from other changes. 0.29.0 on PyPI.

@temoto temoto closed this Oct 20, 2020
bors bot added a commit to duckinator/parts.horse that referenced this issue Oct 24, 2020
Merge #68
68: Update eventlet to 0.29.1 r=duckinator a=pyup-bot


This PR updates [eventlet](https://pypi.org/project/eventlet) from **0.28.0** to **0.29.1**.



<details>
  <summary>Changelog</summary>
  
  
   ### 0.29.1
   ```
   ======
patcher: [py27] recursion error in pytest/python2.7 installing register_at_fork eventlet/eventlet#660
patcher: monkey_patch(builtins=True) failed on py3 because `file` class is gone eventlet/eventlet#541
don&#39;t crash on PyPy 7.0.0 eventlet/eventlet#547
Only install monotonic on python2 eventlet/eventlet#583
   ```
   
  
  
   ### 0.29.0
   ```
   ======
* ssl: context wrapped listener fails accept() eventlet/eventlet#651
   ```
   
  
  
   ### 0.28.1
   ```
   ======
* Sorry, Eventlet was broken on Windows for versions 0.27-0.28
  patcher: no os.register_at_fork on Windows (654)
* Clean up TypeError in __del__
   ```
   
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/eventlet
  - Changelog: https://pyup.io/changelogs/eventlet/
  - Homepage: http://eventlet.net
</details>



Co-authored-by: pyup-bot <github-bot@pyup.io>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

2 participants