SSLError on Windows 7, 64-bit. Appeared in version 0.13.8 #827

Closed
stebunovd opened this Issue Aug 31, 2012 · 4 comments

Comments

Projects
None yet
4 participants
C:\Users\stebunovd>pip install requests==0.13.7
Downloading/unpacking requests==0.13.7
  Downloading requests-0.13.7.tar.gz (521Kb): 521Kb downloaded
  Running setup.py egg_info for package requests

    warning: no files found matching 'tests\*.'
Installing collected packages: requests
  Found existing installation: requests 0.13.8
    Uninstalling requests:
      Successfully uninstalled requests
  Running setup.py install for requests

    warning: no files found matching 'tests\*.'
Successfully installed requests
Cleaning up...

C:\Users\stebunovd>python
Python 2.7.3 (default, Apr 10 2012, 23:31:26) [MSC v.1500 32 bit (Intel)] on win
32
Type "help", "copyright", "credits" or "license" for more information.
>>> import requests
>>> requests.get('https://web3ds.masterbank.ru/cgi-bin/cgi_link')
<Response [200]>
>>> quit()

C:\Users\stebunovd>pip install requests==0.13.8
Downloading/unpacking requests==0.13.8
  Downloading requests-0.13.8.tar.gz (522Kb): 522Kb downloaded
  Running setup.py egg_info for package requests

    warning: no files found matching 'tests\*.'
Installing collected packages: requests
  Found existing installation: requests 0.13.7
    Uninstalling requests:
      Successfully uninstalled requests
  Running setup.py install for requests

    warning: no files found matching 'tests\*.'
Successfully installed requests
Cleaning up...

C:\Users\stebunovd>python
Python 2.7.3 (default, Apr 10 2012, 23:31:26) [MSC v.1500 32 bit (Intel)] on win
32
Type "help", "copyright", "credits" or "license" for more information.
>>> import requests
>>> requests.get('https://web3ds.masterbank.ru/cgi-bin/cgi_link')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "C:\Python27\lib\site-packages\requests\api.py", line 65, in get
    return request('get', url, **kwargs)
  File "C:\Python27\lib\site-packages\requests\safe_mode.py", line 39, in wrappe
d
    return function(method, url, **kwargs)
  File "C:\Python27\lib\site-packages\requests\api.py", line 51, in request
    return session.request(method=method, url=url, **kwargs)
  File "C:\Python27\lib\site-packages\requests\sessions.py", line 243, in reques
t
    r.send(prefetch=prefetch)
  File "C:\Python27\lib\site-packages\requests\models.py", line 631, in send
    raise SSLError(e)
requests.exceptions.SSLError: [Errno 8] _ssl.c:504: EOF occurred in violation of
 protocol
>>>

The bug appears only when using this URL https://web3ds.masterbank.ru/cgi-bin/cgi_link and only on Windows machines (tested on 3 workstations on Win7-64 and one Win8). I was unable to reproduce it on Mac OS X 10.8.1 or Amazon Linux.

arsenio commented Sep 4, 2012

This actually looks like it may be related: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/965371

Just checked latest version, 0.14. The bug is still there. Requests v0.13.6 and 0.13.7 work fine with that URL, but 0.13.8, 0.13.9 and 0.14 throw SSLError.

This happens to me as well (in previous versions it raised a timeout, in 0.14 it raises an SSL error).

This happens with a web server I have that only accepts TLSv1, TLSv1.1, TLSv1.2 but NOT SSLv2 or SSLv3.

If I change the following, which is in VerifiedHTTPSConnection.connect() in connectionpool.py on line 99 (as of 0.14):

        self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file,
                                    cert_reqs=self.cert_reqs,
                                    ca_certs=self.ca_certs)

to:

        self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file,
                                    cert_reqs=self.cert_reqs,
                                    ca_certs=self.ca_certs,
                                    ssl_version=ssl.PROTOCOL_TLSv1)

The connection works fine. Obviously this is not ideal. I was thinking of submitting a patch that would allow you to pass in the preferred SSL version, but it seems like it would just work around the problem. I think it has to do with OpenSSL, but I'm running 1.0.1c and the latest pyOpenSSL.

Also, I'm on 32-bit Windows 7. And I've tested this on 32-bit Windows Server 2008 as well.

@dandrzejewski dandrzejewski added a commit to dandrzejewski/requests that referenced this issue Oct 19, 2012

@dandrzejewski dandrzejewski Added ability to choose SSL version
This also acts as a workaround for #827, which in some cases, if you are
connecting to an SSL server that does not support SSLv2 or SSLv3 (and,
for exapmle, only supports TLSv1), would cause an illegal EOL SSL error.
If you select the right SSL protocol version, you won't see this error.
2f414d0

Lukasa closed this Nov 17, 2012

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment