HTTP20Connection request and OpenSSL version

[lithiumlab]

Any information on how to create a multipart body?
On the code comments of hyper body is about a file-like object or bytestring

        v2_url = 'service.example.api.com'
        conn = HTTP20Connection(v2_url)
        conn.request('POST', '/endpoint', headers=headers, body='NOTHING_HERE_YET')
        resp = conn.get_response()
        return resp.read()

Im getting this error exception when accessing a external api that expects a multipart body.

{"code":"INVALID_REQUEST_EXCEPTION","description":"No multipart body found in the payload."}

Any help, links to samples or hint would be appreciated.

[Lukasa]

@lithiumlab Hyper is much lower-level than many of the libraries you'll be used to using, and does not provide a hook for producing a multipart body. For that reason, you may want to try using the transport adapter for requests provided in this module, which should give you requests' tools for building the multipart body.

[lithiumlab]

Great. Thanks for the quick reply!

[lithiumlab]

@Lukasa

Is it possible to get_pushes() using this adapter?

s = requests.Session()
s.mount('https://myapiservice.com', HTTP20Adapter( enable_push=True ) )
r = s.post('https://myapiservice.com/events')

As r now seems a Response object from requests can't call get_pushes() on it.

I need to keep track of a downstream from an external API to handle multipart messages to generate events that trigger actions in the the front-end. Im using Flask to handle routes and requests to get the api external data. I get the initial data but i know need to keep track of the downstream.

Is it possible still using the Adapter?

[Lukasa]

Requests itself cannot call getpushes, but you can get access to the response object from response.raw. You can use that then to chain through, and you should be able to grab the underlying connection from in there.

[lithiumlab]

Thanks for the info.

Getting it to production (AWS Elastic Beanstalk) raises and error in the r = post.() call:

        try:
           r = s.post(url, data=multipart_encoded_data, headers=headers)
        except Exception as e:
            print('ERROR: '+ str(e) )
            raise

[Errno 104] Connection reset by peer

This is the aws environment info:

  Platform: 64bit Amazon Linux 2016.03 v2.1.0 running Python 2.7

Looking for hints on what can be the problem took me here:
https://lukasa.co.uk/2013/01/Choosing_SSL_Version_In_Requests/
which suggest me it can be about correct SSL version maybe? I couldn't find much about AWS EB http2 support. Also im not exactly sure what python version is running in EB. My local environment is 2.7.11

Im using Flask and SSLify for routes, and hyper and requests for the external http/2 calls, https looks ok but im relatively new to protocols, http/2

Do you have any suggestion that helps me about whats happening?
Thanks in advance and very grateful for the help already given.

    # local 
context = ('../outsidetheapp/cert.crt', '../outsidetheapp/key.key')
application.run(host='localhost', port=12344, ssl_context=context, threaded=True, debug=True)

    # aws eb 
    application.debug=True
application.run()

proper certs for domain are in place and attached to the eb environment.
everything works normally except for the http2 call.

[Lukasa]

It's a bit tricky to tell. It could be related to OpenSSL functionality though, for sure. Can you provide me ssl.OPENSSL_VERSION from your production install?

[lithiumlab]

Sure...

OpenSSL 1.0.1k-fips 8 Jan 2015

[Lukasa]

So the biggest problem there is that you might be missing ALPN, which could be causing the connection to be closed. It could also be related to missing cipher suites. Do you have the ability to run packet capture on your machines?

[Lukasa]

Either Wireshark or tcpdump, I mean.

[Lukasa]

Hrm, no, those look fine. What I'm interested in is what's going on with the TLS handshake itself.

[lithiumlab]

Ok. i have installed tcpdump on the aws eb machine through ssh.
What will be the command?

[Lukasa]

tcpdump -s 1514 -w capture.pcap port 443 should do for now. That'll save to a file called capture.pcap, which you can mail to me.

[lithiumlab]

capture file sent

[lithiumlab]

Noticed getting two different errors when making some calls consecutively:

[Errno 104] Connection reset by peer
[Errno 32] Broken pipe

And this when no multipart data is sent:

 need more than 1 value to unpack

Last one probably just related to not sending data at all.

[Lukasa]

Broken Pipe and Connection Reset By Peer are very related exceptions, so we don't need to worry about them right now: they're likely both caused by the same thing.

So the reset connection seems to be about the format of your data, I think. The TLS handshake is completing successfully, and application data is being transmitted, but the connection then gets torn down. I'm missing some data here (you're able to use jumbo frames on this machine so the capture size wasn't large enough), but it appears to be a tear-down happening at the application layer.

In this instance, I recommend turning on debug logging and printing the output of the logs here (please scrub any headers or body that contains credentials by replacing those credentials with XXXXXX). That should let us see what's going on.