HTTP20Connection request and OpenSSL version #227
Comments
@lithiumlab Hyper is much lower-level than many of the libraries you'll be used to using, and does not provide a hook for producing a multipart body. For that reason, you may want to try using the transport adapter for requests provided in this module, which should give you requests' tools for building the multipart body. |
Great. Thanks for the quick reply! |
Is it possible to get_pushes() using this adapter?
As r now seems a Response object from requests can't call get_pushes() on it. I need to keep track of a downstream from an external API to handle multipart messages to generate events that trigger actions in the the front-end. Im using Flask to handle routes and requests to get the api external data. I get the initial data but i know need to keep track of the downstream. Is it possible still using the Adapter? |
Requests itself cannot call |
Thanks for the info. Getting it to production (AWS Elastic Beanstalk) raises and error in the r = post.() call:
This is the aws environment info:
Looking for hints on what can be the problem took me here: Im using Flask and SSLify for routes, and hyper and requests for the external http/2 calls, https looks ok but im relatively new to protocols, http/2 Do you have any suggestion that helps me about whats happening?
proper certs for domain are in place and attached to the eb environment. |
It's a bit tricky to tell. It could be related to OpenSSL functionality though, for sure. Can you provide me |
Sure...
|
So the biggest problem there is that you might be missing ALPN, which could be causing the connection to be closed. It could also be related to missing cipher suites. Do you have the ability to run packet capture on your machines? |
Either Wireshark or tcpdump, I mean. |
Hrm, no, those look fine. What I'm interested in is what's going on with the TLS handshake itself. |
Ok. i have installed tcpdump on the aws eb machine through ssh. |
|
capture file sent |
Noticed getting two different errors when making some calls consecutively:
And this when no multipart data is sent:
Last one probably just related to not sending data at all. |
Broken Pipe and Connection Reset By Peer are very related exceptions, so we don't need to worry about them right now: they're likely both caused by the same thing. So the reset connection seems to be about the format of your data, I think. The TLS handshake is completing successfully, and application data is being transmitted, but the connection then gets torn down. I'm missing some data here (you're able to use jumbo frames on this machine so the capture size wasn't large enough), but it appears to be a tear-down happening at the application layer. In this instance, I recommend turning on debug logging and printing the output of the logs here (please scrub any headers or body that contains credentials by replacing those credentials with XXXXXX). That should let us see what's going on. |
Sorry, when I said turn logging on I meant on the client side. =) I want to see the logs that hyper is emitting. |
Ok, here a call from the server to http2bin.org:
and here's a call to Alexa Voice Service (AVS) where i get the error:
|
Hrm can you change this so that it logs out DEBUG level and higher? |
Can you please advise how to?
|
@lithiumlab Ah, sorry, it's a flask problem. In a top level file in your Flask app, please add these lines:
That'll generate a lot of logs, but that should be fine. |
apart from the mod_http logs that are now included, not much else is coming out...
|
Hrm, you may need to log to a file instead. Try adding |
doing that triggers a permission denied error im trying to solve. chmod and httpd service restart didnt do the job. |
@lithiumlab Probably you don't have permission to write to your web server's working directory. Try hardcoding a path to somewhere you know your web server's user can write data (the same place it writes log files, for example). |
ok. logs are in the file now. thanks for the hint. but tailing it i see the same errors.
|
|
Well, that exception suggests that wherever you're trying to connect to is not actually running. That is, nothing is listening ont hat part. Are you sure that URL is right? |
ERRORS HERE:
|
Notice
in the call from the instance machine in aws |
Are those the logs from right before the exception? Those logs don't seem to contain a problem... |
Look closely the first part. |
Im getting the same error using an nginx plus linux ami in aws.
Everything else in the app works as expected, flask routing, static files etc. |
Hrm, in all of these cases it looks like the remote peer is immediately responding negatively and tearing the connection down. Can you try catching the exception and then calling |
I've solved the issue upgrading to latest openssl available in the machine os, in this case had to update Debian to latest 'stretch' version to upgrade to openssl 1.0.2g. I have tried previously to update only openssl but it seems it doesn't play well with the underlying OS or not configured correctly even thou version is displaying well in python and command line. I've spent more time than i'm willing to confess trying to make this work. But its finally there. A simple apt-get update openssl, or apk update for linux alpine, or pip install pyopenssl, will not work in all cases, AWS for example because repositories doesn't have recent packages yet available. Getting openssl update from project source will not necessary work. I recommend to research a bit first what version comes included in the latest version of the desired OS so you have an os that plays nice with a recent version of OpenSSL. And that's it. Just leaving this here in case more people find this block on their path to play with hyper, http/2 and other modern tools. Amazing library. Finally getting creative with it. Back to code. TL;DR: Better to update your OS with a recent OpenSSL version already included than upgrading only OpenSSL. |
<3 Thanks @lithiumlab for coming back to mention that! |
I too experienced this, the culprit being using a version of Python built against an old OpenSSL. The hyper website says the requirement is any version of OpenSSL greater than 1.0.1, but this I don't think is true. I was running "OpenSSL 1.0.1e-fips 11 Feb 2013" and upgraded to "OpenSSL 1.0.2i 22 Sep 2016" to solve the issue. Note that it is not enough to only upgrade the OS, you also need to rebuild Python against that version of OpenSSL aswell. Also note that the first indicator of an issue is the log line: If it was working, it would read: I wonder if the protocol is defaulting back to HTTP 1.1 (instead of 2.0) and that's why the server is terminating the connection. |
There are multiple possible ways this can fail, but it depends on what you need. NPN was added in 1.0.1, but ALPN was not added until 1.0.2. If you need ALPN, then yes, 1.0.2 is the lowest that will work. |
Thanks, @Lukasa and @watfordxp and @lithiumlab. This is very, very helpful. |
Any information on how to create a multipart body?
On the code comments of hyper body is about a file-like object or bytestring
Im getting this error exception when accessing a external api that expects a multipart body.
Any help, links to samples or hint would be appreciated.
The text was updated successfully, but these errors were encountered: