New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Traceback "ENGINE Error in HTTPServer.tick" with unaccepted SSL/TLS connections #820
Comments
@sanderjo can you test the new branch: |
The traceback on SAB's side is easy to reproduce: NB: SABnzbd 1.2.1Beta1. NOT the new branch!! Client side code:
Client reports:
SAB's traceback:
Sander |
FWIW: Tested with SABnzbd 1.1.1 and testssl.sh: server-side (=SABnzbd): 0 errors / messages. (SABnzbd 1.2.0 gives the same error messages as SABnzbd 1.2.1Beta1) BRB with the branch test. FWIW: Statistics from sabnzbd.log after a few testssl.sh runs:
|
Tested "remotes/origin/bugfix/ssl_catch" against testssl.sh: no traceback no other errors in SABnzbd. Well done @Safihre So ... close this issue? |
With the current git version of origin/1.2.x, while testing SAB with testssl.sh, SABnzbd's stdout says several times:
"unknown error" ... ? I added that to cherrypy/wsgiserver/ssl_builtin.py:
... and the SAB tracebacks are gone. BUT ... is it OK to ignore 'unknown error'? |
Seems fine to me. Nothing we can do really if the connection can't be established. |
@sanderjo @Safihre http://recollection.saaj.me/article/cherrypy-questions-testing-ssl-and-docker.html
http://recollection.saaj.me/article/cherrypy-questions-testing-ssl-and-docker.html#problem |
Ref: sabnzbd/sabnzbd#820 Ref: sabnzbd/sabnzbd#860 PR: #32 Author: @Safihre
v5.7.0 ====== - CI improvements: * Don't run tests during deploy stage * Use VM based build job env only for pyenv envs * Opt-in for beta trusty image @ Travis CI * Be verbose when running tests (show test names) * Show xfail/skip details during test run - #34: Fix ``_handle_no_ssl`` error handler calls - #21: Fix ``test_conn`` tests: * Improve setup_server def in HTTP connection tests * Fix HTTP streaming tests * Fix HTTP/1.1 pipelining test under Python 3 * Fix ``test_readall_or_close`` test * Fix ``test_No_Message_Body`` * Clarify ``test_598`` fail reason - #36: Add GitHub templates for PR, issue && contributing - #27: Default HTTP Server header to Cheroot version str - Cleanup _compat functions from server module v5.6.0 ====== - Fix all PEP 257 related errors in all non-test modules. ``cheroot/test/*`` folder is only one left allowed to fail with this linter. - #30: Optimize chunked body reader loop by returning empty data is the size is 0. Ref: cherrypy/cherrypy#1602 - Reset buffer if the body size is unknown Ref: cherrypy/cherrypy#1486 - Add missing size hint to SizeCheckWrapper Ref: cherrypy/cherrypy#1131 v5.5.2 ====== - #32: Ignore "unknown error" and "https proxy request" SSL errors. Ref: sabnzbd/sabnzbd#820 Ref: sabnzbd/sabnzbd#860 v5.5.1 ====== - Make Appveyor list separate tests in corresponding tab. - #29: Configure Travis CI build stages. Prioritize tests by stages. Move deploy stage to be run very last after all other stages finish. - #31: Ignore "Protocol wrong type for socket" (EPROTOTYPE) @ OSX for non-blocking sockets. This was originally fixed for regular sockets in cherrypy/cherrypy#1392. Ref: https://forums.sabnzbd.org/viewtopic.php?f=2&t=22728&p=112251 v5.5.0 ====== - #17 via #25: Instead of a read_headers function, cheroot now supplies a HeaderReader class to perform the same function. Any HTTPRequest object may override the header_reader attribute to customize the handling of incoming headers. The server module also presents a provisional implementation of a DropUnderscoreHeaderReader that will exclude any headers containing an underscore. It remains an exercise for the implementer to demonstrate how this functionality might be employed in a server such as CherryPy. - #26: Configured TravisCI to run tests under OS X.
SABnzb 1.2.1Beta1 / Python 2.7.12 / Ubuntu 16.10
TL;DR: SABnzbd gives a Traceback in case of a problem with an incoming SSL/TLS connection. I would prefer an informing log line.
Disclaimer: I'm assuming it's OK that SAB refuses these connections, but I'm not sure
As soon as testssl.sh starts testing SABnbzd's HTTPS, SABnzbd spits out a lot (200!) of Tracebacks SSL error messages. See below.
ENGINE Error in HTTPServer.tick Traceback (most recent call last):
followed by
SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:590)
or
SSLError: [SSL: NO_SHARED_CIPHER] no shared cipher (_ssl.c:590)
How relevant is this? This does happen too when normal HTTPS clients SABnzbd's HTTPS. See https://forums.sabnzbd.org/viewtopic.php?f=2&t=22369&p=110844 and maybe https://forums.sabnzbd.org/viewtopic.php?f=3&t=22425&p=110821 (different message)
I think the Tracebacks are too alarming. I think it would be better if there was just a informing message in sabnzbd.log (INFO or DEBUG)
and
The text was updated successfully, but these errors were encountered: