New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

sab 2.0.0b1 -- ENGINE Error in HTTPServer.tick #860

Closed
thezoggy opened this Issue Mar 15, 2017 · 12 comments

Comments

Projects
None yet
2 participants
@thezoggy
Contributor

thezoggy commented Mar 15, 2017

just restarted box after windows updates. launched sab and see:

2017-03-15 11:01:45,092::ERROR::[_cplogging:219] [15/Mar/2017:11:01:45] ENGINE Error in HTTPServer.tick
Traceback (most recent call last):
  File "cherrypy\wsgiserver\__init__.pyo", line 2024, in start
  File "cherrypy\wsgiserver\__init__.pyo", line 2091, in tick
  File "cherrypy\wsgiserver\ssl_builtin.pyo", line 67, in wrap
  File "ssl.pyo", line 363, in wrap_socket
  File "ssl.pyo", line 611, in __init__
  File "ssl.pyo", line 840, in do_handshake
SSLError: [SSL: HTTPS_PROXY_REQUEST] https proxy request (_ssl.c:661)
@thezoggy

This comment has been minimized.

Contributor

thezoggy commented Mar 15, 2017

Now the reason I saw this in the first place.. I have a feeling is when irc starts up... it tries to do an ident request or proxy check when connecting..which kicked off the warning.

I can reproduce this error by doing: curl -v "https://self-test.sabnzbd.org" -x 192.168.0.3:8080

which oddly we allow sab to be used a proxy...

* Connected to 192.168.0.3 (192.168.0.3) port 8080 (#0)
* Establish HTTP proxy tunnel to self-test.sabnzbd.org:443
> CONNECT self-test.sabnzbd.org:443 HTTP/1.1
> Host: self-test.sabnzbd.org:443

that seems like something we wouldn't want to do?

@Safihre

This comment has been minimized.

Member

Safihre commented Mar 15, 2017

I don't understand? Cherrypy allows it to be used as a proxy? Expect when using the ssl port?

@thezoggy

This comment has been minimized.

Contributor

thezoggy commented Mar 15, 2017

from the curl check, it isnt flat out rejecting the proxy request.. then sab internally throws a traceback. neither case seem optimal.

for example, if I query sonarr with the request:

C:\Users\zoggy>curl -v "https://self-test.sabnzbd.org" -x 192.168.0.3:8989
* Rebuilt URL to: https://self-test.sabnzbd.org/
* timeout on name lookup is not supported
*   Trying 192.168.0.3...
* Connected to 192.168.0.3 (192.168.0.3) port 8989 (#0)
* Establish HTTP proxy tunnel to self-test.sabnzbd.org:443
> CONNECT self-test.sabnzbd.org:443 HTTP/1.1
> Host: self-test.sabnzbd.org:443
> User-Agent: curl/7.46.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 400 Bad Request
< Content-Type: text/html; charset=us-ascii
< Server: Microsoft-HTTPAPI/2.0
< Date: Wed, 15 Mar 2017 21:24:58 GMT
< Connection: close
< Content-Length: 324
<
* Received HTTP code 400 from proxy after CONNECT
* Closing connection 0
curl: (56) Received HTTP code 400 from proxy after CONNECT

tried sab 1.2.2 and it does the same thing as sab 2.0.x

trying sab 1.1.1 we see what I would expect.. no traceback and denied request:

C:\Users\zoggy>curl -v "https://self-test.sabnzbd.org" -x 192.168.0.3:8092
* Rebuilt URL to: https://self-test.sabnzbd.org/
* timeout on name lookup is not supported
*   Trying 192.168.0.3...
* Connected to 192.168.0.3 (192.168.0.3) port 8092 (#0)
* Establish HTTP proxy tunnel to self-test.sabnzbd.org:443
> CONNECT self-test.sabnzbd.org:443 HTTP/1.1
> Host: self-test.sabnzbd.org:443
> User-Agent: curl/7.46.0
> Proxy-Connection: Keep-Alive
>
* Recv failure: Connection was reset
* Received HTTP code 0 from proxy after CONNECT
* Closing connection 0
curl: (56) Recv failure: Connection was reset

trying git from tag 1.2.0Beta1 we see the issue happens onward.

@Safihre

This comment has been minimized.

Member

Safihre commented Mar 15, 2017

I don't understand how to fix it, can you look into what changed in cherrypy?

@thezoggy

This comment has been minimized.

Contributor

thezoggy commented Mar 15, 2017

well in 1.1.1 we were using cherrypy 6.0.2 and in 1.2.0b1 were using cherrypy 8.1.2

@thezoggy

This comment has been minimized.

Contributor

thezoggy commented Mar 15, 2017

so on latest dev, I tried various cherrpy versions (didnt apply hacks, just copied and replaced files),

cherrypy 8.1.3, same issue..
cherrypy 8.8.0, same issue..
cherrypy 6.2.1, same issue..
cherrypy 6.0.1, same issue..

the last one is interesting, because I would have expected this one to be fine if it was a cherrypy issue.
its starting to look like we caused the issue.. not it being a sab issue

@thezoggy

This comment has been minimized.

Contributor

thezoggy commented Mar 15, 2017

sab 2.0.0b1 -- enabled cherrpy logging.. sab does a traceback before the request.. cherrpy does not log the request...

@Safihre

This comment has been minimized.

Member

Safihre commented Mar 16, 2017

That's strange, don't believe we modify anything related to that:
https://github.com/sabnzbd/sabnzbd/commits/develop/cherrypy

@thezoggy

This comment has been minimized.

Contributor

thezoggy commented Mar 16, 2017

its not cherrypy but sab that changed the behavior.. i havent had a chance to bisect all the 1.1.1->1.2.0 changes.. but quickly glancing I'm thinking it may be:
b6972db

@Safihre

This comment has been minimized.

Member

Safihre commented Mar 16, 2017

Hmm but that change is necessary, after 1.0.0 it didn't actually bind to other ports anymore until that change.

@thezoggy

This comment has been minimized.

Contributor

thezoggy commented Mar 16, 2017

confirmed that the previous mentioned change is not the culprit..

thezoggy added a commit to thezoggy/sabnzbd that referenced this issue Mar 21, 2017

Fixes: sabnzbd#860
Handle: `SSLError: [SSL: HTTPS_PROXY_REQUEST] https proxy request (_ssl.c:661)`
@thezoggy

This comment has been minimized.

Contributor

thezoggy commented Mar 21, 2017

tracked it down to the 8.1.2 modification to expose errors from builtin.. before it must have just been suppressed... anyways once I added this to the list of errors it now reacts just like sab 1.1.1 did (doesnt throw traceback, doesnt attempt to respond)

#870

@thezoggy thezoggy closed this Mar 21, 2017

Safihre added a commit that referenced this issue Mar 21, 2017

Fixes: #860
Handle: `SSLError: [SSL: HTTPS_PROXY_REQUEST] https proxy request (_ssl.c:661)`

webknjaz added a commit to cherrypy/cheroot that referenced this issue Jun 18, 2017

netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this issue Jul 19, 2017

wiz
Updated py-cheroot to 5.7.0.
v5.7.0
======

- CI improvements:
  * Don't run tests during deploy stage
  * Use VM based build job env only for pyenv envs
  * Opt-in for beta trusty image @ Travis CI
  * Be verbose when running tests (show test names)
  * Show xfail/skip details during test run

- #34: Fix ``_handle_no_ssl`` error handler calls

- #21: Fix ``test_conn`` tests:
  * Improve setup_server def in HTTP connection tests
  * Fix HTTP streaming tests
  * Fix HTTP/1.1 pipelining test under Python 3
  * Fix ``test_readall_or_close`` test
  * Fix ``test_No_Message_Body``
  * Clarify ``test_598`` fail reason

- #36: Add GitHub templates for PR, issue && contributing

- #27: Default HTTP Server header to Cheroot version str

- Cleanup _compat functions from server module

v5.6.0
======

- Fix all PEP 257 related errors in all non-test modules.

  ``cheroot/test/*`` folder is only one left allowed to fail with this linter.

- #30: Optimize chunked body reader loop by returning empty data is the size is 0.

  Ref: cherrypy/cherrypy#1602

- Reset buffer if the body size is unknown

  Ref: cherrypy/cherrypy#1486

- Add missing size hint to SizeCheckWrapper

  Ref: cherrypy/cherrypy#1131

v5.5.2
======

- #32: Ignore "unknown error" and "https proxy request" SSL errors.

  Ref: sabnzbd/sabnzbd#820

  Ref: sabnzbd/sabnzbd#860

v5.5.1
======

- Make Appveyor list separate tests in corresponding tab.

- #29: Configure Travis CI build stages.

  Prioritize tests by stages.

  Move deploy stage to be run very last after all other stages finish.

- #31: Ignore "Protocol wrong type for socket" (EPROTOTYPE) @ OSX for non-blocking sockets.

  This was originally fixed for regular sockets in cherrypy/cherrypy#1392.

  Ref: https://forums.sabnzbd.org/viewtopic.php?f=2&t=22728&p=112251

v5.5.0
======

- #17 via #25: Instead of a read_headers function, cheroot now
  supplies a HeaderReader class to perform the same function.

  Any HTTPRequest object may override the header_reader attribute
  to customize the handling of incoming headers.

  The server module also presents a provisional implementation of
  a DropUnderscoreHeaderReader that will exclude any headers
  containing an underscore. It remains an exercise for the
  implementer to demonstrate how this functionality might be
  employed in a server such as CherryPy.

- #26: Configured TravisCI to run tests under OS X.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment