Best IT Recipes

Python requests request.exceptions.SSLError: [Errno 8] _ssl.c: 504: EOF occurred with protocol violation

I am on Ubuntu 12.10 with OpenSSL 1.0.1c, python 2.7.3, Requests 1.0.3 and 1.0.4 (tried both) and when I try to connect to the website in the url variable with the following code.

def SendInitialRequest(xmlmessage, redirecturl): url = 'https://centineltest.cardinalcommerce.com/maps/txns.asp' payload = 'cmpi_msg=' + ET.tostring(xmlmessage) headers = { 'Content-Type': 'application/x-www-form-urlencoded', } r = requests.post(url, data=payload, headers=headers, verify=None) print r.text

It produces the following error:

 Traceback (most recent call last): File "<stdin>", line 1, in <module> File "clams/libs/centinel/thinclient.py", line 134, in SendInitialRequest r = requests.post(url, data=payload, headers=headers, verify=None) File "/home/jasonamyers/.virtualenv/clams/lib/python2.7/site-packages/requests/api.py", line 87, in post return request('post', url, data=data, **kwargs) File "/home/jasonamyers/.virtualenv/clams/lib/python2.7/site-packages/requests/api.py", line 44, in request return session.request(method=method, url=url, **kwargs) File "/home/jasonamyers/.virtualenv/clams/lib/python2.7/site-packages/requests/sessions.py", line 269, in request resp = self.send(prep, stream=stream, timeout=timeout, verify=verify, cert=cert, proxies=proxies) File "/home/jasonamyers/.virtualenv/clams/lib/python2.7/site-packages/requests/sessions.py", line 364, in send r = adapter.send(request, **kwargs) File "/home/jasonamyers/.virtualenv/clams/lib/python2.7/site-packages/requests/adapters.py", line 163, in send raise SSLError(e) requests.exceptions.SSLError: [Errno 8] _ssl.c:504: EOF occurred in violation of protocol

Attempting to connect to openssl returns the following:

 $ openssl s_client -connect centineltest.cardinalcommerce.com:443 CONNECTED(00000003) 140019346777760:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 226 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE ---

If I force it to use tls1, it works (output is truncated):

 $ openssl s_client -tls1 -connect centineltest.cardinalcommerce.com:443 CONNECTED(00000003) depth=2 C = US, O = "thawte, Inc.", OU = Certification Services Division, OU verify error:num=20:unable to get local issuer certificate verify return:0 ---

I have seen numerous error reports ; however, I did not find a way around this using the python query library. Any help would be greatly appreciated.

+58
python openssl python-requests
Dec 31 '13 at 13:51
source share
10 answers

By posting this here for others from the issue question page :

Requests' do not support this until version 1. After version 1, you should subclass the HTTPAdapter like this:

 from requests.adapters import HTTPAdapter from requests.packages.urllib3.poolmanager import PoolManager import ssl class MyAdapter(HTTPAdapter): def init_poolmanager(self, connections, maxsize, block=False): self.poolmanager = PoolManager(num_pools=connections, maxsize=maxsize, block=block, ssl_version=ssl.PROTOCOL_TLSv1)

When you do this, you can do this:

 import requests s = requests.Session() s.mount('https://', MyAdapter())

Any request through this session object will use TLSv1.

+43
Jan 03 '13 at 19:45
source share

Setting verification = False only skips server certificate verification, but does not help resolve SSL protocol errors.

This problem is probably related to disabling SSLv2 on the web server, but Python 2.x, by default, tries to establish a connection with PROTOCOL_SSLv23. This happens at https://github.com/python/cpython/blob/360aa60b2a36f5f6e9e20325efd8d472f7559b1e/Lib/ssl.py#L1057

You can disable ssl.wrap_socket () in the ssl module by overriding the ssl_version keyword parameter. The following code can be used as is. Put this at the beginning of your program before executing any queries.

 import ssl from functools import wraps def sslwrap(func): @wraps(func) def bar(*args, **kw): kw['ssl_version'] = ssl.PROTOCOL_TLSv1 return func(*args, **kw) return bar ssl.wrap_socket = sslwrap(ssl.wrap_socket)
+34
Jun 11 '14 at 15:10
source share

The installation of "additional" security packages for requests resolved for me:

sudo apt-get install libffi-dev

sudo pip install -U asks [security]

+21
Feb 15 '16 at 21:35
source share

This is a known bug, you can handle it with a hack:

Open site-packages/requests/packages/urllib3/connectionpool.py (or else just make a local copy of the requests inside your own project) and change the block that says:

 def connect(self): # Add certificate verification sock = socket.create_connection((self.host, self.port), self.timeout) # Wrap socket using verification with the root certs in # trusted_root_certs self.sock = ssl_wrap_socket(sock, self.key_file, self.cert_file, cert_reqs=self.cert_reqs, ca_certs=self.ca_certs, server_hostname=self.host, ssl_version=self.ssl_version)

at

 def connect(self): # Add certificate verification sock = socket.create_connection((self.host, self.port), self.timeout) # Wrap socket using verification with the root certs in # trusted_root_certs self.sock = ssl_wrap_socket(sock, self.key_file, self.cert_file, cert_reqs=self.cert_reqs, ca_certs=self.ca_certs, server_hostname=self.host, ssl_version=ssl.PROTOCOL_TLSv1)

Otherwise, I believe that somewhere worse than less hacks, but I could not find it with a few glances.

NOTE. On the side channel, requests from PIP (1.0.4) on MacOS only work with the URL you specify.

+5
Dec 31 '13 at 14:07
source share

I ran into this error, and the fix seems to disable SNI, which does not support Python 2.7:

http://bugs.python.org/issue5639

urllib3 on python 2.7 SNI error in Google App Engine

+3
Dec 07 '13 at 4:34
source share

People who cannot work on fixes.

You will have to modify the ssl.py file to fix it. Find the create_default_context function and change the line:

 context = SSLContext(PROTOCOL_SSLv23)

to

 context = SSLContext(PROTOCOL_TLSv1)

Can someone create a simpler solution without editing ssl.py?

+3
Aug 31 '16 at 13:39
source share

I had the same problem:

raise SSLError (e)
request.exceptions.SSLError: [Errno 8] _ssl.c: 504: EOF occurred with a protocol violation

I had a violinist, I stopped the capture of a violinist and did not see this error. Maybe because of the violinist.

+2
Aug 28 '13 at 0:34
source share

Unfortunately, the accepted answer did not work for me. As a temporary workaround, you can also use verify=False when connecting to a secure website.

From Python Queries, Calling SSLError

 requests.get('https://example.com', verify=True)
0
Mar 06 '13 at 11:00
source share

I had this error when connecting to the RabbitMQ MQTT server via TLS. I am sure that the server is damaged, but in any case, it worked with OpenSSL 1.0.1, but not OpenSSL 1.0.2.

You can test your version in Python using the following command:

 import ssl ssl.OPENSSL_VERSION

I am not sure how to downgrade OpenSSL in Python (at least it is statically linked to Windows) other than using an older version of Python.

0
Apr 13 '16 at 15:27
source share

I had a similar problem and I think that if we just ignore the ssl check, it will work like a charm, as it worked for me. Thus, connecting to the server using the https scheme, but instructing them not to verify the certificate.

Using requests . Just specify verify=False instead of None

  requests.post(url, data=payload, headers=headers, verify=False)

Hoping this will work for those in need :).

0
Jun 27 '17 at 7:36 on
source share


More articles:


All Articles