"asks" async https client: 'SSLOFERROR on connect attempt to server with self-signed cert --WARNING: handtyped stack trace--
"asks" async https client: 'SSLEOFERROR on connect attempt to server with self-signed cert --WARNING: handtyped stack trace--
查看更新
我正在尝试使用自签名证书向 Web 服务器发送请求(在非自签名的网站上工作正常)但我不断收到错误消息:
SSLEOFERROR EOF occurred in violation of protocol
相反,当使用请求时,python 的非异步 http 客户端,将 ssl_verify 设置为 false 允许成功连接到服务器。然而,异步 http 客户端询问缺少这样的功能,我得到了 SSLEOFERROR。
Asks 确实允许接受自定义的 ssl.SSLContext 对象,但经过几次尝试,甚至将自签名证书添加到我的本地密钥库,都没有成功连接,错误仍然存在一样。
import asks
import trio
from asks.sessions import Session
url_list = ['facebook.com', 'https://example.com']
results=[]
ssl_context=ssl.SSLContext()
ssl_context.verify_mode=ssl.CERT_NONE
ssl_context.check_hostname = False
async def grabber(s,url):
r=await s.get(path='/'+url)
results.append(r)
async def main(url_list)
s = Session(connections=2,ssl_context=ssl_context)
s.base_location='https://self-signedcert-site/'
s.endpoint='path/to/restapi'
async with trio.open_nursery() as n:
for url in url_list:
n.start_soon(grabber, s, url)
trio.run(main,url_list)
结果如下(手写追溯..无法从错误机器中 share/paste)
开始 SSLEOFERROR 回溯:
Traceback (most recent call last):
line 463 in _retry
ret = fn(*args)
line 718 in read
v= self._sslobj.read(len)
ssl.SSLEOFError: EOF occured in violation of protocol (_ssl.c:2508)
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
line 90, in runcode
exec(code, self.locals)
File "<input>", line 28, in <module> run.py line 1783 in run
raise runner.main_task_outcome.error
file"<input>", line 26 in main
file _run.py, line 725, in __aexit__
raise combined error_from_nursery
file"<input>", line 15 in grabber
File "asks/sessions.py", line 253, in _handle_exception
raise e
File ...asks\sessions.py" , line 186 in request
sock,r = await req_obj.make_request()
file ...request_object.py ", line 217 in make_request
response obj=await self._request_io(req, req_body, hconnection)
file ..request_object.py", line 254 in _request_io
response_obj = await
self._catch_response(hcconection)
file ..request_object.py", line 596, in _catch_response
data=await self._recv_event(hcconection)
file "...request_object.py", line 618, in _recv_event
(await asynclib.recv(self.sock,10000)))
File "..._event_loop_wrappers.py", line 47 in trio_receive_some
return await sock.receive_some(max_bytes)
file "..._ssl.py" line 657 in receive_some
return await self._retry(self._ssl_object.read, max_bytes)
File"....trio\_ssl.py", line 468 in _retry
raise trio.BrokenResourceerror from exc
Trio.BrokenResourceError
更新
我发现了一些东西。
如果我不使用会话对象,而是使用 asks.get(),我可以看到响应的细微变化:
询问图书馆
SSLEOFERROR: [使用 pip 安装问题修复了错误 -- conda-forge 是 运行 落后 3 个版本]
asks.get('https://url', auth=BasicAuth(usr_pw))
无效的 HTTP 响应错误:
asks.get('https:url/rest/api/path',auth=BasicAuth(usr_pw))
页面正文按预期返回:
asks.get('https://google.com')
请求库
页面正文按预期返回:
requests.get('https://url', auth=HTTPBasicAuth=(usr_pw),verify=false)
按预期从 API 返回的正确响应:
requests.get('https:url/rest/api/path', auth=HTTPBasicAuth=(usr_pw))
考虑到我能够生成另一种类型的错误(无效的 http 响应),我为此添加了更多的回溯
开始无效的 HTTP 响应回溯:
[已编辑完整路径]
File "....\asks\sessions.py", line 185, in request
sock, r = await req_obj.make_request()
file ....\asks\request_object.py", line 214, in make_request
response_obj = await self._request_io(req, req_body, h11_connection)
file "...\asks\request_object.py", line 251, in _request_io
response_obj = await self._catch_response(h11_connection)
file"...\asks\request_object.py", line 599, in _catch_response
assert isinstance(endof, h11.EndOfMessage)
AssertionError
The above exception was the direct cause of the following exception
[some output redacted]
file "...\trio\_core\_run.py", in 1783, in run
raise runner.main_task_outcome.error
file "...\my_script_thats_having_this_error, line 33, in main
n.start_soon(grabber,s)
File"....\trio\_core\_run.py", line 725 in __aexit__
raise combined_error_from_nursery
File "...\my_script_thats_having_this_error, line 30 in request
r = await s.request(method, url=uri, **kwargs)
File "...\asks\sessions.py", line 215, in request
await self._handle_exception(e,sock)
File "...\asks\sessions.py", line 253, in _handle_exception
raise BadHttpResponse('invalid HTTP response from server. ') from e asks.errors.BadHttpResponse: Invalid HTTP response from server.
我尝试使用 asks v2.3.5 连接到具有自签名证书的站点,它成功了:
>>> trio.run(asks.get, "https://self-signed.badssl.com")
<Response 200 OK>
这是一个严重的错误...这意味着 asks 实际上默认设置了等同于 verify=False 的设置。我希望 asks 会在接下来的几天内发布紧急版本来解决这个问题。请参阅:https://github.com/theelous3/asks/issues/134 [编辑:这已在 asks v2.3.6 中修复。]
但是回到你的问题!鉴于默认情况下 asks verify=False ,我认为自签名证书不会导致您的问题。无论如何,自签名证书应该导致 SSLCertVerificationError,而不是 SSLEOFError。
不幸的是,我认为这里没有足够的信息来弄清楚你的实际问题是什么:-(。SSLEOFError 异常意味着服务器突然关闭了他们的连接。也许是哪里出了问题握手?也许 asks 和 requests 被配置为提供一组不同的密码套件,而服务器不喜欢 asks 的产品?这些都是疯狂的猜测:-/。接下来我可能会尝试 wireshark 以找出实际发生的事情.
查看更新
我正在尝试使用自签名证书向 Web 服务器发送请求(在非自签名的网站上工作正常)但我不断收到错误消息:
SSLEOFERROR EOF occurred in violation of protocol
相反,当使用请求时,python 的非异步 http 客户端,将 ssl_verify 设置为 false 允许成功连接到服务器。然而,异步 http 客户端询问缺少这样的功能,我得到了 SSLEOFERROR。
Asks 确实允许接受自定义的 ssl.SSLContext 对象,但经过几次尝试,甚至将自签名证书添加到我的本地密钥库,都没有成功连接,错误仍然存在一样。
import asks
import trio
from asks.sessions import Session
url_list = ['facebook.com', 'https://example.com']
results=[]
ssl_context=ssl.SSLContext()
ssl_context.verify_mode=ssl.CERT_NONE
ssl_context.check_hostname = False
async def grabber(s,url):
r=await s.get(path='/'+url)
results.append(r)
async def main(url_list)
s = Session(connections=2,ssl_context=ssl_context)
s.base_location='https://self-signedcert-site/'
s.endpoint='path/to/restapi'
async with trio.open_nursery() as n:
for url in url_list:
n.start_soon(grabber, s, url)
trio.run(main,url_list)
结果如下(手写追溯..无法从错误机器中 share/paste) 开始 SSLEOFERROR 回溯:
Traceback (most recent call last):
line 463 in _retry
ret = fn(*args)
line 718 in read
v= self._sslobj.read(len)
ssl.SSLEOFError: EOF occured in violation of protocol (_ssl.c:2508)
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
line 90, in runcode
exec(code, self.locals)
File "<input>", line 28, in <module> run.py line 1783 in run
raise runner.main_task_outcome.error
file"<input>", line 26 in main
file _run.py, line 725, in __aexit__
raise combined error_from_nursery
file"<input>", line 15 in grabber
File "asks/sessions.py", line 253, in _handle_exception
raise e
File ...asks\sessions.py" , line 186 in request
sock,r = await req_obj.make_request()
file ...request_object.py ", line 217 in make_request
response obj=await self._request_io(req, req_body, hconnection)
file ..request_object.py", line 254 in _request_io
response_obj = await
self._catch_response(hcconection)
file ..request_object.py", line 596, in _catch_response
data=await self._recv_event(hcconection)
file "...request_object.py", line 618, in _recv_event
(await asynclib.recv(self.sock,10000)))
File "..._event_loop_wrappers.py", line 47 in trio_receive_some
return await sock.receive_some(max_bytes)
file "..._ssl.py" line 657 in receive_some
return await self._retry(self._ssl_object.read, max_bytes)
File"....trio\_ssl.py", line 468 in _retry
raise trio.BrokenResourceerror from exc
Trio.BrokenResourceError
更新 我发现了一些东西。
如果我不使用会话对象,而是使用 asks.get(),我可以看到响应的细微变化:
询问图书馆
SSLEOFERROR: [使用 pip 安装问题修复了错误 -- conda-forge 是 运行 落后 3 个版本]
asks.get('https://url', auth=BasicAuth(usr_pw))
无效的 HTTP 响应错误:
asks.get('https:url/rest/api/path',auth=BasicAuth(usr_pw))
页面正文按预期返回:
asks.get('https://google.com')
请求库
页面正文按预期返回:
requests.get('https://url', auth=HTTPBasicAuth=(usr_pw),verify=false)
按预期从 API 返回的正确响应:
requests.get('https:url/rest/api/path', auth=HTTPBasicAuth=(usr_pw))
考虑到我能够生成另一种类型的错误(无效的 http 响应),我为此添加了更多的回溯 开始无效的 HTTP 响应回溯:
[已编辑完整路径]
File "....\asks\sessions.py", line 185, in request
sock, r = await req_obj.make_request()
file ....\asks\request_object.py", line 214, in make_request
response_obj = await self._request_io(req, req_body, h11_connection)
file "...\asks\request_object.py", line 251, in _request_io
response_obj = await self._catch_response(h11_connection)
file"...\asks\request_object.py", line 599, in _catch_response
assert isinstance(endof, h11.EndOfMessage)
AssertionError
The above exception was the direct cause of the following exception
[some output redacted]
file "...\trio\_core\_run.py", in 1783, in run
raise runner.main_task_outcome.error
file "...\my_script_thats_having_this_error, line 33, in main
n.start_soon(grabber,s)
File"....\trio\_core\_run.py", line 725 in __aexit__
raise combined_error_from_nursery
File "...\my_script_thats_having_this_error, line 30 in request
r = await s.request(method, url=uri, **kwargs)
File "...\asks\sessions.py", line 215, in request
await self._handle_exception(e,sock)
File "...\asks\sessions.py", line 253, in _handle_exception
raise BadHttpResponse('invalid HTTP response from server. ') from e asks.errors.BadHttpResponse: Invalid HTTP response from server.
我尝试使用 asks v2.3.5 连接到具有自签名证书的站点,它成功了:
>>> trio.run(asks.get, "https://self-signed.badssl.com")
<Response 200 OK>
这是一个严重的错误...这意味着 asks 实际上默认设置了等同于 verify=False 的设置。我希望 asks 会在接下来的几天内发布紧急版本来解决这个问题。请参阅:https://github.com/theelous3/asks/issues/134 [编辑:这已在 asks v2.3.6 中修复。]
但是回到你的问题!鉴于默认情况下 asks verify=False ,我认为自签名证书不会导致您的问题。无论如何,自签名证书应该导致 SSLCertVerificationError,而不是 SSLEOFError。
不幸的是,我认为这里没有足够的信息来弄清楚你的实际问题是什么:-(。SSLEOFError 异常意味着服务器突然关闭了他们的连接。也许是哪里出了问题握手?也许 asks 和 requests 被配置为提供一组不同的密码套件,而服务器不喜欢 asks 的产品?这些都是疯狂的猜测:-/。接下来我可能会尝试 wireshark 以找出实际发生的事情.