Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

urllib.error.URLError on python > 3.10 when SSL is enabled #253

Open
yssrku opened this issue Apr 7, 2023 · 0 comments
Open

urllib.error.URLError on python > 3.10 when SSL is enabled #253

yssrku opened this issue Apr 7, 2023 · 0 comments

Comments

@yssrku
Copy link

yssrku commented Apr 7, 2023

Hi, after I upgrade my python, I found libtaxii is broken when ssl is enabled

Traceback (most recent call last):
  File "script.py", line 38, in <module>
    http_resp = client.call_taxii_service2('host', '/taxii/v1/poll/', VID_TAXII_XML_11, poll_request.to_xml())
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "venv/lib/python3.11/site-packages/libtaxii/clients.py", line 346, in call_taxii_service2
    response = urllib.request.urlopen(req)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "~/.pyenv/versions/3.11.3/lib/python3.11/urllib/request.py", line 216, in urlopen
    return opener.open(url, data, timeout)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "~/.pyenv/versions/3.11.3/lib/python3.11/urllib/request.py", line 519, in open
    response = self._open(req, data)
               ^^^^^^^^^^^^^^^^^^^^^
  File "~/.pyenv/versions/3.11.3/lib/python3.11/urllib/request.py", line 536, in _open
    result = self._call_chain(self.handle_open, protocol, protocol +
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "~/.pyenv/versions/3.11.3/lib/python3.11/urllib/request.py", line 496, in _call_chain
    result = func(*args)
             ^^^^^^^^^^^
  File "venv/lib/python3.11/site-packages/libtaxii/clients.py", line 374, in https_open
    return self.do_open(self.get_connection, req)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "~/.pyenv/versions/3.11.3/lib/python3.11/urllib/request.py", line 1351, in do_open
    raise URLError(err)
urllib.error.URLError: <urlopen error Cannot create a client socket with a PROTOCOL_TLS_SERVER context (_ssl.c:805)>

After some digging, I found when verify_server is not enabled (which is the default), libtaxii creates ssl context with ssl.Purpose.CLIENT_AUTH.
https://github.com/TAXIIProject/libtaxii/blob/master/libtaxii/clients.py#L432

This creates a server context
https://github.com/python/cpython/blob/8563966be4f171ccf615105ef9d3a5aa65a1de68/Lib/ssl.py#L697

Which cannot be used to create client sockets.

More info on this:
python/cpython#96972
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@yssrku