-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/28/2014 11:19 AM, Matt wrote:
> I am suddenly having trouble retrieving buckets from S3:
>
> conn = boto.s3.connect_to_region('us-west-2',
> aws_access_key_id=access_key, aws_secret_access_key=secret_key)
>
>
> bucket = conn.get_bucket('my_bucket')
>
> Throws:
>
> SSLError Traceback (most recent
> call last) <ipython-input-4-06202f81022b> in <module>() ----> 1
> bucket = conn.get_bucket('my_bucket')
>
>
> /Users/Matt/Desktop/test/lib/python2.7/site-packages/boto/s3/connection.pyc
> in get_bucket(self, bucket_name, validate, headers) 500
> """ 501 if validate: --> 502 return
> self.head_bucket(bucket_name, headers=headers) 503 else:
> 504 return self.bucket_class(self, bucket_name)
>
>
> /Users/Matt/Desktop/test/lib/python2.7/site-packages/boto/s3/connection.pyc
> in head_bucket(self, bucket_name, headers) 519 :returns: A
> <Bucket> object 520 """ --> 521 response =
> self.make_request('HEAD', bucket_name, headers= headers) 522
> body = response.read() 523 if response.status == 200:
>
>
> /Users/Matt/Desktop/test/lib/python2.7/site-packages/boto/s3/connection.pyc
> in make_request(self, method, bucket, key, headers, data,
> query_args, sender , override_num_retries, retry_handler) 662
> data, host, auth_path, sender, 663
> override_num_retries=override_num_retries, --> 664
> retry_handler=retry_handler 665 )
>
>
> /Users/Matt/Desktop/test/lib/python2.7/site-packages/boto/connection.pyc
> in make_request(self, method, path, headers, data, host, auth_path,
> sender, override_num_retries, params, retry_handler) 1066
> params, headers, data, host) 1067 return
> self._mexe(http_request, sender, override_num_retries , -> 1068
> retry_handler=retry_handler) 1069 1070 def close(self):
>
>
> /Users/Matt/Desktop/test/lib/python2.7/site-packages/boto/connection.pyc
> in _mexe(self, request, sender, override_num_retries,
> retry_handler) 940 else: 941
> connection.request(request.method, request.path, --> 942
> request.body, request.headers ) 943 response =
> connection.getresponse() 944
> boto.log.debug('Response headers: %s' % response. getheaders())
>
>
> /Users/Matt/anaconda/lib/python2.7/httplib.pyc in request(self,
> method, url, body, headers) 999 def request(self, method, url,
> body=None, headers={}): 1000 """Send a complete request to
> the server.""" -> 1001 self._send_request(method, url,
> body, headers) 1002 1003 def _set_content_length(self, body):
>
>
> /Users/Matt/anaconda/lib/python2.7/httplib.pyc in
> _send_request(self, method , url, body, headers) 1033 for
> hdr, value in headers.iteritems(): 1034
> self.putheader(hdr, value) -> 1035 self.endheaders(body)
> 1036 1037 def getresponse(self, buffering=False):
>
>
> /Users/Matt/anaconda/lib/python2.7/httplib.pyc in endheaders(self,
> message_body) 995 else: 996 raise
> CannotSendHeader() --> 997 self._send_output(message_body)
> 998 999 def request(self, method, url, body=None, headers={}):
>
>
> /Users/Matt/anaconda/lib/python2.7/httplib.pyc in
> _send_output(self, message_body) 848 msg +=
> message_body 849 message_body = None --> 850
> self.send(msg) 851 if message_body is not None: 852
> #message_body was not a string (i.e. it is a file) and
>
>
> /Users/Matt/anaconda/lib/python2.7/httplib.pyc in send(self, data)
> 810 if self.sock is None: 811 if
> self.auto_open: --> 812 self.connect() 813
> else: 814 raise NotConnected()
>
>
> /Users/Matt/anaconda/lib/python2.7/httplib.pyc in connect(self)
> 1210 1211 self.sock =
> self._context.wrap_socket(self.sock, -> 1212
> server_hostname= server_hostname) 1213 1214
> __all__.append("HTTPSConnection")
>
>
> /Users/Matt/anaconda/lib/python2.7/ssl.pyc in wrap_socket(self,
> sock, server_side, do_handshake_on_connect, suppress_ragged_eofs,
> server_hostname) 348
> suppress_ragged_eofs=suppress_ragged_eofs, 349
> server_hostname=server_hostname, --> 350
> _context=self) 351 352 def set_npn_protocols(self,
> npn_protocols):
>
>
> /Users/Matt/anaconda/lib/python2.7/ssl.pyc in __init__(self, sock,
> keyfile, certfile, server_side, cert_reqs, ssl_version, ca_certs,
> do_handshake_on_connect, family, type, proto, fileno,
> suppress_ragged_eofs, npn_protocols, ciphers, server_hostname,
> _context) 564 # non-blocking 565
> raise ValueError("do_handshake_on_connect should not be specified
> for non-blocking sockets") --> 566
> self.do_handshake() 567 568 except (OSError,
> ValueError):
>
>
> /Users/Matt/anaconda/lib/python2.7/ssl.pyc in do_handshake(self,
> block) 786 if timeout == 0.0 and block: 787
> self.settimeout(None) --> 788
> self._sslobj.do_handshake() 789 finally: 790
> self.settimeout(timeout)
>
>
> SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify
> failed (_ssl.c :581)
Could it be that SNI is involved? I ran into an issue also in EC2 but
not directly related to any of my buckets where SSL Handshake failed
due to SNI.
There appear to be issues with SNI in the Python SSL implementation.
Later,
Robert
- --
Robert Schweikert MAY THE SOURCE BE WITH YOU
Public Cloud Architect LINUX
rjsc...@suse.com
IRC: robjo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQEcBAEBAgAGBQJUoX5mAAoJEE4FgL32d2UkipsH/itLumRW5Hg18kaFhxfuktjK
PGZ53EkSYaynazflT1Bxi39OmKwtpjb6A/P0MhCdQmAbQrkaQotSOI9H4L0wGmOq
O/3N0bWzcIbrUNP/aQ/8U8hwGoQHzuCLD5YXDXwSdn46xV9rsynkjmNkhocUFNQs
C8bUd/V1k7O87+fSIRhS4HbV6EQAkfCxsyr2YjyfVVOX4GfA58qwc8ZKP/ofdUBE
fj4pHxCmkgX8cLahkFP9a8u5FDx6AmzEc+JHy0oWlug1MzF5vas39zmism5cFUTG
meBRsWk3ikbRaOpPE7wDEwia7bpHKDLsm9kRUP4NZSbNZPYzxLeS4Fn7zOniNhA=
=ctSZ
-----END PGP SIGNATURE-----