SSLError on all S3 Calls
190 views
Skip to first unread message
Matt
Dec 28, 2014, 11:19:05 AM12/28/14
to boto-...@googlegroups.com
I am suddenly having trouble retrieving buckets from S3:
conn = boto.s3.connect_to_region('us-west-2',
aws_access_key_id=access_key,
aws_secret_access_key=secret_key)
bucket = conn.get_bucket('my_bucket')Throws:
SSLError Traceback (most recent call last)
<ipython-input-4-06202f81022b> in <module>()
----> 1 bucket = conn.get_bucket('my_bucket')
/Users/Matt/Desktop/test/lib/python2.7/site-packages/boto/s3/connection.pyc in get_bucket(self, bucket_name, validate, headers)
500 """
501 if validate:
--> 502 return self.head_bucket(bucket_name, headers=headers)
503 else:
504 return self.bucket_class(self, bucket_name)
/Users/Matt/Desktop/test/lib/python2.7/site-packages/boto/s3/connection.pyc in head_bucket(self, bucket_name, headers)
519 :returns: A <Bucket> object
520 """
--> 521 response = self.make_request('HEAD', bucket_name, headers=headers)
522 body = response.read()
523 if response.status == 200:
/Users/Matt/Desktop/test/lib/python2.7/site-packages/boto/s3/connection.pyc in make_request(self, method, bucket, key, headers, data, query_args, sender, override_num_retries, retry_handler)
662 data, host, auth_path, sender,
663 override_num_retries=override_num_retries,
--> 664 retry_handler=retry_handler
665 )
/Users/Matt/Desktop/test/lib/python2.7/site-packages/boto/connection.pyc in make_request(self, method, path, headers, data, host, auth_path, sender, override_num_retries, params, retry_handler)
1066 params, headers, data, host)
1067 return self._mexe(http_request, sender, override_num_retries,
-> 1068 retry_handler=retry_handler)
1069
1070 def close(self):
/Users/Matt/Desktop/test/lib/python2.7/site-packages/boto/connection.pyc in _mexe(self, request, sender, override_num_retries, retry_handler)
940 else:
941 connection.request(request.method, request.path,
--> 942 request.body, request.headers)
943 response = connection.getresponse()
944 boto.log.debug('Response headers: %s' % response.getheaders())
/Users/Matt/anaconda/lib/python2.7/httplib.pyc in request(self, method, url, body, headers)
999 def request(self, method, url, body=None, headers={}):
1000 """Send a complete request to the server."""
-> 1001 self._send_request(method, url, body, headers)
1002
1003 def _set_content_length(self, body):
/Users/Matt/anaconda/lib/python2.7/httplib.pyc in _send_request(self, method, url, body, headers)
1033 for hdr, value in headers.iteritems():
1034 self.putheader(hdr, value)
-> 1035 self.endheaders(body)
1036
1037 def getresponse(self, buffering=False):
/Users/Matt/anaconda/lib/python2.7/httplib.pyc in endheaders(self, message_body)
995 else:
996 raise CannotSendHeader()
--> 997 self._send_output(message_body)
998
999 def request(self, method, url, body=None, headers={}):
/Users/Matt/anaconda/lib/python2.7/httplib.pyc in _send_output(self, message_body)
848 msg += message_body
849 message_body = None
--> 850 self.send(msg)
851 if message_body is not None:
852 #message_body was not a string (i.e. it is a file) and
/Users/Matt/anaconda/lib/python2.7/httplib.pyc in send(self, data)
810 if self.sock is None:
811 if self.auto_open:
--> 812 self.connect()
813 else:
814 raise NotConnected()
/Users/Matt/anaconda/lib/python2.7/httplib.pyc in connect(self)
1210
1211 self.sock = self._context.wrap_socket(self.sock,
-> 1212 server_hostname=server_hostname)
1213
1214 __all__.append("HTTPSConnection")
/Users/Matt/anaconda/lib/python2.7/ssl.pyc in wrap_socket(self, sock, server_side, do_handshake_on_connect, suppress_ragged_eofs, server_hostname)
348 suppress_ragged_eofs=suppress_ragged_eofs,
349 server_hostname=server_hostname,
--> 350 _context=self)
351
352 def set_npn_protocols(self, npn_protocols):
/Users/Matt/anaconda/lib/python2.7/ssl.pyc in __init__(self, sock, keyfile, certfile, server_side, cert_reqs, ssl_version, ca_certs, do_handshake_on_connect, family, type, proto, fileno, suppress_ragged_eofs, npn_protocols, ciphers, server_hostname, _context)
564 # non-blocking
565 raise ValueError("do_handshake_on_connect should not be specified for non-blocking sockets")
--> 566 self.do_handshake()
567
568 except (OSError, ValueError):
/Users/Matt/anaconda/lib/python2.7/ssl.pyc in do_handshake(self, block)
786 if timeout == 0.0 and block:
787 self.settimeout(None)
--> 788 self._sslobj.do_handshake()
789 finally:
790 self.settimeout(timeout)
SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)I have full access to the aws resources; is this a function of boto (virtualenv 'test') dependencies loading from a different python library (anaconda)?
Robert Schweikert
Dec 29, 2014, 11:16:43 AM12/29/14
to boto-...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/28/2014 11:19 AM, Matt wrote:
> I am suddenly having trouble retrieving buckets from S3:
>
> conn = boto.s3.connect_to_region('us-west-2',
> aws_access_key_id=access_key, aws_secret_access_key=secret_key)
>
>
> bucket = conn.get_bucket('my_bucket')
>
> Throws:
>
> SSLError Traceback (most recent
> call last) <ipython-input-4-06202f81022b> in <module>() ----> 1
> bucket = conn.get_bucket('my_bucket')
>
>
> /Users/Matt/Desktop/test/lib/python2.7/site-packages/boto/s3/connection.pyc
> in get_bucket(self, bucket_name, validate, headers) 500
> """ 501 if validate: --> 502 return
> self.head_bucket(bucket_name, headers=headers) 503 else:
> 504 return self.bucket_class(self, bucket_name)
>
>
> /Users/Matt/Desktop/test/lib/python2.7/site-packages/boto/s3/connection.pyc
> in head_bucket(self, bucket_name, headers) 519 :returns: A
> <Bucket> object 520 """ --> 521 response =
> self.make_request('HEAD', bucket_name, headers= headers) 522
not directly related to any of my buckets where SSL Handshake failed
due to SNI.
There appear to be issues with SNI in the Python SSL implementation.
Later,
Robert
- --
Robert Schweikert MAY THE SOURCE BE WITH YOU
Public Cloud Architect LINUX
rjsc...@suse.com
IRC: robjo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQEcBAEBAgAGBQJUoX5mAAoJEE4FgL32d2UkipsH/itLumRW5Hg18kaFhxfuktjK
PGZ53EkSYaynazflT1Bxi39OmKwtpjb6A/P0MhCdQmAbQrkaQotSOI9H4L0wGmOq
O/3N0bWzcIbrUNP/aQ/8U8hwGoQHzuCLD5YXDXwSdn46xV9rsynkjmNkhocUFNQs
C8bUd/V1k7O87+fSIRhS4HbV6EQAkfCxsyr2YjyfVVOX4GfA58qwc8ZKP/ofdUBE
fj4pHxCmkgX8cLahkFP9a8u5FDx6AmzEc+JHy0oWlug1MzF5vas39zmism5cFUTG
meBRsWk3ikbRaOpPE7wDEwia7bpHKDLsm9kRUP4NZSbNZPYzxLeS4Fn7zOniNhA=
=ctSZ
-----END PGP SIGNATURE-----
Hash: SHA1
On 12/28/2014 11:19 AM, Matt wrote:
> I am suddenly having trouble retrieving buckets from S3:
>
> conn = boto.s3.connect_to_region('us-west-2',
> aws_access_key_id=access_key, aws_secret_access_key=secret_key)
>
>
> bucket = conn.get_bucket('my_bucket')
>
> Throws:
>
> SSLError Traceback (most recent
> call last) <ipython-input-4-06202f81022b> in <module>() ----> 1
> bucket = conn.get_bucket('my_bucket')
>
>
> /Users/Matt/Desktop/test/lib/python2.7/site-packages/boto/s3/connection.pyc
> in get_bucket(self, bucket_name, validate, headers) 500
> """ 501 if validate: --> 502 return
> self.head_bucket(bucket_name, headers=headers) 503 else:
> 504 return self.bucket_class(self, bucket_name)
>
>
> /Users/Matt/Desktop/test/lib/python2.7/site-packages/boto/s3/connection.pyc
> in head_bucket(self, bucket_name, headers) 519 :returns: A
> <Bucket> object 520 """ --> 521 response =
> body = response.read() 523 if response.status == 200:
>
>
> /Users/Matt/Desktop/test/lib/python2.7/site-packages/boto/s3/connection.pyc
> in make_request(self, method, bucket, key, headers, data,
> query_args, sender , override_num_retries, retry_handler) 662
>
>
> /Users/Matt/Desktop/test/lib/python2.7/site-packages/boto/s3/connection.pyc
> in make_request(self, method, bucket, key, headers, data,
> data, host, auth_path, sender, 663
> override_num_retries=override_num_retries, --> 664
> retry_handler=retry_handler 665 )
>
>
> /Users/Matt/Desktop/test/lib/python2.7/site-packages/boto/connection.pyc
> in make_request(self, method, path, headers, data, host, auth_path,
> sender, override_num_retries, params, retry_handler) 1066
> params, headers, data, host) 1067 return
> self._mexe(http_request, sender, override_num_retries , -> 1068
> override_num_retries=override_num_retries, --> 664
> retry_handler=retry_handler 665 )
>
>
> /Users/Matt/Desktop/test/lib/python2.7/site-packages/boto/connection.pyc
> in make_request(self, method, path, headers, data, host, auth_path,
> sender, override_num_retries, params, retry_handler) 1066
> params, headers, data, host) 1067 return
> retry_handler=retry_handler) 1069 1070 def close(self):
>
>
> /Users/Matt/Desktop/test/lib/python2.7/site-packages/boto/connection.pyc
> in _mexe(self, request, sender, override_num_retries,
> retry_handler) 940 else: 941
> connection.request(request.method, request.path, --> 942
> request.body, request.headers ) 943 response =
>
>
> /Users/Matt/Desktop/test/lib/python2.7/site-packages/boto/connection.pyc
> in _mexe(self, request, sender, override_num_retries,
> retry_handler) 940 else: 941
> connection.request(request.method, request.path, --> 942
> connection.getresponse() 944
> boto.log.debug('Response headers: %s' % response. getheaders())
>
>
> /Users/Matt/anaconda/lib/python2.7/httplib.pyc in request(self,
> method, url, body, headers) 999 def request(self, method, url,
> body=None, headers={}): 1000 """Send a complete request to
> the server.""" -> 1001 self._send_request(method, url,
> body, headers) 1002 1003 def _set_content_length(self, body):
>
>
> /Users/Matt/anaconda/lib/python2.7/httplib.pyc in
> _send_request(self, method , url, body, headers) 1033 for
> boto.log.debug('Response headers: %s' % response. getheaders())
>
>
> /Users/Matt/anaconda/lib/python2.7/httplib.pyc in request(self,
> method, url, body, headers) 999 def request(self, method, url,
> body=None, headers={}): 1000 """Send a complete request to
> the server.""" -> 1001 self._send_request(method, url,
> body, headers) 1002 1003 def _set_content_length(self, body):
>
>
> /Users/Matt/anaconda/lib/python2.7/httplib.pyc in
> hdr, value in headers.iteritems(): 1034
> self.putheader(hdr, value) -> 1035 self.endheaders(body)
> 1036 1037 def getresponse(self, buffering=False):
>
>
> /Users/Matt/anaconda/lib/python2.7/httplib.pyc in endheaders(self,
> message_body) 995 else: 996 raise
> CannotSendHeader() --> 997 self._send_output(message_body)
> 998 999 def request(self, method, url, body=None, headers={}):
>
>
> /Users/Matt/anaconda/lib/python2.7/httplib.pyc in
> _send_output(self, message_body) 848 msg +=
> message_body 849 message_body = None --> 850
> self.send(msg) 851 if message_body is not None: 852
> #message_body was not a string (i.e. it is a file) and
>
>
> /Users/Matt/anaconda/lib/python2.7/httplib.pyc in send(self, data)
> 810 if self.sock is None: 811 if
> self.auto_open: --> 812 self.connect() 813
> else: 814 raise NotConnected()
>
>
> /Users/Matt/anaconda/lib/python2.7/httplib.pyc in connect(self)
> 1210 1211 self.sock =
> self._context.wrap_socket(self.sock, -> 1212
> server_hostname= server_hostname) 1213 1214
> self.putheader(hdr, value) -> 1035 self.endheaders(body)
> 1036 1037 def getresponse(self, buffering=False):
>
>
> /Users/Matt/anaconda/lib/python2.7/httplib.pyc in endheaders(self,
> message_body) 995 else: 996 raise
> CannotSendHeader() --> 997 self._send_output(message_body)
> 998 999 def request(self, method, url, body=None, headers={}):
>
>
> /Users/Matt/anaconda/lib/python2.7/httplib.pyc in
> _send_output(self, message_body) 848 msg +=
> message_body 849 message_body = None --> 850
> self.send(msg) 851 if message_body is not None: 852
> #message_body was not a string (i.e. it is a file) and
>
>
> /Users/Matt/anaconda/lib/python2.7/httplib.pyc in send(self, data)
> 810 if self.sock is None: 811 if
> self.auto_open: --> 812 self.connect() 813
> else: 814 raise NotConnected()
>
>
> /Users/Matt/anaconda/lib/python2.7/httplib.pyc in connect(self)
> 1210 1211 self.sock =
> self._context.wrap_socket(self.sock, -> 1212
> __all__.append("HTTPSConnection")
>
>
> /Users/Matt/anaconda/lib/python2.7/ssl.pyc in wrap_socket(self,
> sock, server_side, do_handshake_on_connect, suppress_ragged_eofs,
> server_hostname) 348
> suppress_ragged_eofs=suppress_ragged_eofs, 349
> server_hostname=server_hostname, --> 350
> _context=self) 351 352 def set_npn_protocols(self,
> npn_protocols):
>
>
> /Users/Matt/anaconda/lib/python2.7/ssl.pyc in __init__(self, sock,
> keyfile, certfile, server_side, cert_reqs, ssl_version, ca_certs,
> do_handshake_on_connect, family, type, proto, fileno,
> suppress_ragged_eofs, npn_protocols, ciphers, server_hostname,
> _context) 564 # non-blocking 565
> raise ValueError("do_handshake_on_connect should not be specified
> for non-blocking sockets") --> 566
> self.do_handshake() 567 568 except (OSError,
> ValueError):
>
>
> /Users/Matt/anaconda/lib/python2.7/ssl.pyc in do_handshake(self,
> block) 786 if timeout == 0.0 and block: 787
> self.settimeout(None) --> 788
> self._sslobj.do_handshake() 789 finally: 790
> self.settimeout(timeout)
>
>
> SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify
> failed (_ssl.c :581)
Could it be that SNI is involved? I ran into an issue also in EC2 but
>
>
> /Users/Matt/anaconda/lib/python2.7/ssl.pyc in wrap_socket(self,
> sock, server_side, do_handshake_on_connect, suppress_ragged_eofs,
> server_hostname) 348
> suppress_ragged_eofs=suppress_ragged_eofs, 349
> server_hostname=server_hostname, --> 350
> _context=self) 351 352 def set_npn_protocols(self,
> npn_protocols):
>
>
> /Users/Matt/anaconda/lib/python2.7/ssl.pyc in __init__(self, sock,
> keyfile, certfile, server_side, cert_reqs, ssl_version, ca_certs,
> do_handshake_on_connect, family, type, proto, fileno,
> suppress_ragged_eofs, npn_protocols, ciphers, server_hostname,
> _context) 564 # non-blocking 565
> raise ValueError("do_handshake_on_connect should not be specified
> for non-blocking sockets") --> 566
> self.do_handshake() 567 568 except (OSError,
> ValueError):
>
>
> /Users/Matt/anaconda/lib/python2.7/ssl.pyc in do_handshake(self,
> block) 786 if timeout == 0.0 and block: 787
> self.settimeout(None) --> 788
> self._sslobj.do_handshake() 789 finally: 790
> self.settimeout(timeout)
>
>
> SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify
> failed (_ssl.c :581)
not directly related to any of my buckets where SSL Handshake failed
due to SNI.
There appear to be issues with SNI in the Python SSL implementation.
Later,
Robert
- --
Robert Schweikert MAY THE SOURCE BE WITH YOU
Public Cloud Architect LINUX
rjsc...@suse.com
IRC: robjo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQEcBAEBAgAGBQJUoX5mAAoJEE4FgL32d2UkipsH/itLumRW5Hg18kaFhxfuktjK
PGZ53EkSYaynazflT1Bxi39OmKwtpjb6A/P0MhCdQmAbQrkaQotSOI9H4L0wGmOq
O/3N0bWzcIbrUNP/aQ/8U8hwGoQHzuCLD5YXDXwSdn46xV9rsynkjmNkhocUFNQs
C8bUd/V1k7O87+fSIRhS4HbV6EQAkfCxsyr2YjyfVVOX4GfA58qwc8ZKP/ofdUBE
fj4pHxCmkgX8cLahkFP9a8u5FDx6AmzEc+JHy0oWlug1MzF5vas39zmism5cFUTG
meBRsWk3ikbRaOpPE7wDEwia7bpHKDLsm9kRUP4NZSbNZPYzxLeS4Fn7zOniNhA=
=ctSZ
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages