django 1.10 error (SSL error: called a function you should not call)
175 views
Skip to first unread message
Luc Jean
Nov 3, 2016, 7:11:53 AM11/3/16
to django...@googlegroups.com
Hello,
I have a Python 3.5/Django 1.10 app served by Apache/mod_wsgi over SSL. It is connected to a Postgres 9.5.2 database (with psycopg2==2.6.2) and is running on a server at AlwaysData
It works fine most of time but I have sometimes an error that I don't understand.
(SSL error: called a function you should not call)It seems to occur while querying the database.
# django/db/backends/utils.py line 64
return self.cursor.execute(sql, params)The problem occurs when REST api (made using django-rest-framework) is called by a Angular2 app.
I have activated the following settings:
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
SECURE_SSL_REDIRECT = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = TrueDoes anybody have any idea about the possible cause of the problem?
Best
luc
Melvyn Sopacua
Nov 3, 2016, 9:16:41 AM11/3/16
to django...@googlegroups.com
On Thursday 03 November 2016 12:11:29 Luc Jean wrote:
> (SSL error: called a function you should not call)
> It seems to occur while querying the database.
>
> # django/db/backends/utils.py line 64
> return self.cursor.execute(sql, params)
This would only make sense if you use SSL to connect to the database. I
> (SSL error: called a function you should not call)
> It seems to occur while querying the database.
>
> # django/db/backends/utils.py line 64
> return self.cursor.execute(sql, params)
would actually assume this is just where the exception is first caught,
not where it's triggered.
> The problem occurs when REST api (made using django-rest-framework) is
> called by a Angular2 app.
>
> I have activated the following settings:
>
> SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
> SECURE_SSL_REDIRECT = True
> SESSION_COOKIE_SECURE = True
> CSRF_COOKIE_SECURE = True
> Does anybody have any idea about the possible cause of the problem?
to find out:
http://stackoverflow.com/a/19288033/1600649
I would disable all SSLv2 functionality one by one to identify the layer
and hope the software in question is smart enough to switch to
SSLv3_method() when SSLv2 is not wanted. If you can abolish all SSL
protocols all together and only support TLS 1.1 and 1.2 since the others
are insecure:
<https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices#22-use-secure-protocols>
--
Melvyn Sopacua
Reply all
Reply to author
Forward
0 new messages