self._sslobj.do_handshake returns OSError: [Errno 0] Error

blkpws

unread,

May 23, 2019, 10:36:26 AM5/23/19

to Pika

Hello,

I have two problems, the first one is that (maybe for some bad configuration) I get an error but there is no explanation about this error (even on docs), I would like to know what's happening and where is the problem with the handshake.

Second, I would like to know why is it using the SSL package from my compiled python instead of my venv.

Traceback (most recent call last):
  File "server_consumer.py", line 18, in <module>
    connection = pika.BlockingConnection(parameters)
  File "/home/my_user/Machines/testing-rabbit/venv/lib/python3.7/site-packages/pika/adapters/blocking_connection.py", line 360, in __init__
    self._impl = self._create_connection(parameters, _impl_class)
  File "/home/my_user/Machines/testing-rabbit/venv/lib/python3.7/site-packages/pika/adapters/blocking_connection.py", line 451, in _create_connection
    raise self._reap_last_connection_workflow_error(error)
  File "/home/my_user/Machines/testing-rabbit/venv/lib/python3.7/site-packages/pika/adapters/utils/io_services_utils.py", line 636, in _do_ssl_handshake
    self._sock.do_handshake()
  File "/home/my_user/.pyenv/versions/3.7.3/lib/python3.7/ssl.py", line 1117, in do_handshake
    self._sslobj.do_handshake()
OSError: [Errno 0] Error

My `server_consumer.py` (it's the client that read the server queues):

#!/usr/bin/env python
import ssl
import time
import pika

credentials = pika.PlainCredentials('admin', 'admin')

context = ssl.create_default_context(cafile="ca_certificate.pem")
context.load_cert_chain("client_certificate.pem", "client_key.pem")

ssl_options = pika.SSLOptions(context, "localhost")

parameters = pika.ConnectionParameters(
    port=5671,
    ssl_options=ssl_options,
    credentials=credentials)

connection = pika.BlockingConnection(parameters)  # <--- Breaks here <---

channel = connection.channel()

channel.queue_declare(queue='task_queue', durable=True)
print(' [*] Waiting for messages. To exit press CTRL+C')


def callback(ch, method, properties, body):
    print(" [x] Received %r" % body)
    time.sleep(body.count(b'.'))
    print(" [x] Done")
    ch.basic_ack(delivery_tag=method.delivery_tag)


channel.basic_qos(prefetch_count=1)
channel.basic_consume(queue='task_queue', on_message_callback=callback)

channel.start_consuming()

Thanks. :)

Blkpws

Luke Bakken

unread,

May 28, 2019, 11:04:20 AM5/28/19

to Pika

Hello!

What does RabbitMQ log at the same time as the OSError?

Thanks -

Luke

blkpws

unread,

May 29, 2019, 4:41:00 AM5/29/19

to Pika

Hello Luke!

Can't see any log when I do the SSL handshake. I did various handshake, latest was at 00:46:??.

my_user@ubuntu1804:~$ tail /var/log/rabbitmq/*                                                                                                                                                                       
==> /var/log/rabbitmq/erl_crash.dump <==                                                                                                                                                                             
normal
timeout
infinity
''
'$end_of_table'
'nonode@nohost'
'_'
true
false
=end


==> /var/log/rabbitmq/log <==
tail: error reading '/var/log/rabbitmq/log': Is a directory


==> /var/log/rabbitmq/rab...@ubuntu1804.log <==
2019-05-29 00:35:34.348 [info] <0.435.0> started TLS (SSL) listener on [::]:5671
2019-05-29 00:35:34.348 [info] <0.296.0> Running boot step direct_client defined by app rabbit
2019-05-29 00:35:34.378 [info] <0.494.0> Management plugin: HTTP (non-TLS) listener started on port 15672
2019-05-29 00:35:34.378 [info] <0.600.0> Statistics database started.
2019-05-29 00:35:34.418 [notice] <0.104.0> Changed loghwm of /var/log/rabbitmq/rab...@ubuntu1804.log to 50 
2019-05-29 00:35:34.481 [info] <0.8.0> Server startup complete; 4 plugins started.
 * rabbitmq_management
 * rabbitmq_web_dispatch
 * rabbitmq_management_agent
 * rabbitmq_auth_mechanism_ssl


==> /var/log/rabbitmq/rabbit@ubuntu1804_upgrade.log <==
2019-05-23 02:39:59.206 [info] <0.8.0> Log file opened with Lager
2019-05-23 02:52:11.220 [info] <0.8.0> Log file opened with Lager
2019-05-23 05:37:27.085 [info] <0.8.0> Log file opened with Lager
2019-05-23 06:02:30.610 [info] <0.8.0> Log file opened with Lager
2019-05-24 02:09:14.053 [info] <0.8.0> Log file opened with Lager
2019-05-24 03:14:49.990 [info] <0.8.0> Log file opened with Lager
2019-05-24 03:14:56.830 [info] <0.8.0> Log file opened with Lager
2019-05-24 03:29:26.450 [info] <0.8.0> Log file opened with Lager
2019-05-29 00:30:35.600 [info] <0.8.0> Log file opened with Lager
2019-05-29 00:35:32.450 [info] <0.8.0> Log file opened with Lager

On logs folder:

my_user@ubuntu1804:~$ ls -la /var/log/rabbitmq/log/
total 8
drwxr-s--- 2 rabbitmq adm 4096 May 22 07:56 .
drwxr-s--- 3 rabbitmq adm 4096 May 23 02:46 ..
-rw-r----- 1 rabbitmq adm    0 May 22 07:56 crash.log

Empty crash.log. I can't see anything about the error. Maybe it's because I'm using the class `PlainCredentials` to authenticate...

Base tutorial was: https://www.rabbitmq.com/tutorials/tutorial-one-python.html

Then I changed the configuration: https://www.rabbitmq.com/ssl.html

Keypair generated from the above guide: https://github.com/michaelklishin/tls-gen

My config file: https://pastebin.com/EWMFeFgk

I tried to add `log_levels` but neither can't see any log. Any tips? :(

Thanks!

El dimarts, 28 maig de 2019 17:04:20 UTC+2, Luke Bakken va escriure:

Luke Bakken

unread,

May 29, 2019, 11:14:24 AM5/29/19

to Pika

Hello,

If RabbitMQ isn't logging anything, your code isn't getting to the point where a TCP socket is opened. Since the error is coming from the TLS/SSL implementation in Python, I suggest doing a search on the error itself:

https://www.google.com/search?q=do_handshake+OSError+%22Errno+0%22+Error

You're probably running into this issue:

https://github.com/cherrypy/cherrypy/issues/1618

https://github.com/cherrypy/cherrypy/issues/1618#issuecomment-436401136

Thanks,

Luke

On Wednesday, May 29, 2019 at 1:41:00 AM UTC-7, blkpws wrote:

Hello Luke!

Can't see any log when I do the SSL handshake. I did various handshake, latest was at 00:46:??.

my_user@ubuntu1804:~$ tail /var/log/rabbitmq/*

==> /var/log/rabbitmq/erl_crash.dump <== normal timeout infinity '' '$end_of_table' 'nonode@nohost' '_' true false =end ==> /var/log/rabbitmq/log <== tail: error reading '/var/log/rabbitmq/log': Is a directory

==> /var/log/rabbitmq/rabbit@ubuntu1804.log <==

2019-05-29 00:35:34.348 [info] <0.435.0> started TLS (SSL) listener on [::]:5671 2019-05-29 00:35:34.348 [info] <0.296.0> Running boot step direct_client defined by app rabbit 2019-05-29 00:35:34.378 [info] <0.494.0> Management plugin: HTTP (non-TLS) listener started on port 15672 2019-05-29 00:35:34.378 [info] <0.600.0> Statistics database started.

2019-05-29 00:35:34.418 [notice] <0.104.0> Changed loghwm of /var/log/rabbitmq/rabbit@ubuntu1804.log to 50

blkpws

unread,

May 30, 2019, 6:43:49 AM5/30/19

to Pika

Hello Luke,

I don't think those two links will help me, they are using CherryPy buildin SSL library and they have a variable called `IS_BELOW_PY37`.

Pika or at least the error code is using my SSL outside of my virtualenv, and I would know why is it leaving from my virtual environment and why I am getting this error.

Or at least know whats happening without looking too much deep on the code.

Also I am running python 3.7.3.

Thanks!

blkpws

El dimecres, 29 maig de 2019 17:14:24 UTC+2, Luke Bakken va escriure:

Luke Bakken

unread,

May 30, 2019, 10:10:21 AM5/30/19

to Pika

Hello -

Unless you have installed ssl within your virtualenv the system ssl is used. That's how virtualenv works. You can run pip list while the virtualenv is activated to see what is installed. If you print the sys.path variable in your program running in your virtualenv it should clarify things, too.

As for the OSError, please continue to read the links that the google search provides. It looks like this error could be caused by many things, for instance:

https://www.reddit.com/r/learnpython/comments/aervrp/ssl_wrapped_socket_creating_odd_error/

Pika's test suite on Travis CI tests both regular and TLS/SSL connections on many Python versions, so I know that this issue is not related to Pika (https://travis-ci.org/pika/pika/). My team has a comprehensive TLS troubleshooting guide that may help:

https://www.rabbitmq.com/troubleshooting-ssl.html

It may also help to use a tool like Wireshark to see what exactly is being communicated between your program and RabbitMQ.

The google search to which I linked shows many different reasons for that

blkpws

unread,

Jun 4, 2019, 3:49:48 AM6/4/19

to Pika

Hello Luke,

I already googled and saw those answers you sent me (also the other answers below).

With Wireshark I can see the tries between the client and the server (5 requests between them), I don't know how SSL handshake works but probably this means it's just a configuration issue, probably a bad configuration but I can't know if it's the server or the client.

About your links, the travis-ci looks very awesome job and thanks for the troubleshooting link I will take a look.

blkpws

El dijous, 30 maig de 2019 16:10:21 UTC+2, Luke Bakken va escriure:

Luke Bakken

unread,

Jun 4, 2019, 10:14:06 AM6/4/19

to Pika

OK, give the troubleshooting guide a try and let me know how it works for you.

Are you certain nothing is being logged by RabbitMQ?

blkpws

unread,

Jun 5, 2019, 6:13:56 AM6/5/19

to Pika

Hello,

I can't see any log on RabbitMQ when I do the handshake. I suppose I'm not missing any logs. (from `/var/logs/rabbitmq/*` and `journalctl -u rabbitmq-server.service`)

Also, I am trying to see the differences between openssl s_server/s_client and the python module with pika. The result is that python method adds padding at the end, adds the server name and different protocol.

I still need to try new things (like new configurations for the RabbitMQ server, maybe force it to use TLSv1.2...) I was just trying to understand how it works. Don't worry for a reply.