pika.exceptions.AMQPConnectionError with pika=1.1.0 and rabbitmq 3.7.17 on python 2.7.12

2,314 views
Skip to first unread message

Swarna Swaminathan

unread,
Dec 5, 2019, 9:49:19 AM12/5/19
to rabbitmq-users
Hi,

I am trying to create a connection and start a ioloop. But it throws a pika.exceptions.AMQPConnectionError exception.

Environment :
pika=1.10
rabbitmq-server=3.7.17
python=2.7.12
OS= ubuntu 16.04

---------------------------<Code snippet>---------------------------
import pika
import time
import ssl
import socket

context = ssl.create_default_context(cafile=<cacert>)

context.load_cert_chain("<cert.pem>", "<key.pem>")

ssl_opts = pika.SSLOptions(context, "localhost")

parameters = pika.ConnectionParameters(host="<host>", port=5671, credentials=pika.credentials.ExternalCredentials(), ssl_options=ssl_opts, socket_timeout=100)

connection = pika.SelectConnection(parameters=parameters, on_open_callback=on_connected)

r_interrupt, w_interrupt = socket.socketpair()

def on_interrupt(interrupt_fd, events, write_only=False):
    try:
        self.r_interrupt.recv(512)
        print "YAyyy"
    except OSError as e:
        if e.errno != errno.EAGAIN:
            print "Oh no!"

connection.ioloop.add_handler(r_interrupt.fileno(), on_interrupt, pika.adapters.select_connection.PollEvents.READ)

connection.ioloop.start()

---------------------------------------------------------------------------------

But starting the ioloop fails with the below traceback:
Traceback (most recent call last):
  File "publisher.py", line 52, in <module>
    connection.ioloop.start()
  File "/usr/local/lib/python2.7/dist-packages/pika/adapters/select_connection.py", line 543, in start
    self._poller.start()
  File "/usr/local/lib/python2.7/dist-packages/pika/adapters/select_connection.py", line 803, in start
    self.poll()
  File "/usr/local/lib/python2.7/dist-packages/pika/adapters/select_connection.py", line 1200, in poll
    self._dispatch_fd_events(fd_event_map)
  File "/usr/local/lib/python2.7/dist-packages/pika/adapters/select_connection.py", line 904, in _dispatch_fd_events
    handler(fileno, events)
  File "/usr/local/lib/python2.7/dist-packages/pika/adapters/utils/selector_ioloop_adapter.py", line 391, in _on_reader_writer_fd_events
    callbacks.writer()
  File "/usr/local/lib/python2.7/dist-packages/pika/diagnostic_utils.py", line 53, in log_exception_func_wrap
    return func(*args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/pika/adapters/utils/io_services_utils.py", line 353, in _on_writable
    self._report_completion(result)
  File "/usr/local/lib/python2.7/dist-packages/pika/diagnostic_utils.py", line 53, in log_exception_func_wrap
    return func(*args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/pika/adapters/utils/io_services_utils.py", line 286, in _report_completion
    self._on_done(result)
  File "/usr/local/lib/python2.7/dist-packages/pika/adapters/utils/connection_workflow.py", line 378, in _on_tcp_connection_done
    AMQPConnectorSocketConnectError(exc))
  File "/usr/local/lib/python2.7/dist-packages/pika/adapters/utils/connection_workflow.py", line 298, in _report_completion_and_cleanup
    on_done(result)
  File "/usr/local/lib/python2.7/dist-packages/pika/adapters/utils/connection_workflow.py", line 863, in _on_connector_done
    self._try_next_resolved_address()
  File "/usr/local/lib/python2.7/dist-packages/pika/adapters/utils/connection_workflow.py", line 819, in _try_next_resolved_address
    self._try_next_config_async()
  File "/usr/local/lib/python2.7/dist-packages/pika/adapters/utils/connection_workflow.py", line 774, in _try_next_config_async
    self._start_new_cycle_async(first=False)
  File "/usr/local/lib/python2.7/dist-packages/pika/adapters/utils/connection_workflow.py", line 747, in _start_new_cycle_async
    self._report_completion_and_cleanup(error)
  File "/usr/local/lib/python2.7/dist-packages/pika/adapters/utils/connection_workflow.py", line 730, in _report_completion_and_cleanup
    on_done(result)
  File "/usr/local/lib/python2.7/dist-packages/pika/adapters/base_connection.py", line 263, in _unshim_connection_workflow_callback
    user_on_done(result)
  File "/usr/local/lib/python2.7/dist-packages/pika/adapters/base_connection.py", line 337, in _on_connection_workflow_done
    self._handle_connection_workflow_failure(conn_or_exc)
  File "/usr/local/lib/python2.7/dist-packages/pika/adapters/base_connection.py", line 360, in _handle_connection_workflow_failure
    self._on_stream_terminated(error)
  File "/usr/local/lib/python2.7/dist-packages/pika/connection.py", line 2063, in _on_stream_terminated
    self._error)
  File "/usr/local/lib/python2.7/dist-packages/pika/callback.py", line 60, in wrapper
    return function(*tuple(args), **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/pika/callback.py", line 92, in wrapper
    return function(*args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/pika/callback.py", line 233, in process
    callback(*args, **keywords)
  File "/usr/local/lib/python2.7/dist-packages/pika/connection.py", line 1800, in _default_on_connection_error
    raise error
pika.exceptions.AMQPConnectionError


Need help urgently. What could be the possible reason?

Luke Bakken

unread,
Dec 5, 2019, 11:29:50 AM12/5/19
to rabbitmq-users
Hello,

More than likely you have an error in how you have created your certificates, or have certificate authentication configured in RabbitMQ.

Please see this message where I detail a complete configuration that works using client certificates: https://groups.google.com/forum/#!msg/pika-python/lHv1Ho_I_DU/L4uoxKu3DQAJ

This guide is a good place to start as well: https://www.rabbitmq.com/troubleshooting-ssl.html

Thanks,
Luke
Message has been deleted
Message has been deleted

Luke Bakken

unread,
Dec 6, 2019, 10:23:39 AM12/6/19
to rabbitm...@googlegroups.com
Hello,

The most prominent error in that output is "tlsv1 alert insufficient security"

Please search the rabbitmq-users group with those words. You will find discussions relating to TLS and cipher suites.

Also, it's very important to also share what is logged by RabbitMQ at the same time you see an error in your client application.

Finally, please let us know what version of Erlang you are using.

Thanks,
Luke

On Fri, Dec 6, 2019 at 7:00 AM Swarna Swaminathan <swarnaswa...@gmail.com> wrote:
Hello Luke,

Thanks for the reply.
I was using a incompatible tls version type in the rabbitmq conf file, doe to which rabbitmq-server was not able to listen on port 5671.
I fixed the issue.

Now, on trying to connect to the server, it fails with a SSL handshake error:

 " Thread-3 pika.adapters.utils.connection_workflow: INFO - Pika version 1.1.0 connecting to ('fd00::1:8:4', 5671, 0, 0)"
 " Thread-3 pika.adapters.utils.io_services_utils: INFO - Socket connected: <socket._socketobject object at 0x7f4a48e52d00>"
 " Thread-3 pika.adapters.utils.io_services_utils: ERROR - SSL do_handshake failed: error=SSLError(1, u'[SSL: TLSV1_ALERT_INSUFFICIENT_SECURITY] tlsv1 alert insufficient security (_ssl.c:590)'); <ssl.SSLSocket object at 0x7f4a48e53230>"
 "Traceback (most recent call last):"
 "  File ""/usr/local/lib/python2.7/dist-packages/pika/adapters/utils/io_services_utils.py"", line 636, in _do_ssl_handshake"
 "    self._sock.do_handshake()"
 "  File ""/usr/lib/python2.7/ssl.py"", line 830, in do_handshake"
 "    self._sslobj.do_handshake()"
 "SSLError: [SSL: TLSV1_ALERT_INSUFFICIENT_SECURITY] tlsv1 alert insufficient security (_ssl.c:590)"
 " Thread-3 pika.adapters.utils.connection_workflow: ERROR - Attempt to create the streaming transport failed: SSLError(1, u'[SSL: TLSV1_ALERT_INSUFFICIENT_SECURITY] tlsv1 alert insufficient security (_ssl.c:590)'); 'rabbitmq'/(10, 1, 6, '', ('fd00::1:8:4', 5671, 0, 0)); ssl=True"
 " Thread-3 pika.adapters.utils.connection_workflow: ERROR - AMQPConnector - reporting failure: AMQPConnectorTransportSetupError: SSLError(1, u'[SSL: TLSV1_ALERT_INSUFFICIENT_SECURITY] tlsv1 alert insufficient security (_ssl.c:590)')"

 pika.adapters.utils.connection_workflow: ERROR - AMQP connection workflow failed: AMQPConnectionWorkflowFailed: 2 exceptions in all; last exception - AMQPConnectorTransportSetupError: SSLError(1, u'[SSL: TLSV1_ALERT_INSUFFICIENT_SECURITY] tlsv1 alert insufficient security (_ssl.c:590)'); first exception - AMQPConnectorTransportSetupError: SSLError(1, u'[SSL: TLSV1_ALERT_INSUFFICIENT_SECURITY] tlsv1 alert insufficient security (_ssl.c:590)')."
Reply all
Reply to author
Forward
0 new messages