Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

urllib.error.URLError on python > 3.10 when SSL is enabled #253

Open
yssrku opened this issue Apr 7, 2023 · 0 comments
Open

urllib.error.URLError on python > 3.10 when SSL is enabled #253

yssrku opened this issue Apr 7, 2023 · 0 comments

Comments

@yssrku
Copy link

yssrku commented Apr 7, 2023

Hi, after I upgrade my python, I found libtaxii is broken when ssl is enabled

Traceback (most recent call last):
  File "script.py", line 38, in <module>
    http_resp = client.call_taxii_service2('host', '/taxii/v1/poll/', VID_TAXII_XML_11, poll_request.to_xml())
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "venv/lib/python3.11/site-packages/libtaxii/clients.py", line 346, in call_taxii_service2
    response = urllib.request.urlopen(req)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "~/.pyenv/versions/3.11.3/lib/python3.11/urllib/request.py", line 216, in urlopen
    return opener.open(url, data, timeout)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "~/.pyenv/versions/3.11.3/lib/python3.11/urllib/request.py", line 519, in open
    response = self._open(req, data)
               ^^^^^^^^^^^^^^^^^^^^^
  File "~/.pyenv/versions/3.11.3/lib/python3.11/urllib/request.py", line 536, in _open
    result = self._call_chain(self.handle_open, protocol, protocol +
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "~/.pyenv/versions/3.11.3/lib/python3.11/urllib/request.py", line 496, in _call_chain
    result = func(*args)
             ^^^^^^^^^^^
  File "venv/lib/python3.11/site-packages/libtaxii/clients.py", line 374, in https_open
    return self.do_open(self.get_connection, req)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "~/.pyenv/versions/3.11.3/lib/python3.11/urllib/request.py", line 1351, in do_open
    raise URLError(err)
urllib.error.URLError: <urlopen error Cannot create a client socket with a PROTOCOL_TLS_SERVER context (_ssl.c:805)>

After some digging, I found when verify_server is not enabled (which is the default), libtaxii creates ssl context with ssl.Purpose.CLIENT_AUTH.
https://github.com/TAXIIProject/libtaxii/blob/master/libtaxii/clients.py#L432

This creates a server context
https://github.com/python/cpython/blob/8563966be4f171ccf615105ef9d3a5aa65a1de68/Lib/ssl.py#L697

Which cannot be used to create client sockets.

More info on this:
python/cpython#96972
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@yssrku