Skip to content

Unable to connect to a sever running Python 3 #5003

Description

@chrisburr

@chaen When you get a chance can you take a look at what is wrong with the Python 3 server, Yes, 2.0a8, 5.7 CI in #5000? The server is failing to handshake with the client (I added some extra logging in ec87743):

Server log

LOOP: SSL accept: before SSL initialization
LOOP: SSL accept: before SSL initialization
LOOP: SSL accept: SSLv3/TLS read client hello
LOOP: SSL accept: SSLv3/TLS write server hello
LOOP: SSL accept: SSLv3/TLS write change cipher spec
LOOP: SSL accept: TLSv1.3 write encrypted extensions
LOOP: SSL accept: SSLv3/TLS write certificate request
LOOP: SSL accept: SSLv3/TLS write certificate
LOOP: SSL accept: TLSv1.3 write server certificate verify
LOOP: SSL accept: SSLv3/TLS write finished
LOOP: SSL accept: TLSv1.3 early data
INFO: SSL accept: TLSv1.3 early data
LOOP: SSL accept: TLSv1.3 early data
ALERT: write: fatal: certificate unknown
INFO: SSL accept: error
2021-03-02 07:16:37 UTC Configuration/Server [140469916133120] ERROR: Failed to handshake_multipleSteps: certificate verify failed SSLError('certificate verify failed')

Client log

2021-03-02 07:16:37 UTC dirac-proxy-init [140188649641792] DEBUG: Trying to connect to: dips://server:9135/Configuration/Server
LOOP: SSL connect: before SSL initialization
LOOP: SSL connect: SSLv3/TLS write client hello
INFO: SSL connect: SSLv3/TLS write client hello
LOOP: SSL connect: SSLv3/TLS write client hello
LOOP: SSL connect: SSLv3/TLS read server hello
LOOP: SSL connect: TLSv1.3 read encrypted extensions
LOOP: SSL connect: SSLv3/TLS read server certificate request
LOOP: SSL connect: SSLv3/TLS read server certificate
LOOP: SSL connect: TLSv1.3 read server certificate verify
LOOP: SSL connect: SSLv3/TLS read finished
LOOP: SSL connect: SSLv3/TLS write change cipher spec
LOOP: SSL connect: SSLv3/TLS write client certificate
LOOP: SSL connect: SSLv3/TLS write certificate verify
LOOP: SSL connect: SSLv3/TLS write finished
INFO: SSL connect: SSL negotiation finished successfully
2021-03-02 07:16:37 UTC dirac-proxy-init [140188649641792] DEBUG: Connected to: dips://server:9135/Configuration/Server
2021-03-02 07:16:37 UTC dirac-proxy-init [140188649641792] DEBUG: New connection -> 172.19.0.5:9135
ALERT: read: fatal: certificate unknown
2021-03-02 07:16:37 UTC dirac-proxy-init [140188649641792] WARN: Can't update from server Error while updating from dips://server:9135/Configuration/Server: Peer closed connection
2021-03-02 07:16:37 UTC dirac-proxy-init [140188649641792] WARN: Reason(s):
	Peer closed connection

Reproducer

  1. Start everything up
docker run --rm -it --privileged --name dirac-testing-host \
    -e CI_PROJECT_DIR=/repo/DIRAC \
    -e SERVER_USE_PYTHON3=Yes \
    -e MYSQL_VER=5.7 \
    -e SERVER_DIRACOSVER=2.0a8 \
    -e CI_REGISTRY_IMAGE=diracgrid \
    -e CLIENT_USE_PYTHON3=Yes \
    -v /var/run/docker.sock:/var/run/docker.sock \
    -v $PWD:/repo/DIRAC \
    -w /repo \
    diracgrid/docker-compose-dirac:latest \
    bash -c 'source DIRAC/tests/CI/run_docker_setup.sh; set +e; prepareEnvironment; installServer'
  1. Run the server interactively
docker exec -it -u dirac server bash
source /home/dirac/ServerInstallDIR/bashrc
runsvctrl d /home/dirac/ServerInstallDIR/diracos/runit/Configuration/Server
dirac-service Configuration/Server --cfg /home/dirac/ServerInstallDIR/diracos/etc/Configuration_Server.cfg -ddd
  1. Try to get a proxy
docker exec -it -u dirac server bash
source /home/dirac/ServerInstallDIR/bashrc
dirac-proxy-init -g dirac_admin -C /home/dirac/ServerInstallDIR/user/client.pem -K /home/dirac/ServerInstallDIR/user/client.key -ddd --rfc

Metadata

Metadata

Assignees

Labels

Type

No type
No fields configured for issues without a type.

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions