search

Azure / azure-sdk-for-python

This repository is for active development of the Azure SDK for Python. For consumers of the SDK we recommend visiting our public developer docs at https://learn.microsoft.com/python/azure/ or our versioned developer docs at https://azure.github.io/azure-sdk-for-python.
MIT License
4.63k stars 2.84k forks source link

ServiceBus on Windows 7: CertCreateCertificateChainEngine failed with error 0x80070057 #23972

Closed sdegiacomi closed 2 years ago

sdegiacomi commented 2 years ago

Describe the bug Latest Python ServiceBus SDK fails to connect to ServiceBus when using Windows 7. The same exact code works on other platforms (Windows 10, ubuntu 16.10, Mac 10.13 and others). The following logs are printed by the SDK:

   INFO connection.py@177 _state_changed: Connection b'SBSender-c79b5ddd-6919-419a-93e8-2c8b803c8541' state changed from <ConnectionState.START: 0> to <ConnectionState.START: 0>
   INFO connection.py@260 work: b'CertCreateCertificateChainEngine failed with error 0x80070057' (b'D:\\a\\1\\s\\src\\vendor\\azure-uamqp-c\\deps\\azure-c-shared-utility\\adapters\\x509_schannel.c':b'_x509_verify_certificate_in_chain':583)
   INFO connection.py@260 work: b'Failed to verify trusted certificate in chain' (b'D:\\a\\1\\s\\src\\vendor\\azure-uamqp-c\\deps\\azure-c-shared-utility\\adapters\\tlsio_schannel.c':b'_verify_custom_certificate_if_needed':451)
   INFO connection.py@260 work: b'Unable to verify server certificate against custom server trusted certificate' (b'D:\\a\\1\\s\\src\\vendor\\azure-uamqp-c\\deps\\azure-c-shared-utility\\adapters\\tlsio_schannel.c':b'_on_underlying_io_bytes_received':710)
   INFO connection.py@260 work: b'wsio_close when not open.' (b'D:\\a\\1\\s\\src\\vendor\\azure-uamqp-c\\deps\\azure-c-shared-utility\\src\\wsio.c':b'_internal_close':153)
   INFO connection.py@177 _state_changed: Connection b'SBSender-c79b5ddd-6919-419a-93e8-2c8b803c8541' state changed from <ConnectionState.START: 0> to <ConnectionState.END: 13>
   INFO connection.py@181 _state_changed: Connection with ID b'SBSender-c79b5ddd-6919-419a-93e8-2c8b803c8541' unexpectedly in an error state. Closing: False, Error: None
   INFO connection.py@260 work: b'AMQP management instance not open' (b'D:\\a\\1\\s\\src\\vendor\\azure-uamqp-c\\src\\amqp_management.c':b'_amqp_management_close':1061)
   INFO connection.py@260 work: CBS for connection b'SBSender-c79b5ddd-6919-419a-93e8-2c8b803c8541' completed opening with status: 2
  DEBUG sender.py@95 __init__: Wrapping value type: <AMQPType.CompositeType: 23>
  DEBUG sender.py@96 __init__: Wrapping value type: <AMQPType.CompositeType: 23>
   INFO sender.py@268 on_state_changed: Message sender b'sender-link-238306e0-b886-4491-97c5-708b4d90c999' state changed from <MessageSenderState.Idle: 1> to <MessageSenderState.Opening: 2> on connection: b'SBSender-c79b5ddd-6919-419a-93e8-2c8b803c8541'
   INFO sender.py@176 _state_changed: Sender link failed to open - expecting to receive DETACH frame.
WARNING connection.py@256 work: ConnectionClose('ErrorCodes.UnknownError: Connection in an unexpected error state.')
  DEBUG sender.py@206 destroy: Destroying cMessageSender
  DEBUG sender.py@207 destroy: Destroying cLink
  DEBUG client.py@283 close: Deallocating 'CompositeValue'
  DEBUG client.py@283 close: Destroying 'CompositeValue'
  DEBUG client.py@283 close: Deallocating 'CompositeValue'
  DEBUG client.py@283 close: Destroying 'CompositeValue'
  DEBUG client.py@283 close: Deallocating cLink
  DEBUG client.py@283 close: Deallocating cMessageSender
  DEBUG client.py@294 close: CBS session pending.
  DEBUG client.py@297 close: Closing exclusive connection.
  DEBUG connection.py@217 destroy: Unlocked connection b'SBSender-c79b5ddd-6919-419a-93e8-2c8b803c8541' to close.
   INFO connection.py@129 _close: Shutting down connection b'SBSender-c79b5ddd-6919-419a-93e8-2c8b803c8541'.
   INFO cbs_auth.py@86 close_authenticator: Shutting down CBS session on connection: b'SBSender-c79b5ddd-6919-419a-93e8-2c8b803c8541'.
  DEBUG cbs_auth.py@88 close_authenticator: Unlocked CBS to close on connection: b'SBSender-c79b5ddd-6919-419a-93e8-2c8b803c8541'.
  DEBUG cbs_auth.py@89 close_authenticator: Destroying CBSTokenAuth for connection b'SBSender-c79b5ddd-6919-419a-93e8-2c8b803c8541'
   INFO cbs_auth.py@89 close_authenticator: Token put complete with result: 2, status: 0, description: b'CBS Session closed.', connection: b'SBSender-c79b5ddd-6919-419a-93e8-2c8b803c8541'
   INFO cbs_auth.py@90 close_authenticator: Auth closed, destroying session on connection: b'SBSender-c79b5ddd-6919-419a-93e8-2c8b803c8541'.
  DEBUG session.py@135 destroy: Destroying cSession
   INFO cbs_auth.py@93 close_authenticator: Finished shutting down CBS session on connection: b'SBSender-c79b5ddd-6919-419a-93e8-2c8b803c8541'.
  DEBUG connection.py@134 _close: Destroying Connection
   INFO connection.py@134 _close: b'send called while not open' (b'D:\\a\\1\\s\\src\\vendor\\azure-uamqp-c\\src\\saslclientio.c':b'_saslclientio_send_async':1181)
   INFO connection.py@134 _close: b'Cannot send encoded bytes' (b'D:\\a\\1\\s\\src\\vendor\\azure-uamqp-c\\src\\connection.c':b'_on_bytes_encoded':268)
   INFO connection.py@134 _close: b'saslclientio_close called while not open' (b'D:\\a\\1\\s\\src\\vendor\\azure-uamqp-c\\src\\saslclientio.c':b'_saslclientio_close_async':1130)
   INFO connection.py@134 _close: b'xio_close failed' (b'D:\\a\\1\\s\\src\\vendor\\azure-uamqp-c\\src\\connection.c':b'_on_bytes_encoded':272)
   INFO connection.py@177 _state_changed: Connection b'SBSender-c79b5ddd-6919-419a-93e8-2c8b803c8541' state changed from <ConnectionState.END: 13> to <ConnectionState.END: 13>
   INFO connection.py@177 _state_changed: Connection b'SBSender-c79b5ddd-6919-419a-93e8-2c8b803c8541' state changed from <ConnectionState.END: 13> to <ConnectionState.END: 13>
   INFO connection.py@134 _close: b'saslclientio_close called while not open' (b'D:\\a\\1\\s\\src\\vendor\\azure-uamqp-c\\src\\saslclientio.c':b'_saslclientio_close_async':1130)
   INFO connection.py@134 _close: b'xio_close failed' (b'D:\\a\\1\\s\\src\\vendor\\azure-uamqp-c\\src\\connection.c':b'_connection_close':1437)
  DEBUG common.py@234 close: Destroying XIO
  DEBUG common.py@235 close: Destroying XIO
  DEBUG common.py@251 close: Destroying SASLMechanism
   INFO connection.py@136 _close: Connection shutdown complete b'SBSender-c79b5ddd-6919-419a-93e8-2c8b803c8541'.
  DEBUG __init__.py@163 deinitialize: Deinitializing platform.
   INFO exceptions.py@88 _handle_amqp_exception_with_condition: AMQP error occurred: (ConnectionClose('ErrorCodes.UnknownError: Connection in an unexpected error state.')), condition: (<ErrorCodes.UnknownError: b'amqp:unknown-error'>), description: (b'Connection in an unexpected error state.').
   INFO _base_handler.py@411 _do_retryable_operation: 'servicebus.pysdk-e4d285be' operation has exhausted retry. Last exception: ServiceBusConnectionError('Connection in an unexpected error state. Error condition: ErrorCodes.UnknownError.').
  ERROR test_manager.py@1125 finalize: sending final offline heartbeat failed: Connection in an unexpected error state. Error condition: ErrorCodes.UnknownError.

The SDK fails to connect both with TransportType Amqp and AmqpOverWebsocket, and the SDK reports the same error.

To Reproduce Run the following script on Windows 7:

from azure.core.credentials import AzureNamedKeyCredential
from azure.servicebus import ServiceBusClient, TransportType, ServiceBusMessage

client = ServiceBusClient(
    fully_qualified_namespace="something.servicebus.windows.net",
    credential=AzureNamedKeyCredential("shared_access_key_name", "shared_access_key_value"),
    transport_type=TransportType.AmqpOverWebsocket # or TransportType.Amqp
)

message = ServiceBusMessage("hello")
with client.get_topic_sender("topic_name") as sender:
    sender.send_messages(message)

Expected behavior Latest version of SDK should connect to ServiceBus using Windows 7 platform.

Additional context Interestingly, in the same machine:

After some debugging, I found this SO answer. Can the issue be related to fields hExclusiveRoot and hExclusiveTrustedPeople in struct CERT_CHAIN_ENGINE_CONFIG, which are not specified in x509_schannel.c?

mccoyp commented 2 years ago

Hi @sdegiacomi, thank you for opening an issue! I'll tag the appropriate folks so we can look into this as soon as possible.

yunhaoling commented 2 years ago

hey @sdegiacomi, I'm sorry to inform you that support for Windows 7 ended on January 14, 2020 and we have no plan for our SDKs to keep supporting Windows 7.

is there anything else we could help with or is there a reason what Windows 7 is wanted by you?

yunhaoling commented 2 years ago

latest update:

Simone Degiacomi is from internal team and reached out to me via Teams.

for short term fix, Simone is able to patch the C code, compile and get the sdk work on Windows7. for long term fix, we will have the pure python-based service bus sdk which should get rid of the C certificate issue, and we will get Simone to be our early adopter to try the SDK out.

cc: @kashifkhan @lmazuel

ghost commented 2 years ago

Hi, we're sending this friendly reminder because we haven't heard back from you in a while. We need more information about this issue to help address it. Please be sure to give us your input within the next 7 days. If we don't hear back from you within 14 days of this comment the issue will be automatically closed. Thank you!