Closed df7cb closed 8 years ago
debfx
commented
8 years ago sock.getpeername()[0] should return the remote IP address.
Do you still have the tracebacks? connect_to_host() certainly can throw OSErrors in more places. I'll look into improving that.
df7cb
commented
8 years ago Fyi, here's one of the backtraces:
master $ ./check_dane --host irc.oftc.net --port 6697 --no-dnssec
DANE OK - irc.oftc.net:6697 cert matches TLSA record (DNSSEC not validated)
master $ ./check_dane --host irc.oftc.net --port 6697 --no-dnssec
Traceback (most recent call last):
File "./check_dane", line 173, in connect_to_host
return context.wrap_socket(sock, server_hostname=args.host)
File "/usr/lib/python3.4/ssl.py", line 364, in wrap_socket
_context=self)
File "/usr/lib/python3.4/ssl.py", line 577, in __init__
self.do_handshake()
File "/usr/lib/python3.4/ssl.py", line 804, in do_handshake
self._sslobj.do_handshake()
ConnectionResetError: [Errno 104] Connection reset by peer
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "./check_dane", line 351, in <module>
main()
File "./check_dane", line 300, in main
ssl_sock = connect_to_host(connect_host, connect_port, args, initial_check_pkix)
File "./check_dane", line 176, in connect_to_host
(connect_host, sock.getpeername()[0], connect_port, str(e)))
OSError: [Errno 9] Bad file descriptor
Thanks for check_dane!
This pull requests improves error reporting a bit. Ideally we could also show the IP address used, but it didn't seem to be available in this context.
(Fwiw, I had other errors and tracebacks during my tests as well, but didn't go into debugging because the setup Just Worked eventually. Still, this patch should improve things a bit.)