Closed nullwiz closed 4 years ago
After some time and lots of debugging, I found that openssl wont answer to localhost on the specified server, and im unable to see the certificate if I do the following:
openssl s_client -connect 127.0.0.1:7000
However, this shouldnt be a problem since (both on the docker and the online solution) insecure is set to False. It is not clear what "insecure" does: in the code I can see it should do verify=False as a parameter for the requests library, but this does not happen-- the connection is closed anyway. If I set a tunnel with ngrok, the connection is not closed when going to the /token endpoint.
Ngrok tunnel does have a valid certificate, so I dont know what is going on but I can assume this is an SSL issue.
What does the "insecure" flag do? What I would expect is that it would allow self-signed certificates, but this is not happening.
Finally fixed this issue. For anyone wondering, the main reason the suite was failing was because of a known Docker bug in MacOS.
Particularly, in networking -- the container was unable to reach the host. And even when the workaround from the docker docs was implemented (to reach the host I had to use hosts.docker.internal) the suite would fail with Invalid issuer (the same error i got through ngrok).
This was fixed by just running the suite in a Linux box, and running the container with --net=host .
If your service is running on the host machine, keep this in mind.
ok, thanks for reporting back and sorry for the late reaction
Hi guys.
Our team is very grateful of finding this tool. However, we are facing an issue every time the /token endpoint is called. We find that after completing the authorization, we get a connection refused from CherryPy.
Also, the endpoint is called before even completing the "Allow Access" part of the authorization.
Here are the full logs thrown:
`****
Something went wrong! If you know or suspect you know why, then try to fix it. If you have no idea, then please tell us at certification@oidf.org and we will help you figure it out.
Traceback (most recent call last): File "/usr/local/lib/python3.6/dist-packages/urllib3-1.25.8-py3.6.egg/urllib3/connection.py", line 157, in _new_conn (self._dns_host, self.port), self.timeout, **extra_kw File "/usr/local/lib/python3.6/dist-packages/urllib3-1.25.8-py3.6.egg/urllib3/util/connection.py", line 84, in create_connection raise err File "/usr/local/lib/python3.6/dist-packages/urllib3-1.25.8-py3.6.egg/urllib3/util/connection.py", line 74, in create_connection sock.connect(sa) ConnectionRefusedError: [Errno 111] Connection refused
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "/usr/local/lib/python3.6/dist-packages/urllib3-1.25.8-py3.6.egg/urllib3/connectionpool.py", line 672, in urlopen chunked=chunked, File "/usr/local/lib/python3.6/dist-packages/urllib3-1.25.8-py3.6.egg/urllib3/connectionpool.py", line 376, in _make_request self._validate_conn(conn) File "/usr/local/lib/python3.6/dist-packages/urllib3-1.25.8-py3.6.egg/urllib3/connectionpool.py", line 994, in _validate_conn conn.connect() File "/usr/local/lib/python3.6/dist-packages/urllib3-1.25.8-py3.6.egg/urllib3/connection.py", line 300, in connect conn = self._new_conn() File "/usr/local/lib/python3.6/dist-packages/urllib3-1.25.8-py3.6.egg/urllib3/connection.py", line 169, in _new_conn self, "Failed to establish a new connection: %s" % e urllib3.exceptions.NewConnectionError: <urllib3.connection.VerifiedHTTPSConnection object at 0x7f24cc5cbba8>: Failed to establish a new connection: [Errno 111] Connection refused
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "/usr/local/lib/python3.6/dist-packages/requests-2.22.0-py3.6.egg/requests/adapters.py", line 449, in send timeout=timeout File "/usr/local/lib/python3.6/dist-packages/urllib3-1.25.8-py3.6.egg/urllib3/connectionpool.py", line 720, in urlopen method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2] File "/usr/local/lib/python3.6/dist-packages/urllib3-1.25.8-py3.6.egg/urllib3/util/retry.py", line 436, in increment raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='127.0.0.1', port=7000): Max retries exceeded with url: /token (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f24cc5cbba8>: Failed to establish a new connection: [Errno 111] Connection refused',))
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "/usr/local/lib/python3.6/dist-packages/otest-0.8.0-py3.6.egg/otest/aus/tool.py", line 96, in run_flow resp = _oper() File "/usr/local/lib/python3.6/dist-packages/otest-0.8.0-py3.6.egg/otest/operation.py", line 105, in call res = self.run(*args, kwargs) File "/usr/local/lib/python3.6/dist-packages/oidctest-0.9.1-py3.6.egg/oidctest/op/oper.py", line 259, in run res = self._run() File "/usr/local/lib/python3.6/dist-packages/oidctest-0.9.1-py3.6.egg/oidctest/op/oper.py", line 289, in _run request_args=self.req_args, self.op_args) File "/usr/local/lib/python3.6/dist-packages/otest-0.8.0-py3.6.egg/otest/operation.py", line 171, in catch_exception_and_error res = func(kwargs) File "/usr/local/lib/python3.6/dist-packages/oic-1.1.2-py3.6.egg/oic/oic/init.py", line 681, in do_access_token_request kwargs File "/usr/local/lib/python3.6/dist-packages/oic-1.1.2-py3.6.egg/oic/oauth2/init.py", line 874, in do_access_token_request kwargs File "/usr/local/lib/python3.6/dist-packages/oic-1.1.2-py3.6.egg/oic/oauth2/init.py", line 752, in request_and_return resp = self.http_request(url, method, data=body, http_args) File "/usr/local/lib/python3.6/dist-packages/oic-1.1.2-py3.6.egg/oic/oauth2/base.py", line 93, in http_request r = requests.request(method, url, _kwargs) File "/usr/local/lib/python3.6/dist-packages/requests-2.22.0-py3.6.egg/requests/api.py", line 60, in request return session.request(method=method, url=url, kwargs) File "/usr/local/lib/python3.6/dist-packages/requests-2.22.0-py3.6.egg/requests/sessions.py", line 533, in request resp = self.send(prep, send_kwargs) File "/usr/local/lib/python3.6/dist-packages/requests-2.22.0-py3.6.egg/requests/sessions.py", line 646, in send r = adapter.send(request, kwargs) File "/usr/local/lib/python3.6/dist-packages/requests-2.22.0-py3.6.egg/requests/adapters.py", line 516, in send raise ConnectionError(e, request=request) requests.exceptions.ConnectionError: HTTPSConnectionPool(host='127.0.0.1', port=7000): Max retries exceeded with url: /token (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f24cc5cbba8>: Failed to establish a new connection: [Errno 111] Connection refused',))`
It is not clear for us what might be causing the issue, but we do get partial logs here.