Open gracinet opened 10 years ago
Can you give a try wit the openssl -client call? (so we will only try the ssl layer)
On Sun, Sep 14, 2014 at 2:15 PM, Georges Racinet notifications@github.com wrote:
Hi, I'm giving the cherrypy backend a try for a poller daemon but could not get it to work over SSL. Actually, it just looks as if it ignored the use_ssl flag.
As I side note, my primary motivation for this backend here is not performance, but IPv6 support. Nevertheless, the problem is identical on IPv4.
$ curl -4 https://poller.shinken.example:7771/ curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol $ curl -4 http://poller.shinken.example:7771/ OK
If I switch back the http_backend setting to wsgiref, I get the expected behaviour:
$ curl -4 https://poller.shinken.example:7771/ OK $ curl -4 http://poller.shinken.example:7771/ curl: (56) Recv failure: Connection reset by peer
So in particular, it's not a side effect of wrong certificates paths and the like.
I peered a bit in the code, at first sight the use_ssl flag seems to be passed to that backend, but didn't dig that much
Versions Shinken: 2.0.3, through system-wide pip installation cherrypy: 3.6.0 bottle: I believe it to be bundled with Shinken (tried also with system-wide install of 0.12.7 by pip, behaviour is indentical
Here's the complete daemon INI file (pretty standard, I believe)
[daemon]
-- Global Configuration
user=shinken ; if not set then by default it's the current user.
group=shinken ; if not set then by default it's the current group.
Set to 0 if you want to make this daemon NOT run
daemon_enabled=1
-- Path Configuration
The daemon will chdir into the directory workdir when launched
paths variables values, if not absolute paths, are relative to workdir.
using default values for following config variables value:
workdir = /var/run/shinken logdir = /var/log/shinken pidfile=%(workdir)s/pollerd.pid
-- Network configuration
host=0.0.0.0 port=7771 http_backend=cherrypy
idontcareaboutsecurity=0
-- SSL configuration --
use_ssl=1
WARNING : Put full paths for certs
ca_cert=/a/correct/path server_cert=/a/correct/path server_key=/a/correct/path hard_ssl_name_check=1
-- Local log management --
Enabled by default to ease troubleshooting
use_local_log=1 local_log=%(logdir)s/pollerd.log
accepted log level values= DEBUG,INFO,WARNING,ERROR,CRITICAL
log_level=WARNING
modules_dir=/var/lib/shinken/modules user=shinken group=shinken
Thanks !
— Reply to this email directly or view it on GitHub https://github.com/naparuba/shinken/issues/1318.
I just got the same error, and it seem that the version I used (3.5) was broken with ssl.
I followed the warning telling me that cherrypy was a good options and did the apt-get install python-cherrypy3
, but this version is the 3.5 broken.
for me, the fix was to uninstall the 3.5 and install a newer one with pip
sudo apt-get uninstall python-cherrypy3
sudo pip install cherrypy # CherryPy==11.0.0
Hi, I'm giving the cherrypy backend a try for a poller daemon but could not get it to work over SSL. Actually, it just looks as if it ignored the
use_ssl
flag.As I side note, my primary motivation for this backend here is not performance, but IPv6 support. Nevertheless, the problem is identical on IPv4.
If I switch back the
http_backend
setting towsgiref
, I get the expected behaviour:So in particular, it's not a side effect of wrong certificates paths and the like.
I peered a bit in the code, at first sight the
use_ssl
flag seems to be passed to that backend, but didn't dig that much.Versions Shinken: 2.0.3, through system-wide pip installation cherrypy: 3.6.0, also with
sudo pip
bottle: I believe it to be bundled with Shinken (tried also with system-wide install of 0.12.7 by pip, behaviour is identical)Here's the complete daemon INI file (pretty standard, I believe)
Thanks !