Closed ghost closed 5 years ago
Ok i have some more info for you. I know exactly where it hangs now. Here is the output from gdb:
(gdb) py-bt
Traceback (most recent call first):
File "/usr/local/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.py", line 146, in _get_osurandom_engine
res = self._lib.ENGINE_init(e)
File "/usr/lib/python2.7/contextlib.py", line 17, in __enter__
return self.gen.next()
File "/usr/local/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.py", line 163, in activate_osrandom_engine
with self._get_osurandom_engine() as e:
File "/usr/local/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.py", line 119, in __init__
self.activate_osrandom_engine()
File "/usr/local/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.py", line 2419, in <module>
backend = Backend()
File "/usr/local/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/__init__.py", line 7, in <module>
from cryptography.hazmat.backends.openssl.backend import backend
File "/usr/local/lib/python2.7/dist-packages/cryptography/hazmat/backends/__init__.py", line 15, in default_backend
from cryptography.hazmat.backends.openssl.backend import backend
File "/usr/local/lib/python2.7/dist-packages/py_vapid/__init__.py", line 65, in from_raw
backend=default_backend())
File "/usr/local/lib/python2.7/dist-packages/py_vapid/__init__.py", line 142, in from_string
return cls.from_raw(pkey)
File "/usr/local/lib/python2.7/dist-packages/pywebpush/__init__.py", line 415, in webpush
vv = Vapid.from_string(private_key=vapid_private_key)
File "/root/python-scripts/PushNotif.py", line 14, in send
vapid_claims={"sub": "mailto:YourNameHere@example.org",}
File "AuthNotif.py", line 68, in <module>
(gdb) py-list
141 # Fetches an engine by id and returns it. This creates a structural
142 # reference.
143 e = self._lib.ENGINE_by_id(self._lib.Cryptography_osrandom_engine_id)
144 self.openssl_assert(e != self._ffi.NULL)
145 # Initialize the engine for use. This adds a functional reference.
>146 res = self._lib.ENGINE_init(e)
147 self.openssl_assert(res == 1)
148
149 try:
150 yield e
151 finally:
So we can see it is having issues with res = self._lib.ENGINE_init(e)
Values of e and self when it hangs:
self = <Backend(_ffi=<CompiledFFI at remote 0x7fe102ef8050>, _lib=<module at remote 0x7fe102ef9c20>, _cipher_registry={(<type at remote 0x55a3fb0032e0>, <type at remote 0x55a3fb007710>): <GetCipherByName(_fmt='des-ede3') at remote 0x7fe1028f4c50>, (<type at remote 0x55a3faff6a80>, <type at remote 0x55a3fb0089f0>): <GetCipherByName(_fmt='seed-{mode.name}') at remote 0x7fe102889290>, (<type at remote 0x55a3fafbba90>, <type at remote 0x55a3fb006970>): <GetCipherByName(_fmt='{cipher.name}-{cipher.key_size}-{mode.name}') at remote 0x7fe1028f4c90>, (<type at remote 0x55a3fb0032e0>, <type at remote 0x55a3fb008db0>): <GetCipherByName(_fmt='des-ede3-{mode.name}') at remote 0x7fe1028f4fd0>, (<type at remote 0x55a3faff6a80>, <type at remote 0x55a3fb007710>): <GetCipherByName(_fmt='seed-{mode.name}') at remote 0x7fe1028892d0>, (<type at remote 0x55a3faff6530>, <type at remote 0x55a3fb0089f0>): <GetCipherByName(_fmt='{cipher.name}-{mode.name}') at remote 0x7fe102889410>, (<type at remote 0x55a3faff71e0>, <type at remote 0x55a3f9...(truncated)
e = <_cffi_backend.CData at remote 0x7fe102ec55d0>
I am completely lost with all this info but hopefully it's enough for you to help me out.
It's just so strange how sometimes it will work fine, and other times it will hang. I'm not sure if this is relevant, but I'm running this on a Digital Ocean Droplet running Ubuntu 18.04.2. The issue happens with python 2.7.15rc1 and python 3.6.7
Well it seems to be an issue that only occurs on my Digital Ocean Droplet. I just ran the same code about 30 times in a row on my Windows 10 machine and it worked perfect every time.
Well, first, thank you for the added info. I see that the problem is inside openssl
when trying to get a proper random number from the OS. That's what
File "/usr/local/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.py", line 163, in activate_osrandom_engine
with self._get_osurandom_engine() as e:
is doing.
I've seen similar sorts of things happen on systems with low entropy. Basically, there's not enough sources of truly random crap happening that a proper random number could be derived. If this is on a shared system, it's even worse because entropy tends to be shared among all containers. If you're on a box with some bitcoin miner or doing a bunch of TLS cert management, then yeah, you're not going to have a lot of entropy to draw from.
(That also might explain why your home box has no problem.)
I'm not really sure what to suggest to make this better. I suppose you could wrap the call with a timeout and retry when things are a bit less busy. I'd STRONGLY suggest you don't try to use something other than your OS urandom
, so using a PRNG is probably not-ideal for anything close to production.
Sorry I can't offer more help.
That's no problem. Thanks for the info. At least I know what the issue is now and I can investigate a solution.
For anyone else who stumbles across this: https://www.digitalocean.com/community/tutorials/how-to-setup-additional-entropy-for-cloud-servers-using-haveged
Upon running the following the push section of the code hangs for some time. Sometimes never completing.
Code used:
PushNotif:
As you can see from the print statements, it seems to hang at the point of trying to send the notification. Sometimes it hangs, but others it fires straight away. Is there anyway I can get more output from the webpush command to see whats occurring?