[transfer-api] strange ssl failure in API

Bryce Allen ballen at ci.uchicago.edu
Mon Feb 6 10:32:57 CST 2012


The latest version of the transfer API (currently in the
openssl_delegate_proxy branch on github) should work with legacy/old
proxies, both using mkproxy and M2Crypto implementations. If it doesn't
I'd like to know about it so I can fix it. Draft proxies on the other
hand are not supported.

Also servers don't appear to accept mixed proxies, that are part RFC
and part legacy. So if you get an RFC proxy from a myproxy server,
then use grid-proxy-init with GT_PROXY_MODE=old to create a proxy of
the proxy, it won't work.

All that being said, I would still use RFC proxies when available.

-Bryce

On Sun, 05 Feb 2012 21:21:02 -0500
Maxim Potekhin <potekhin at bnl.gov> wrote:
> Case closed. The proxy absolutely needs to be RFC-compliant. This is
> not the default behavior in myproxy-init, but it can be actuated by
> setting the GT_PROXY_MODE environment variable to "rfc".
> 
> Maybe this thread will help people avoid a pitfall.
> 
> Maxim
> 
> 
> 
> On 2/5/2012 9:03 PM, Maxim Potekhin wrote:
> > To add:
> >
> > once I coped client.cert into account "A" and tried the same 
> > procedure, in a script that worked fine before, I see same sort of 
> > failure (as in below). So it appears that the proxy obtained from 
> > MyProxy is somehow "damaged", not sure how or why.
> >
> > Maxim
> >
> > [mxp at pandadev01 ~/globus-test]$ ./t1.py
> > Traceback (most recent call last):
> >   File 
> > "/direct/usatlas+u/mxp/globusonline-transfer-api-client-python-7e08617/globusonline/transfer/api_client/__init__.py", 
> > line 257, in _request
> >     r, response_body = do_request()
> >   File 
> > "/direct/usatlas+u/mxp/globusonline-transfer-api-client-python-7e08617/globusonline/transfer/api_client/__init__.py", 
> > line 247, in do_request
> >     self.c.request(method, url, body=body, headers=headers)
> >   File
> > "/direct/usatlas+u/mxp/python2.6.7/lib/python2.6/httplib.py", line
> > 914, in request self._send_request(method, url, body, headers)
> >   File
> > "/direct/usatlas+u/mxp/python2.6.7/lib/python2.6/httplib.py", line
> > 951, in _send_request self.endheaders()
> >   File
> > "/direct/usatlas+u/mxp/python2.6.7/lib/python2.6/httplib.py", line
> > 908, in endheaders self._send_output()
> >   File
> > "/direct/usatlas+u/mxp/python2.6.7/lib/python2.6/httplib.py", line
> > 780, in _send_output self.send(msg)
> >   File
> > "/direct/usatlas+u/mxp/python2.6.7/lib/python2.6/httplib.py", line
> > 739, in send self.connect()
> >   File 
> > "/direct/usatlas+u/mxp/globusonline-transfer-api-client-python-7e08617/globusonline/transfer/api_client/verified_https.py", 
> > line 89, in connect
> >     ca_certs=self.ca_certs)
> >   File "/direct/usatlas+u/mxp/python2.6.7/lib/python2.6/ssl.py",
> > line 338, in wrap_socket
> >     suppress_ragged_eofs=suppress_ragged_eofs)
> >   File "/direct/usatlas+u/mxp/python2.6.7/lib/python2.6/ssl.py",
> > line 120, in __init__
> >     self.do_handshake()
> >   File "/direct/usatlas+u/mxp/python2.6.7/lib/python2.6/ssl.py",
> > line 279, in do_handshake
> >     self._sslobj.do_handshake()
> > SSLError: [Errno 1] _ssl.c:490: error:14094416:SSL 
> > routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
> > Traceback (most recent call last):
> >   File "./t1.py", line 20, in <module>
> >     status_code, status_message, data = api.submission_id()
> >   File 
> > "/direct/usatlas+u/mxp/globusonline-transfer-api-client-python-7e08617/globusonline/transfer/api_client/__init__.py", 
> > line 596, in submission_id
> >     return self.get("/submission_id")
> >   File 
> > "/direct/usatlas+u/mxp/globusonline-transfer-api-client-python-7e08617/globusonline/transfer/api_client/__init__.py", 
> > line 332, in get
> >     return self._request_json("GET", path)
> >   File 
> > "/direct/usatlas+u/mxp/globusonline-transfer-api-client-python-7e08617/globusonline/transfer/api_client/__init__.py", 
> > line 315, in _request_json
> >     r, response_body = self._request(method, path, body,
> > content_type) File 
> > "/direct/usatlas+u/mxp/globusonline-transfer-api-client-python-7e08617/globusonline/transfer/api_client/__init__.py", 
> > line 257, in _request
> >     r, response_body = do_request()
> >   File 
> > "/direct/usatlas+u/mxp/globusonline-transfer-api-client-python-7e08617/globusonline/transfer/api_client/__init__.py", 
> > line 247, in do_request
> >     self.c.request(method, url, body=body, headers=headers)
> >   File
> > "/direct/usatlas+u/mxp/python2.6.7/lib/python2.6/httplib.py", line
> > 914, in request self._send_request(method, url, body, headers)
> >   File
> > "/direct/usatlas+u/mxp/python2.6.7/lib/python2.6/httplib.py", line
> > 951, in _send_request self.endheaders()
> >   File
> > "/direct/usatlas+u/mxp/python2.6.7/lib/python2.6/httplib.py", line
> > 908, in endheaders self._send_output()
> >   File
> > "/direct/usatlas+u/mxp/python2.6.7/lib/python2.6/httplib.py", line
> > 780, in _send_output self.send(msg)
> >   File
> > "/direct/usatlas+u/mxp/python2.6.7/lib/python2.6/httplib.py", line
> > 739, in send self.connect()
> >   File 
> > "/direct/usatlas+u/mxp/globusonline-transfer-api-client-python-7e08617/globusonline/transfer/api_client/verified_https.py", 
> > line 89, in connect
> >     ca_certs=self.ca_certs)
> >   File "/direct/usatlas+u/mxp/python2.6.7/lib/python2.6/ssl.py",
> > line 338, in wrap_socket
> >     suppress_ragged_eofs=suppress_ragged_eofs)
> >   File "/direct/usatlas+u/mxp/python2.6.7/lib/python2.6/ssl.py",
> > line 120, in __init__
> >     self.do_handshake()
> >   File "/direct/usatlas+u/mxp/python2.6.7/lib/python2.6/ssl.py",
> > line 279, in do_handshake
> >     self._sslobj.do_handshake()
> > ssl.SSLError: [Errno 1] _ssl.c:490: error:14094416:SSL 
> > routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
> >
> >
> > On 2/5/2012 8:54 PM, Maxim Potekhin wrote:
> >> Greetings,
> >>
> >> in my current project, user A deposits their proxy onto a MyProxy 
> >> server, user B gets it and
> >> uses it to operate globus API.
> >>
> >> In the transcript below, "client.cert" is the proxy obtained from 
> >> MyProxy. The stack says that it's ssl alert: certificate unknown.
> >> I checked the proxy it's valid, I can even do gsissh to Globus
> >> with it, from account "B".
> >> What could have gone amiss? Both users A and B are on the same
> >> host.
> >>
> >> Regards
> >> Maxim
> >>
> >> >>> a = api_client.TransferAPIClient(username="mxp", 
> >> server_ca_file="/direct/usatlas+u/sm/ap/gd-bundle_ca.cert", 
> >> cert_file="client.cert", key_file="client.cert")
> >>
> >> >>> status_code, status_message, data = a.task_list()
> >> Traceback (most recent call last):
> >>   File 
> >> "/direct/usatlas+u/mxp/python2.6.7/lib/python2.6/site-packages/globusonline/transfe                                       
> >> r/api_client/__init__.py", line 257, in _request
> >>     r, response_body = do_request()
> >>   File 
> >> "/direct/usatlas+u/mxp/python2.6.7/lib/python2.6/site-packages/globusonline/transfe                                       
> >> r/api_client/__init__.py", line 247, in do_request
> >>     self.c.request(method, url, body=body, headers=headers)
> >>   File
> >> "/direct/usatlas+u/mxp/python2.6.7/lib/python2.6/httplib.py", line
> >> 914, in request self._send_request(method, url, body, headers)
> >>   File
> >> "/direct/usatlas+u/mxp/python2.6.7/lib/python2.6/httplib.py", line
> >> 951, in _send_request self.endheaders()
> >>   File
> >> "/direct/usatlas+u/mxp/python2.6.7/lib/python2.6/httplib.py", line
> >> 908, in endheade                                       rs
> >> self._send_output() File
> >> "/direct/usatlas+u/mxp/python2.6.7/lib/python2.6/httplib.py", line
> >> 780, in _send_ou                                       tput
> >> self.send(msg) File
> >> "/direct/usatlas+u/mxp/python2.6.7/lib/python2.6/httplib.py", line
> >> 739, in send self.connect()
> >>   File 
> >> "/direct/usatlas+u/mxp/python2.6.7/lib/python2.6/site-packages/globusonline/transfe                                       
> >> r/api_client/verified_https.py", line 89, in connect
> >>     ca_certs=self.ca_certs)
> >>   File "/direct/usatlas+u/mxp/python2.6.7/lib/python2.6/ssl.py",
> >> line 338, in wrap_socket
> >>     suppress_ragged_eofs=suppress_ragged_eofs)
> >>   File "/direct/usatlas+u/mxp/python2.6.7/lib/python2.6/ssl.py",
> >> line 120, in __init__
> >>     self.do_handshake()
> >>   File "/direct/usatlas+u/mxp/python2.6.7/lib/python2.6/ssl.py",
> >> line 279, in do_handshake
> >>     self._sslobj.do_handshake()
> >> SSLError: [Errno 1] _ssl.c:490: error:14094416:SSL 
> >> routines:SSL3_READ_BYTES:sslv3 alert 
> >> ce                                       rtificate unknown
> >> Traceback (most recent call last):
> >>   File "<stdin>", line 1, in <module>
> >>   File 
> >> "/direct/usatlas+u/mxp/python2.6.7/lib/python2.6/site-packages/globusonline/transfe                                       
> >> r/api_client/__init__.py", line 372, in task_list
> >>     return self.get("/task_list" + encode_qs(kw))
> >>   File 
> >> "/direct/usatlas+u/mxp/python2.6.7/lib/python2.6/site-packages/globusonline/transfe                                       
> >> r/api_client/__init__.py", line 332, in get
> >>     return self._request_json("GET", path)
> >>   File 
> >> "/direct/usatlas+u/mxp/python2.6.7/lib/python2.6/site-packages/globusonline/transfe                                       
> >> r/api_client/__init__.py", line 315, in _request_json
> >>     r, response_body = self._request(method, path, body,
> >> content_type) File 
> >> "/direct/usatlas+u/mxp/python2.6.7/lib/python2.6/site-packages/globusonline/transfe                                       
> >> r/api_client/__init__.py", line 257, in _request
> >>     r, response_body = do_request()
> >>   File 
> >> "/direct/usatlas+u/mxp/python2.6.7/lib/python2.6/site-packages/globusonline/transfe                                       
> >> r/api_client/__init__.py", line 247, in do_request
> >>     self.c.request(method, url, body=body, headers=headers)
> >>   File
> >> "/direct/usatlas+u/mxp/python2.6.7/lib/python2.6/httplib.py", line
> >> 914, in request self._send_request(method, url, body, headers)
> >>   File
> >> "/direct/usatlas+u/mxp/python2.6.7/lib/python2.6/httplib.py", line
> >> 951, in _send_re                                       quest
> >> self.endheaders() File
> >> "/direct/usatlas+u/mxp/python2.6.7/lib/python2.6/httplib.py", line
> >> 908, in endheade                                       rs
> >> self._send_output() File
> >> "/direct/usatlas+u/mxp/python2.6.7/lib/python2.6/httplib.py", line
> >> 780, in _send_ou                                       tput
> >> self.send(msg) File
> >> "/direct/usatlas+u/mxp/python2.6.7/lib/python2.6/httplib.py", line
> >> 739, in send self.connect()
> >>   File 
> >> "/direct/usatlas+u/mxp/python2.6.7/lib/python2.6/site-packages/globusonline/transfer/api_client/verified_https.py", 
> >> line 89, in connect
> >>     ca_certs=self.ca_certs)
> >>   File "/direct/usatlas+u/mxp/python2.6.7/lib/python2.6/ssl.py",
> >> line 338, in wrap_socket
> >>     suppress_ragged_eofs=suppress_ragged_eofs)
> >>   File "/direct/usatlas+u/mxp/python2.6.7/lib/python2.6/ssl.py",
> >> line 120, in __init__
> >>     self.do_handshake()
> >>   File "/direct/usatlas+u/mxp/python2.6.7/lib/python2.6/ssl.py",
> >> line 279, in do_handshake
> >>     self._sslobj.do_handshake()
> >> ssl.SSLError: [Errno 1] _ssl.c:490: error:14094416:SSL 
> >> routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
> >>
> >>
> >> _______________________________________________
> >> transfer-api mailing list
> >> transfer-api at lists.globusonline.org
> >> https://lists.globusonline.org/mailman/listinfo/transfer-api
> >
> > _______________________________________________
> > transfer-api mailing list
> > transfer-api at lists.globusonline.org
> > https://lists.globusonline.org/mailman/listinfo/transfer-api
> 
> _______________________________________________
> transfer-api mailing list
> transfer-api at lists.globusonline.org
> https://lists.globusonline.org/mailman/listinfo/transfer-api
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <https://lists.globusonline.org/mailman/private/transfer-api/attachments/20120206/deddda9c/attachment-0001.pgp>


More information about the transfer-api mailing list