Fixed an unhandled OpenSSL exception when called from command/sendas2message.py #30
Conversation
when certificate is not valid causes crash & stack dump, regardless of validate_cert setting.
|
Why are we doing this, can u share the stack trace of the error you are facing? |
|
Hey, I don't have a stack trace anymore due to the time and my patched version is already deployed at the clients already. It has to do with the certificate check. If you look, it's obviously a typo in your code (invalid python) that causes it to crash. |
|
I am not sure what exactly you mean by
The verify_certificate is already inside a try except so I do not see the need for another try except. |
|
I feel this is all my fault - sorry for the confusion, the typo (there are two commits in this pull request) - an extra cr/lf is/was my typo in the original pull #31 602bdee. I had already fixed it in production, and after sending in the pull request I quickly realized the typo - remedied that in #39214ec .. I should have closed the original and reissued, it was late. my apologies. and it's been literally more than a year since I worked on this. .. when I returned I got confused, thought the typo from the 1st commit was yours, but it was mine and it was because my dev machine was divergent from the code on the production box. 🤔 The issue only occurred in production -- in a live situation, and so I cannot ask the client to break it (no staging, partner can't do staging 🤬), and I must wait for the remote side to transmit, to generate a stack trace, and that would cause an EDI document to be missed, require a retransmit, blabla -- the client is frugal and isn't keen to have me do more work on this 'operational' aspect of their inventory EDI. .. and fwiw, i'd choose elective dental surgery rather than deal with that vendor again. (not your/pyas2 fault, but the trading partner had nobody technical on staff and an uncooperative/unhelpful EDI software vendor that basically thought we should buy their really expensive software & monthly service or piss off, very unhelpful) .. the client is a friend and got mate's rates. /😖 🤓 I will attempt to explain -- the clients EDI partner provided an unsigned certificate, it might even be corrupt in some way, I'm not qualified to say what/why/how they did this. .. From my end the unsigned certificate situation isn't cause for 'invalid/error' .. it's just part of their trading partners business rules "acceptable risk" .. and talking to the clients partner technical person -- to say, they don't know about anything is an understatement, i'm surprised they knew how to use a mouse -- they could only follow explicit written steps left for them by a previous person to setup a partner in their ui -- they didnt understand any steps, literally zero comprehension (of course, they are the "technical person", so the business depends on them 🤦♀️) .. it took all of my EQ .. I literally at one point had to do a remote session so I could see their screen so i could figure out my pyas2 settings -- so we could configure both sides with matching settings, and they only know what buttons they click -- they basically only trade with themselves, and the partner's "tech person" doesn't understand anything conceptually what/why .. and it was really a horrible project, spanning multiple timezones, requiring me to be up at night, and it was just a total clusterf*ck. 🥹 😲 The existing try/catch returns an error, it's not an error. ☝️ the crypto.X509StoreContextError is would appear in the 'stack trace' -- pyas2 rejects the document, whereas my try/except specifically on certificate failure should return None (which again, None is fine from our perspective, it's known behavior that the certificate isn't signed or corrupt because their vendor is technically challenged/inept) .. coming from line 197 of pyas2lib/utils.py always throws AS2Exception from line 202 .. so I need a way to suppress the exception on line 202. Minimally, some-way to turn off/skip verify_certificate_chain |
No description provided.