Requests not working in a Docker container #3948
Comments
|
Can you run |
|
This can also very definitely be related to the Python version, we'd like to know that as well. |
|
Hi Python 2.7 (12) Thanks |
|
Are you running the same version of Requests in the container and outside? What are the two versions? |
|
2.11.1 when working, and 2..12.5 inside the container. Does it make any difference? |
|
Yeah, there are some decent code changes between those two versions. Want to try downgrading to 2.11 quickly in the container to see what happens? |
|
Still failing, but with a different error message |
|
Hrm. That different error is pretty much the same error. Can you reveal to us what web server you're trying to contact? |
|
Thats my own server, which has a self signed certificate. I am sending verify=False to ignore SSL but doesnt seem to like it response=sess.post(url,params, headers=h,verify=False) |
|
Can you show the TLS configuration for your server, and what OpenSSL version it is linked against? |
|
Its TLS 1.2 and same openSSL version... nothing special. I dont think there
is anything wrong on server side as it works fine outside the docker
container
…On Fri, Mar 31, 2017 at 4:07 PM, Cory Benfield ***@***.***> wrote:
Can you show the TLS configuration for your server, and what OpenSSL
version it is linked against?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<https://github.com/kennethreitz/requests/issues/3948#issuecomment-290738188>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AMK55o2K5PaiflW3wHWD_rZYm_WFXXGyks5rrRa6gaJpZM4Mvjzc>
.
|
|
So, "wrong" here is defined only in whether there is a mismatch between what the client and server expect. Out of interest, does your server expect SNI? Are you reaching your server via hostname or IP? |
|
In that container, can you curl your server with the same URL? Or even just telnet to it? I wonder if requests can even reach the server from where you've deployed the container. |
|
Hi
In response to both. it expects SNI and i reach it via hostname
From the container i can telnet to the server, there is no problem with
that. I have exposed another service via http and it works fine, its purely
the SSL handshake what is failing
…On Fri, Mar 31, 2017 at 4:16 PM, Ian Cordasco ***@***.***> wrote:
In that container, can you curl your server with the same URL? Or even
just telnet to it? I wonder if requests can even reach the server from
where you've deployed the container.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<https://github.com/kennethreitz/requests/issues/3948#issuecomment-290740743>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AMK55kVKzprqGA1n1PKJznWX_g_V7nsxks5rrRi-gaJpZM4Mvjzc>
.
|
|
Ok, what's the result of running |
|
Hi
It connects without any issue (connected(00003))
…On Fri, Mar 31, 2017 at 4:19 PM, Cory Benfield ***@***.***> wrote:
Ok, what's the result of running openssl s_client -connect host:port to
your server from inside the container?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<https://github.com/kennethreitz/requests/issues/3948#issuecomment-290741631>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AMK55oeDzw5HhrujLbMFLA6CCowT0umwks5rrRmLgaJpZM4Mvjzc>
.
|
|
Sorry, the whole result. I'm interested in what the result of the negotiation is. |
|
Verify return code: 19 (self signed certificate in certificate chain)
…On Fri, Mar 31, 2017 at 4:34 PM, Cory Benfield ***@***.***> wrote:
Sorry, the *whole* result. I'm interested in what the result of the
negotiation is.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<https://github.com/kennethreitz/requests/issues/3948#issuecomment-290746053>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AMK55o4JyAkpP5h1ZPLBOkRONN2z9Em8ks5rrRz-gaJpZM4Mvjzc>
.
|
|
That is not the whole result. Please copy and paste everything from that command. |
|
No, the whole result. All the output. Everything it prints. |
|
There is nothing else interesting there, just tls version, cert info etc...
Im having exactly the same response outside the container
El El vie, 31 mar 2017 a las 16:40, Cory Benfield <notifications@github.com>
escribió:
… No, the *whole* result. All the output. Everything it prints.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<https://github.com/kennethreitz/requests/issues/3948#issuecomment-290747930>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AMK55iD8dY2eDxdfz1j0YzpteN8ThFJ3ks5rrR58gaJpZM4Mvjzc>
.
|
|
That information is exactly what I am interested in. Something in our TLS Client Hello is making your server mad, and so I'm interested in seeing what your server is negotiating. |
|
Ok, lets do something to be sure its not my certificate. I will search any
other page that uses a self signed certificate ( if you know of any please
share) and i will try against that, so you will be able to connect that
server too
El El vie, 31 mar 2017 a las 16:46, Cory Benfield <notifications@github.com>
escribió:
That information is exactly what I am interested in. Something in our TLS
Client Hello is making your server mad, and so I'm interested in seeing
what your server is negotiating.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<https://github.com/kennethreitz/requests/issues/3948#issuecomment-290749603>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AMK55oT_6jlrkIO4VlXRsoohjEGzNy3pks5rrR_TgaJpZM4Mvjzc>
.
|
|
It's not your certificate. The error message in question (Unexpected EOF) means that during the TLS handshake the server has sent us a TCP FIN or RST packet. That means the server has chosen to close the connection, not us. That means the server has decided we are not doing something it likes. As a result, this cannot be the fault of your certificate: we haven't gotten to the point of validating it yet. |
|
@javixeneize without the information we've asked you for, I'm not sure what else we can do to help. |
|
Ok ok... i will provide that on monday
El El vie, 31 mar 2017 a las 17:19, Ian Cordasco <notifications@github.com>
escribió:
… @javixeneize <https://github.com/javixeneize> without the information
we've asked you for, I'm not sure what else we can do to help.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<https://github.com/kennethreitz/requests/issues/3948#issuecomment-290759070>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AMK55ugTXZp-cZpp9JJJ7WmACcYXho2Rks5rrSeegaJpZM4Mvjzc>
.
|
|
|
What's your actual problem @harry1064? |
|
@Lukasa if you see the above result of |
|
By default OpenSSL s_client does not present the server name indication field, which means that the remote server will present whatever certificate it chooses. Do you get the same output in both cases if you change your command to: Even if you don't, this sounds like a problem with docker, not with Requests: you appear to be reproducing a problem using the openssl command line, which doesn't use Requests in any way. So I'm not sure how you want us to solve your problem. |
|
I got same response with both the cases. So i also think this is the problem with docker as they are maybe using mapping between iptables. |
|
Maybe this can help someone. For me I needed to install this: OpenSSL 1.0.2g 1 Mar 2016 |
|
This discussion went stale months ago. I'm closing this. We can reopen it if necessary. |
|
@harry1064 @javixeneize do you guys have found a solution for this? I'm with the same problem and maybe this can be a Docker problem. But I really don't know how to overcome this... Thanks! |
|
Nope...
El El jue, 11 ene 2018 a las 14:11, Gabriel Gularte <
notifications@github.com> escribió:
… @harry1064 <https://github.com/harry1064> @javixeneize
<https://github.com/javixeneize> do you guys have found a solution for
this? I'm with the same problem and maybe this can be a Docker problem. But
I really don't know how to overcome this...
Thanks!
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#3948 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AMK55roWfMLccuizdHkWQTTOq2gU3BXMks5tJhYegaJpZM4Mvjzc>
.
|
|
try installing these versions: |
|
Hello , |
|
I am having a similar issue with requests in python 3.9.2. My script works correctly outside of docker, but does not run correctly in a container. I tried to rule out networking as the issue with |
|
Same as above here... This is frustrating. Me and my senior poked around with the packets, monitored some traffic but nothing helps, even downgrade to |
|
@javixeneize @sigmavirus24 can we reopen this? |
|
The comments above explain exactly what the problem is. There is no way to write code or release to fix your problem and we're not currently capable of hand-holding everyone's custom problem for free. As has been explained above there's something that should be doscoverably different between your environments that's causing requests to upset your server during the TLS handshake. That's only discoverable by you. Re-opening this isn't appropriate as a result |
In my case, I don't think that my server is upset with the handshake. I can't reach even google.com from container with a basic |
Hi
Thats the old story about SSL not working with requests, but one step further.... Docker containers
I have an application that uses requests, and it works fine in my local machine, but, when deploying it in a Docker container, i am having an error with requests module (SSL error)
[2017-03-31 11:32:29,863] ERROR in app: Exception on /send [POST]
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1982, in wsgi_app
response = self.full_dispatch_request()
File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1614, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1517, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1612, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1598, in dispatch_request
return self.view_functionsrule.endpoint
File "app.py", line 62, in sendrequest
response=sess.post(url,params, headers=h,verify=False)
File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 535, in post
return self.request('POST', url, data=data, json=json, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 488, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 609, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/adapters.py", line 497, in send
raise SSLError(e, request=request)
SSLError: ("bad handshake: SysCallError(-1, 'Unexpected EOF')",)
I have heard it might be related to openSSL. Any idea on how this can be resolved? Should i include any dependency?
The text was updated successfully, but these errors were encountered: