[Kimchi-devel] [Fwd: Fw: Is this SSL error an issue, or expected behavior?]

Christy Perez christy at linux.vnet.ibm.com
Fri Jan 3 22:51:41 UTC 2014


Rodrigo,

Not to beat a dead horse here (hopefully you've all heard that
expression before, heh), but my question wasn't about how to get it
working or why it's happening -- but rather if we should handle the
error instead of having it shown to users. See:

] ENGINE socket.error 1
Traceback (most recent call last):
  File
"/usr/lib/python2.7/site-packages/cherrypy/wsgiserver/wsgiserver2.py",
line 1292, in communicate
    req.parse_request()
  File
"/usr/lib/python2.7/site-packages/cherrypy/wsgiserver/wsgiserver2.py",
line 580, in parse_request
    success = self.read_request_line()
  File
"/usr/lib/python2.7/site-packages/cherrypy/wsgiserver/wsgiserver2.py",
line 611, in read_request_line
    request_line = self.rfile.readline()
  File
"/usr/lib/python2.7/site-packages/cherrypy/wsgiserver/wsgiserver2.py",
line 274, in readline
    data = self.rfile.readline(256)
  File
"/usr/lib/python2.7/site-packages/cherrypy/wsgiserver/wsgiserver2.py",
line 1114, in readline
    data = self.recv(self._rbufsize)
  File
"/usr/lib/python2.7/site-packages/cherrypy/wsgiserver/wsgiserver2.py",
line 990, in recv
    data = self._sock.recv(size)
  File "/usr/lib64/python2.7/ssl.py", line 241, in recv
    return self.read(buflen)
  File "/usr/lib64/python2.7/ssl.py", line 160, in read
    return self._sslobj.read(len)
SSLError: [Errno 1] _ssl.c:1419: error:14094418:SSL
routines:SSL3_READ_BYTES:tlsv1 alert unknown ca


If we're all okay with that showing up in the kimchi command output --
fine. I just wanted to be sure.

Regards,

-------- Forwarded Message --------
From: Christy L Norman Perez <clnperez at us.ibm.com>
To: christy at linux.vnet.ibm.com
Subject: Fw: Is this SSL error an issue, or expected behavior?
Date: Fri, 3 Jan 2014 16:42:55 -0600


----- Forwarded by Christy L Norman Perez/Austin/IBM on 01/03/2014 04:01 PM
-----

From:	Rodrigo Trujillo/Brazil/IBM at IBMBR
To:	Christy L Norman Perez/Austin/IBM at IBMUS, Rodrigo
            Trujillo/Brazil/IBM, Daniel Henrique Barboza/Brazil/IBM at IBMBR,
            Adriano Araujo dos Reis Botega/Brazil/IBM at IBMBR, Scott
            Garfinkle/Austin/IBM at IBMUS, Christy L Norman
            Perez/Austin/IBM at IBMUS, De Xin AD Wu/China/IBM at IBMCN, Zheng
            Sheng ZS Zhou/China/IBM at IBMCN
Cc:	kimchi-ginger-dev at IBMUS
Date:	12/27/2013 05:06 AM
Subject:	Re: Is this SSL error an issue, or expected behavior?


Like Mark said, this problem is caused by the CA which signed the Kimchi
certificate ... actually, it is an auto signed  certificate....
you can see running:

openssl x509 -text -in src/kimchi-cert.pem

notice that the issuer is kimchi itself.

The error is caused because by kimchi actually. It happens because the
browser or url requester does not accept the certificate.
So, if you use curl for testing, use the option  "-k" (insecure) ... if you
are using browser , they usually ask if you would like to trust the
certificate.


Regards

Rodrigo Trujillo
Staff Software Engineer
Linux Technology Center - Brasil



From:	Christy L Norman Perez/Austin/IBM at IBMUS
To:	kimchi
Date:	19/12/2013 16:11
Subject:	Is this SSL error an issue, or expected behavior?


To pick up from the e-mail I started yesterday...

The ca error does go away if I go in and "forget about the site," create an
exception for the certificate, then try again. I also played with this a
bit to see if I can get the regular kimchi build to give me the same error,
and I could. So, I think this could be discussed as an issue with kimchi
(not just kimchi-ginger).

Regards,

Christy Norman Perez <clnperez at us.ibm.com>
Software Engineer
IBM KVM Assistance Program
Linux Technology Center
512.286.7821 (T/L 363.7821)




More information about the Kimchi-devel mailing list