[Kimchi-devel] [Fwd: Fw: Is this SSL error an issue, or expected behavior?]

Aline Manera alinefm at linux.vnet.ibm.com
Fri Jan 10 15:54:04 UTC 2014 

On 01/03/2014 08:51 PM, Christy Perez wrote:
> Rodrigo,
>
> Not to beat a dead horse here (hopefully you've all heard that
> expression before, heh), but my question wasn't about how to get it
> working or why it's happening -- but rather if we should handle the
> error instead of having it shown to users. See:
>
> ] ENGINE socket.error 1
> Traceback (most recent call last):
>    File
> "/usr/lib/python2.7/site-packages/cherrypy/wsgiserver/wsgiserver2.py",
> line 1292, in communicate
>      req.parse_request()
>    File
> "/usr/lib/python2.7/site-packages/cherrypy/wsgiserver/wsgiserver2.py",
> line 580, in parse_request
>      success = self.read_request_line()
>    File
> "/usr/lib/python2.7/site-packages/cherrypy/wsgiserver/wsgiserver2.py",
> line 611, in read_request_line
>      request_line = self.rfile.readline()
>    File
> "/usr/lib/python2.7/site-packages/cherrypy/wsgiserver/wsgiserver2.py",
> line 274, in readline
>      data = self.rfile.readline(256)
>    File
> "/usr/lib/python2.7/site-packages/cherrypy/wsgiserver/wsgiserver2.py",
> line 1114, in readline
>      data = self.recv(self._rbufsize)
>    File
> "/usr/lib/python2.7/site-packages/cherrypy/wsgiserver/wsgiserver2.py",
> line 990, in recv
>      data = self._sock.recv(size)
>    File "/usr/lib64/python2.7/ssl.py", line 241, in recv
>      return self.read(buflen)
>    File "/usr/lib64/python2.7/ssl.py", line 160, in read
>      return self._sslobj.read(len)
> SSLError: [Errno 1] _ssl.c:1419: error:14094418:SSL
> routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
>
>
> If we're all okay with that showing up in the kimchi command output --
> fine. I just wanted to be sure.

Hi Christy,

I've never got this kinda of error.
Would you provide me details in how reproduce it?

But my first answer would be yes - we should not show this error to user.


> Regards,
>
> -------- Forwarded Message --------
> From: Christy L Norman Perez <clnperez at us.ibm.com>
> To: christy at linux.vnet.ibm.com
> Subject: Fw: Is this SSL error an issue, or expected behavior?
> Date: Fri, 3 Jan 2014 16:42:55 -0600
>
>
> ----- Forwarded by Christy L Norman Perez/Austin/IBM on 01/03/2014 04:01 PM
> -----
>
> From:	Rodrigo Trujillo/Brazil/IBM at IBMBR
> To:	Christy L Norman Perez/Austin/IBM at IBMUS, Rodrigo
>              Trujillo/Brazil/IBM, Daniel Henrique Barboza/Brazil/IBM at IBMBR,
>              Adriano Araujo dos Reis Botega/Brazil/IBM at IBMBR, Scott
>              Garfinkle/Austin/IBM at IBMUS, Christy L Norman
>              Perez/Austin/IBM at IBMUS, De Xin AD Wu/China/IBM at IBMCN, Zheng
>              Sheng ZS Zhou/China/IBM at IBMCN
> Cc:	kimchi-ginger-dev at IBMUS
> Date:	12/27/2013 05:06 AM
> Subject:	Re: Is this SSL error an issue, or expected behavior?
>
>
> Like Mark said, this problem is caused by the CA which signed the Kimchi
> certificate ... actually, it is an auto signed  certificate....
> you can see running:
>
> openssl x509 -text -in src/kimchi-cert.pem
>
> notice that the issuer is kimchi itself.
>
> The error is caused because by kimchi actually. It happens because the
> browser or url requester does not accept the certificate.
> So, if you use curl for testing, use the option  "-k" (insecure) ... if you
> are using browser , they usually ask if you would like to trust the
> certificate.
>
>
> Regards
>
> Rodrigo Trujillo
> Staff Software Engineer
> Linux Technology Center - Brasil
>
>
>
> From:	Christy L Norman Perez/Austin/IBM at IBMUS
> To:	kimchi
> Date:	19/12/2013 16:11
> Subject:	Is this SSL error an issue, or expected behavior?
>
>
> To pick up from the e-mail I started yesterday...
>
> The ca error does go away if I go in and "forget about the site," create an
> exception for the certificate, then try again. I also played with this a
> bit to see if I can get the regular kimchi build to give me the same error,
> and I could. So, I think this could be discussed as an issue with kimchi
> (not just kimchi-ginger).
>
> Regards,
>
> Christy Norman Perez <clnperez at us.ibm.com>
> Software Engineer
> IBM KVM Assistance Program
> Linux Technology Center
> 512.286.7821 (T/L 363.7821)
>
> _______________________________________________
> Kimchi-devel mailing list
> Kimchi-devel at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/kimchi-devel
>

More information about the Kimchi-devel mailing list