Title: xmlrpclib client fails to XML RPC server over ssl
Type: behaviour Severity: normal
Components: Library Versions: 2.5.2rc
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: amak Nosy List: amak, public.marvin
Priority: Keywords:

Created on 2010-12-17.05:15:24 by public.marvin, last changed 2012-03-29.19:10:08 by amak.

File name Uploaded Description Edit Remove public.marvin, 2010-12-17.15:19:32 sample xmlrpc server, in python public.marvin, 2010-12-17.15:20:30
server.key public.marvin, 2010-12-17.15:30:48
server.crt public.marvin, 2010-12-17.15:31:10
msg6282 (view) Author: marvin greenberg (public.marvin) Date: 2010-12-17.05:15:23
A small example shows the failure.  Of course this requires an xml server to be running and using ssl, which is more work than I can do now to set up for this issue.  This may be related to
import xmlrpclib
sp = xmlrpclib.ServerProxy('https://localhost:9999/v2/xmlrpc')
print sp.repo.authenticate('test','test')

bash-3.2$ python 
<prints an authentication token>
bash-3.2$ jython 
Traceback (most recent call last):
  File "", line 3, in <module>
    print sp.repo.authenticate('test','test')
  File "/private/tmp/Build/TENA_MIDDLEWARE/install/TENA/eclipse/plugins/org.jython_2.5.2/Lib/", line 1147, in __call__
    return self.__send(self.__name, args)
  File "/private/tmp/Build/TENA_MIDDLEWARE/install/TENA/eclipse/plugins/org.jython_2.5.2/Lib/", line 1433, in _ServerProxy__request
    response = self.__transport.request(
  File "/private/tmp/Build/TENA_MIDDLEWARE/install/TENA/eclipse/plugins/org.jython_2.5.2/Lib/", line 1183, in request
    self.send_content(h, request_body)
  File "/private/tmp/Build/TENA_MIDDLEWARE/install/TENA/eclipse/plugins/org.jython_2.5.2/Lib/", line 1297, in send_content
  File "/private/tmp/Build/TENA_MIDDLEWARE/install/TENA/eclipse/plugins/org.jython_2.5.2/Lib/", line 860, in endheaders
  File "/private/tmp/Build/TENA_MIDDLEWARE/install/TENA/eclipse/plugins/org.jython_2.5.2/Lib/", line 732, in _send_output
  File "/private/tmp/Build/TENA_MIDDLEWARE/install/TENA/eclipse/plugins/org.jython_2.5.2/Lib/", line 699, in send
  File "/private/tmp/Build/TENA_MIDDLEWARE/install/TENA/eclipse/plugins/org.jython_2.5.2/Lib/", line 1135, in connect
    ssl = socket.ssl(sock, self.key_file, self.cert_file)
  File "/private/tmp/Build/TENA_MIDDLEWARE/install/TENA/eclipse/plugins/org.jython_2.5.2/Lib/", line 1487, in ssl
    return _realssl(sock, keyfile, certfile)
  File "/private/tmp/Build/TENA_MIDDLEWARE/install/TENA/eclipse/plugins/org.jython_2.5.2/Lib/", line 1436, in __init__
    raise _map_exception(jlx)
socket.sslerror: (-1, 'SSL handshake exception')
bash-3.2$ jython -V; python -V
Jython 2.5.2rc2
Python 2.6.1
msg6283 (view) Author: marvin greenberg (public.marvin) Date: 2010-12-17.15:19:32
OK, here's an ssl python server with some dummy self signed certs that demonstrates the complete problem for the jython client.

Use attached  python works.  jython fails.  Server is based on activestate recipe.
msg6284 (view) Author: marvin greenberg (public.marvin) Date: 2010-12-17.15:20:30
modified to talk to
msg6285 (view) Author: marvin greenberg (public.marvin) Date: 2010-12-17.15:30:48
key file for use with
msg6286 (view) Author: marvin greenberg (public.marvin) Date: 2010-12-17.15:31:10
cert file for use with
msg6287 (view) Author: marvin greenberg (public.marvin) Date: 2010-12-18.13:40:26
Same problem whether server side is java or python
msg6844 (view) Author: Alan Kennedy (amak) Date: 2012-03-19.19:50:55
> "Same problem whether server side is java or python"

Are you saying that your server does not work in cpython?

Jython does not support server side SSL, only client side. Any attempt to make it work will fail.
msg6905 (view) Author: marvin greenberg (public.marvin) Date: 2012-03-20.01:03:26
I am saying that the jython CLIENT failed, when connecting to the server (whether the server was run under cpython or jython).  Apparently you are saying that SSL servers from jython do not work, <sigh>, but irrelevant.
msg6933 (view) Author: Alan Kennedy (amak) Date: 2012-03-20.21:02:54
> Apparently you are saying that SSL servers from jython do not work, <sigh>, but irrelevant.

Yes that's true. Patches are welcome.

> I am saying that the jython CLIENT failed, when connecting to the server

This is your jython client code

# ------------------
import xmlrpclib

server = xmlrpclib.ServerProxy('https://localhost:8443')
print server.add(1,2)
print server.div(10,4)
# ------------------

I see no code for managing certificates?

Jython is not like cpython. Cpython does not verify the chain of trust for server certificates. Jython does verify the chain of trust, and will refuse to open the connection if it cannot verify the server.

So you have two options.

1. Disable certificate checking on jython

2. Add your (self-signed?) certificate to your local java trust store, so that your client will trust your server.

Google("java install self-signed certificate")
msg6950 (view) Author: marvin greenberg (public.marvin) Date: 2012-03-21.15:13:45
OK.  Closing the case seems fine to me.  (as an aside, <sigh> was not about a missing capability, but about how hard it can be to find the differences between jython and cpython.  but, I don't mean to be an annoying whining user...)
msg6977 (view) Author: Alan Kennedy (amak) Date: 2012-03-29.18:16:26
Closing the case in agreement with the submitter.

Noted that the documentation could be more up-to-date. We are moving to a new documentation system with 2.7, which will hopefully improve this situation.

Also, I am going to add documentation link to the exception for "SSL Handshake Error", which otherwise might be confusing to those less familiar with java networking.
msg6980 (view) Author: Alan Kennedy (amak) Date: 2012-03-29.19:10:08
Documentation link added to SSL exception messages
Date User Action Args
2012-03-29 19:10:08amaksetmessages: + msg6980
2012-03-29 18:16:26amaksetstatus: open -> closed
resolution: fixed
messages: + msg6977
2012-03-21 15:13:45public.marvinsetmessages: + msg6950
2012-03-20 21:02:54amaksetmessages: + msg6933
2012-03-20 01:03:26public.marvinsetmessages: + msg6905
2012-03-19 19:50:55amaksetassignee: amak
messages: + msg6844
nosy: + amak
2010-12-18 13:40:26public.marvinsetmessages: + msg6287
title: xmlrpclib client fails to Java XML RPC server over ssl -> xmlrpclib client fails to XML RPC server over ssl
2010-12-17 15:31:10public.marvinsetfiles: + server.crt
messages: + msg6286
2010-12-17 15:30:48public.marvinsetfiles: + server.key
messages: + msg6285
2010-12-17 15:20:30public.marvinsetfiles: +
messages: + msg6284
2010-12-17 15:19:33public.marvinsetfiles: +
messages: + msg6283
2010-12-17 05:15:24public.marvincreate