Issue2437

classification
Title: no common ciphers SSL handshake error
Type: Severity: normal
Components: Library Versions: Jython 2.7
Milestone: Jython 2.7.1
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: zyasoft Nosy List: darjus, teeohhem, zyasoft
Priority: high Keywords: patch

Created on 2015-11-25.03:50:44 by teeohhem, last changed 2016-01-06.15:59:14 by zyasoft.

Files
File name Uploaded Description Edit Remove
2437-missing-cert-init.patch teeohhem, 2015-11-25.04:34:12
Messages
msg10508 (view) Author: Tom Alexander (teeohhem) Date: 2015-11-25.03:50:43
Using a server SSL socket, the handshake fails with a java error: 
Jython-Netty-Child-64, fatal error: 40: no cipher suites in common javax.net.ssl.SSLHandshakeException: no cipher suites in common

The problem is that upon setting up an SSL socket, the cert file and key file are never passed down into _get_openssl_key_manager via _createSSLEngine and therefore the cert/key are never loaded.
msg10509 (view) Author: Tom Alexander (teeohhem) Date: 2015-11-25.04:34:12
Added a patch...wasn't confident adding a test since I'm not too familiar with everything
msg10510 (view) Author: Tom Alexander (teeohhem) Date: 2015-11-25.04:38:56
This was in Jython 2.7-1 b2 btw
msg10528 (view) Author: Jim Baker (zyasoft) Date: 2015-12-11.00:00:56
Darjus, something to look at in your SSLContext work. It's a straightforward addition.
msg10536 (view) Author: Jim Baker (zyasoft) Date: 2015-12-14.16:40:03
We need to create a good test. I believe the patch can be updated as follows:

diff -r 39d27fa93f24 Lib/ssl.py
--- a/Lib/ssl.py	Thu Dec 10 23:14:56 2015 -0700
+++ b/Lib/ssl.py	Mon Dec 14 09:38:21 2015 -0700
@@ -898,10 +898,15 @@

         context = _JavaSSLContext.getInstance(self._protocol_name)

-        if self._key_managers is None:  # get an e
-            context.init(_get_openssl_key_manager().getKeyManagers(), trust_managers, None)
+        if self._key_managers is None:
+            print "No key managers", self
+            context.init(
+                _get_openssl_key_manager(cert_file=self.cert_file, key_file=self.key_file).getKeyManagers(),
+                trust_managers, None)
         else:
-            context.init(self._key_managers.getKeyManagers(), trust_managers, None)
+            context.init(
+                self._key_managers.getKeyManagers(),
+                trust_managers, None)

         if hostname is not None:
             engine = context.createSSLEngine(hostname, addr[1])
msg10560 (view) Author: Jim Baker (zyasoft) Date: 2015-12-29.06:11:17
Fixed as of https://hg.python.org/jython/rev/5194b3d04dca

pip exercises this code path
History
Date User Action Args
2016-01-06 15:59:14zyasoftsetstatus: pending -> closed
2015-12-29 06:11:18zyasoftsetstatus: open -> pending
assignee: darjus -> zyasoft
resolution: accepted -> fixed
messages: + msg10560
2015-12-23 20:29:22zyasoftsetpriority: high
2015-12-14 16:40:04zyasoftsetmessages: + msg10536
2015-12-11 00:03:17zyasoftsetassignee: zyasoft -> darjus
2015-12-11 00:00:56zyasoftsetnosy: + darjus
messages: + msg10528
2015-11-25 15:27:28zyasoftsetmilestone: Jython 2.7.1
2015-11-25 15:27:05zyasoftsetassignee: zyasoft
resolution: accepted
nosy: + zyasoft
2015-11-25 04:38:56teeohhemsetmessages: + msg10510
2015-11-25 04:34:13teeohhemsetfiles: + 2437-missing-cert-init.patch
keywords: + patch
messages: + msg10509
2015-11-25 03:50:44teeohhemcreate