Skip to content

SSLError HTTPSConnectionPool Max retries exceeded with url: /oauth/token Caused by SSLError('bad handshake: SysCallError(0, None)) #4246

New issue
New issue
Closed
Closed
SSLError HTTPSConnectionPool Max retries exceeded with url: /oauth/token Caused by SSLError('bad handshake: SysCallError(0, None))#4246
@albayraktaroglu

Description

@albayraktaroglu
albayraktaroglu
opened on Aug 17, 2017

Summary

The problem that I am having is showing up after user enters their credentials at the Auth0's lock screen. When I looked at Auth0 Dashboard's log section I can see users can login successfully ( I see both Success Exchange, Success Login ). Then call back function is triggering the callback call. At that point production and test(localhost) environments differs from each other.
In localhost I can see the status code 302 Found status code on the localhost but not in the production server. In production server I am seeing the status code 500 INTERNAL SERVER ERROR.

When I checked the server side I saw it was failing at the token line of the callback function

@app.route('/callback')
def callback_handling():
     code = request.args.get('CODE_KEY')
     get_token = GetToken('AUTH0_DOMAIN')
     auth0_users = Users('AUTH0_DOMAIN')
     token = get_token.authorization_code('AUTH0_CLIENT_ID'], ['AUTH0_CLIENT_SECRET', code, 'AUTH0_CALLBACK_URL')   # FAILING HERE # 
     user_info = auth0_users.userinfo(token['access_token'])
     .....
     ...
     ..
     return redirect('/some_path')

When I checked the credentials they all look what they are supposed to be. So in the server logs I am seeing this keywords in the servers.

ERROR in app: Exception on /callback
raise SSLError(e, request=request)
SSLError: HTTPSConnectionPool(host='my_domain.auth0.com', port=443): Max retries exceeded with url: /oauth/token (Caused by SSLError(SSLError('bad handshake: SysCallError(0, None)',),))

I am thinking server might be rejecting the certificate or something and after seeing this link thought opening issue might be helpful.

Ubuntu 16.04, Python 2.7.12, certifi 2017.7.27.1

Expected Result

In the callback function returns token

token = get_token.authorization_code('AUTH0_CLIENT_ID', 'AUTH0_CLIENT_SECRET', code, 'AUTH0_CALLBACK_URL')

Actual Result

SSLError: HTTPSConnectionPool(host='my_domain.auth0.com', port=443): Max retries exceeded with url: /oauth/token (Caused by SSLError(SSLError('bad handshake: SysCallError(0, None)',

Reproduction Steps

import requests

System Information

$ python -m requests.help

python -m requests.help
{
  "chardet": {
    "version": "3.0.4"
  }, 
  "cryptography": {
    "version": "1.2.3"
  }, 
  "idna": {
    "version": "2.6"
  }, 
  "implementation": {
    "name": "CPython", 
    "version": "2.7.12"
  }, 
  "platform": {
    "release": "3.13.0-43-generic", 
    "system": "Linux"
  }, 
  "pyOpenSSL": {
    "openssl_version": "1000207f", 
    "version": "0.15.1"
  }, 
  "requests": {
    "version": "2.18.4"
  }, 
  "system_ssl": {
    "version": "1000207f"
  }, 
  "urllib3": {
    "version": "1.22"
  }, 
  "using_pyopenssl": true
}

This command is only available on Requests v2.16.4 and greater. Otherwise,
please provide some basic information about your system (Python version,
operating system, &c).

Activity

albayraktaroglu
changed the title [-]SSLError: HTTPSConnectionPool(host='oraclis.auth0.com', port=443): Max retries exceeded with url: /oauth/token (Caused by SSLError(SSLError('bad handshake: SysCallError(0, None)',),))[/-] [+]SSLError: HTTPSConnectionPool(host='mydomain.auth0.com', port=443): Max retries exceeded with url: /oauth/token (Caused by SSLError(SSLError('bad handshake: SysCallError(0, None)',),))[/+] on Aug 17, 2017
albayraktaroglu
changed the title [-]SSLError: HTTPSConnectionPool(host='mydomain.auth0.com', port=443): Max retries exceeded with url: /oauth/token (Caused by SSLError(SSLError('bad handshake: SysCallError(0, None)',),))[/-] [+]SSLError HTTPSConnectionPool Max retries exceeded with url: /oauth/token Caused by SSLError('bad handshake: SysCallError(0, None))[/+] on Aug 17, 2017
Lukasa

Lukasa commented on Aug 18, 2017

@Lukasa
Lukasa
on Aug 18, 2017
Member

Thanks for this report! I think we need to see a bit more of the actual Requests code. It seems like the server is rejecting the handshake but it's hard to know more without seeing your requests call.

albayraktaroglu

albayraktaroglu commented on Aug 18, 2017

@albayraktaroglu
albayraktaroglu
on Aug 18, 2017
Author

Hi Lukasa,

The code below is being called by token = get_token.authorization_code('AUTH0_CLIENT_ID'], ['AUTH0_CLIENT_SECRET', code, 'AUTH0_CALLBACK_URL') function which is located in my callback function.

import json
import requests
from ..exceptions import Auth0Error


class AuthenticationBase(object):

    def post(self, url, data=None, headers=None):
        response = requests.post(url=url, data=json.dumps(data),
                                 headers=headers)
        return self._process_response(response)

    def get(self, url, params=None, headers=None):
        return requests.get(url=url, params=params, headers=headers).text

    def _process_response(self, response):
        try:
            text = json.loads(response.text) if response.text else {}
        except ValueError:
            return response.text
        else:
            if 'error' in text:
                raise Auth0Error(status_code=text['error'],
                                 error_code=text['error'],
                                 message=text['error_description'])
        return text

More deeper

instancemethod: <bound method GetToken._process_response of <auth0.v3.authentication.
 get_token.GetToken object at 0x7f4ff00a8450>>

――――――――――――――――――――――――――――――――――――――――
def _process_response Found at: auth0.v3.authentication.base

def _process_response(self, response):
    try:
        text = json.loads(response.text) if response.text else {}
    except ValueError:
        return response.text
    else:
        if 'error' in text:
            raise Auth0Error(status_code=text['error'], 
                error_code=text['error'], 
                message=text['error_description'])
    
    return text

Closer look to exception's traceback

[Fri Aug 18 09:57:12.535170 2017] [wsgi:error] [pid 14121]   File "/usr/local/lib/python2.7/dist-packages/auth0/v3/authentication/get_token.py", line 49, in authorization_code
[Fri Aug 18 09:57:12.535300 2017] [wsgi:error] [pid 14121]     headers={'Content-Type': 'application/json'}
[Fri Aug 18 09:57:12.535315 2017] [wsgi:error] [pid 14121]   File "/usr/local/lib/python2.7/dist-packages/auth0/v3/authentication/base.py", line 10, in post
[Fri Aug 18 09:57:12.535366 2017] [wsgi:error] [pid 14121]     headers=headers)
[Fri Aug 18 09:57:12.535378 2017] [wsgi:error] [pid 14121]   File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 112, in post
[Fri Aug 18 09:57:12.535463 2017] [wsgi:error] [pid 14121]     return request('post', url, data=data, json=json, **kwargs)
[Fri Aug 18 09:57:12.535475 2017] [wsgi:error] [pid 14121]   File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 58, in request
[Fri Aug 18 09:57:12.535493 2017] [wsgi:error] [pid 14121]     return session.request(method=method, url=url, **kwargs)
[Fri Aug 18 09:57:12.535501 2017] [wsgi:error] [pid 14121]   File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 508, in request
[Fri Aug 18 09:57:12.535746 2017] [wsgi:error] [pid 14121]     resp = self.send(prep, **send_kwargs)
[Fri Aug 18 09:57:12.535759 2017] [wsgi:error] [pid 14121]   File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 618, in send
[Fri Aug 18 09:57:12.535775 2017] [wsgi:error] [pid 14121]     r = adapter.send(request, **kwargs)
[Fri Aug 18 09:57:12.535782 2017] [wsgi:error] [pid 14121]   File "/usr/local/lib/python2.7/dist-packages/requests/adapters.py", line 506, in send
[Fri Aug 18 09:57:12.535964 2017] [wsgi:error] [pid 14121]     raise SSLError(e, request=request)
[Fri Aug 18 09:57:12.535991 2017] [wsgi:error] [pid 14121] SSLError: HTTPSConnectionPool(host='domain.auth0.com', port=443): Max retries exceeded with url: /oauth/token (Caused by SSLError(SSLError('bad handshake: SysCallError(0, None)',),))
[Fri Aug 18 09:57:12.536003 2017] [wsgi:error] [pid 14121] None

Any thoughts?

Thanks

Lukasa

Lukasa commented on Aug 18, 2017

@Lukasa
Lukasa
on Aug 18, 2017
Member

Hrm, it's not super apparent what's happening here. SysCallError is an odd one, but I suspect this is the result of the TLS connection being shut down. Are you familiar enough with Wireshark or tcpdump to get me a packet capture of the connection attempt?

albayraktaroglu

albayraktaroglu commented on Aug 18, 2017

@albayraktaroglu
albayraktaroglu
on Aug 18, 2017 · edited by albayraktaroglu
Author

Problem solved! I was thinking that is something related with certificates and started to look into certifi in the beginning but problem is about pyOpenSSL when I compared the local and production pyOpenSSL versions, saw big version gap. Steps we followed

  • uninstalled pyOpenSSL-0.15.1

  • installed pyOpenSSL-17.2.0 (the latest version)

and it works now. Thank you for all your assistance. You can mark issue as solved 😄

Lukasa

Lukasa commented on Aug 18, 2017

@Lukasa
Lukasa
on Aug 18, 2017
Member

Thanks!

Lukasa
closed this as completedon Aug 18, 2017
bitsgalore
mentioned this on Aug 22, 2017
iamaziz

iamaziz commented on Jan 9, 2018

@iamaziz
iamaziz
on Jan 9, 2018

@albayraktaroglu thanks :)!

It was solved by pip install -U pyopenssl

codeskyblue
mentioned this on Mar 7, 2018
dochang
added 2 commits that reference this issue on Apr 20, 2018

Install pyOpenSSL for httpie test

6bdce43

Install pyOpenSSL for httpie test

e173160
dochang
added 2 commits that reference this issue on Sep 1, 2018

Install pyOpenSSL for httpie test

8ae24f6

Install pyOpenSSL for httpie test

c2194ce
fatfingers23
mentioned this on Feb 15, 2019
Bhupesh-V
mentioned this on Feb 23, 2020
x0rw

x0rw commented on Apr 5, 2020

@x0rw
x0rw
on Apr 5, 2020

EZ
use and randomize proxies

ShararAwsaf

ShararAwsaf commented on May 14, 2020

@ShararAwsaf
ShararAwsaf
on May 14, 2020

https://stackoverflow.com/q/24323858/13476428

This solution fixed the issue by syncing the openssl versions
if
--with-brewd-openssl
doesn't work try uninstalling python and then install openssl and reinstall python with homebrew with steps mentioned in the link

lapp0
mentioned this on Jun 7, 2020
RaviFefar

RaviFefar commented on Aug 31, 2020

@RaviFefar
RaviFefar
on Aug 31, 2020

Just use verify=False to ignore the SSL.

import requests

#old code
response = requests.get(url)

#new code
response = requests.get(url,verify=False)
abhijeetmane21

abhijeetmane21 commented on Sep 14, 2020

@abhijeetmane21
abhijeetmane21
on Sep 14, 2020 · edited by abhijeetmane21

@albayraktaroglu The solution is not working for me. i have upgraded to 18.0.0 but still getting error.

SSLError
HTTPSConnectionPool(host='firebasedynamiclinks.googleapis.com', port=443): Max retries exceeded with url: /v1/shortLinks?key=key (Caused by SSLError(SSLError("bad handshake: SysCallError(-1, 'Unexpected EOF')",),))
maldil

maldil commented on Sep 19, 2020

@maldil
maldil
on Sep 19, 2020

@albayraktaroglu Same story. Upgrading pyopenssl does not works for me. 👎

ShararAwsaf

ShararAwsaf commented on Sep 19, 2020

@ShararAwsaf
ShararAwsaf
on Sep 19, 2020

See my comment on May 14th.

From what I get Python needs to reference the right version of openssl. To ensure that I uninstalled both python and openssl and followed the link for reinstallation

github-actions
locked as resolved and limited conversation to collaborators on Aug 29, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @Lukasa@iamaziz@x0rw@albayraktaroglu@maldil

        Issue actions
          SSLError HTTPSConnectionPool Max retries exceeded with url: /oauth/token Caused by SSLError('bad handshake: SysCallError(0, None)) · Issue #4246 · psf/requests