Skip to content

SSLError HTTPSConnectionPool Max retries exceeded with url: /oauth/token Caused by SSLError('bad handshake: SysCallError(0, None)) #4246

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
albayraktaroglu opened this issue Aug 17, 2017 · 12 comments
Closed

SSLError HTTPSConnectionPool Max retries exceeded with url: /oauth/token Caused by SSLError('bad handshake: SysCallError(0, None)) #4246

albayraktaroglu opened this issue Aug 17, 2017 · 12 comments

Comments

@albayraktaroglu
Copy link

Summary

The problem that I am having is showing up after user enters their credentials at the Auth0's lock screen. When I looked at Auth0 Dashboard's log section I can see users can login successfully ( I see both Success Exchange, Success Login ). Then call back function is triggering the callback call. At that point production and test(localhost) environments differs from each other.
In localhost I can see the status code 302 Found status code on the localhost but not in the production server. In production server I am seeing the status code 500 INTERNAL SERVER ERROR.

When I checked the server side I saw it was failing at the token line of the callback function

@app.route('/callback')
def callback_handling():
     code = request.args.get('CODE_KEY')
     get_token = GetToken('AUTH0_DOMAIN')
     auth0_users = Users('AUTH0_DOMAIN')
     token = get_token.authorization_code('AUTH0_CLIENT_ID'], ['AUTH0_CLIENT_SECRET', code, 'AUTH0_CALLBACK_URL')   # FAILING HERE # 
     user_info = auth0_users.userinfo(token['access_token'])
     .....
     ...
     ..
     return redirect('/some_path')

When I checked the credentials they all look what they are supposed to be. So in the server logs I am seeing this keywords in the servers.

ERROR in app: Exception on /callback
raise SSLError(e, request=request)
SSLError: HTTPSConnectionPool(host='my_domain.auth0.com', port=443): Max retries exceeded with url: /oauth/token (Caused by SSLError(SSLError('bad handshake: SysCallError(0, None)',),))

I am thinking server might be rejecting the certificate or something and after seeing this link thought opening issue might be helpful.

Ubuntu 16.04, Python 2.7.12, certifi 2017.7.27.1

Expected Result

In the callback function returns token

token = get_token.authorization_code('AUTH0_CLIENT_ID', 'AUTH0_CLIENT_SECRET', code, 'AUTH0_CALLBACK_URL')

Actual Result

SSLError: HTTPSConnectionPool(host='my_domain.auth0.com', port=443): Max retries exceeded with url: /oauth/token (Caused by SSLError(SSLError('bad handshake: SysCallError(0, None)',

Reproduction Steps

import requests

System Information

$ python -m requests.help

python -m requests.help
{
  "chardet": {
    "version": "3.0.4"
  }, 
  "cryptography": {
    "version": "1.2.3"
  }, 
  "idna": {
    "version": "2.6"
  }, 
  "implementation": {
    "name": "CPython", 
    "version": "2.7.12"
  }, 
  "platform": {
    "release": "3.13.0-43-generic", 
    "system": "Linux"
  }, 
  "pyOpenSSL": {
    "openssl_version": "1000207f", 
    "version": "0.15.1"
  }, 
  "requests": {
    "version": "2.18.4"
  }, 
  "system_ssl": {
    "version": "1000207f"
  }, 
  "urllib3": {
    "version": "1.22"
  }, 
  "using_pyopenssl": true
}

This command is only available on Requests v2.16.4 and greater. Otherwise,
please provide some basic information about your system (Python version,
operating system, &c).
@albayraktaroglu albayraktaroglu changed the title SSLError: HTTPSConnectionPool(host='oraclis.auth0.com', port=443): Max retries exceeded with url: /oauth/token (Caused by SSLError(SSLError('bad handshake: SysCallError(0, None)',),)) SSLError: HTTPSConnectionPool(host='mydomain.auth0.com', port=443): Max retries exceeded with url: /oauth/token (Caused by SSLError(SSLError('bad handshake: SysCallError(0, None)',),)) Aug 17, 2017
@albayraktaroglu albayraktaroglu changed the title SSLError: HTTPSConnectionPool(host='mydomain.auth0.com', port=443): Max retries exceeded with url: /oauth/token (Caused by SSLError(SSLError('bad handshake: SysCallError(0, None)',),)) SSLError HTTPSConnectionPool Max retries exceeded with url: /oauth/token Caused by SSLError('bad handshake: SysCallError(0, None)) Aug 17, 2017
@Lukasa
Copy link
Member

Lukasa commented Aug 18, 2017

Thanks for this report! I think we need to see a bit more of the actual Requests code. It seems like the server is rejecting the handshake but it's hard to know more without seeing your requests call.

@albayraktaroglu
Copy link
Author

Hi Lukasa,

The code below is being called by token = get_token.authorization_code('AUTH0_CLIENT_ID'], ['AUTH0_CLIENT_SECRET', code, 'AUTH0_CALLBACK_URL') function which is located in my callback function.

import json
import requests
from ..exceptions import Auth0Error


class AuthenticationBase(object):

    def post(self, url, data=None, headers=None):
        response = requests.post(url=url, data=json.dumps(data),
                                 headers=headers)
        return self._process_response(response)

    def get(self, url, params=None, headers=None):
        return requests.get(url=url, params=params, headers=headers).text

    def _process_response(self, response):
        try:
            text = json.loads(response.text) if response.text else {}
        except ValueError:
            return response.text
        else:
            if 'error' in text:
                raise Auth0Error(status_code=text['error'],
                                 error_code=text['error'],
                                 message=text['error_description'])
        return text

More deeper

instancemethod: <bound method GetToken._process_response of <auth0.v3.authentication.
 get_token.GetToken object at 0x7f4ff00a8450>>

――――――――――――――――――――――――――――――――――――――――
def _process_response Found at: auth0.v3.authentication.base

def _process_response(self, response):
    try:
        text = json.loads(response.text) if response.text else {}
    except ValueError:
        return response.text
    else:
        if 'error' in text:
            raise Auth0Error(status_code=text['error'], 
                error_code=text['error'], 
                message=text['error_description'])
    
    return text

Closer look to exception's traceback

[Fri Aug 18 09:57:12.535170 2017] [wsgi:error] [pid 14121]   File "/usr/local/lib/python2.7/dist-packages/auth0/v3/authentication/get_token.py", line 49, in authorization_code
[Fri Aug 18 09:57:12.535300 2017] [wsgi:error] [pid 14121]     headers={'Content-Type': 'application/json'}
[Fri Aug 18 09:57:12.535315 2017] [wsgi:error] [pid 14121]   File "/usr/local/lib/python2.7/dist-packages/auth0/v3/authentication/base.py", line 10, in post
[Fri Aug 18 09:57:12.535366 2017] [wsgi:error] [pid 14121]     headers=headers)
[Fri Aug 18 09:57:12.535378 2017] [wsgi:error] [pid 14121]   File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 112, in post
[Fri Aug 18 09:57:12.535463 2017] [wsgi:error] [pid 14121]     return request('post', url, data=data, json=json, **kwargs)
[Fri Aug 18 09:57:12.535475 2017] [wsgi:error] [pid 14121]   File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 58, in request
[Fri Aug 18 09:57:12.535493 2017] [wsgi:error] [pid 14121]     return session.request(method=method, url=url, **kwargs)
[Fri Aug 18 09:57:12.535501 2017] [wsgi:error] [pid 14121]   File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 508, in request
[Fri Aug 18 09:57:12.535746 2017] [wsgi:error] [pid 14121]     resp = self.send(prep, **send_kwargs)
[Fri Aug 18 09:57:12.535759 2017] [wsgi:error] [pid 14121]   File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 618, in send
[Fri Aug 18 09:57:12.535775 2017] [wsgi:error] [pid 14121]     r = adapter.send(request, **kwargs)
[Fri Aug 18 09:57:12.535782 2017] [wsgi:error] [pid 14121]   File "/usr/local/lib/python2.7/dist-packages/requests/adapters.py", line 506, in send
[Fri Aug 18 09:57:12.535964 2017] [wsgi:error] [pid 14121]     raise SSLError(e, request=request)
[Fri Aug 18 09:57:12.535991 2017] [wsgi:error] [pid 14121] SSLError: HTTPSConnectionPool(host='domain.auth0.com', port=443): Max retries exceeded with url: /oauth/token (Caused by SSLError(SSLError('bad handshake: SysCallError(0, None)',),))
[Fri Aug 18 09:57:12.536003 2017] [wsgi:error] [pid 14121] None

Any thoughts?

Thanks

@Lukasa
Copy link
Member

Lukasa commented Aug 18, 2017

Hrm, it's not super apparent what's happening here. SysCallError is an odd one, but I suspect this is the result of the TLS connection being shut down. Are you familiar enough with Wireshark or tcpdump to get me a packet capture of the connection attempt?

@albayraktaroglu
Copy link
Author

albayraktaroglu commented Aug 18, 2017
edited
Loading

Problem solved! I was thinking that is something related with certificates and started to look into certifi in the beginning but problem is about pyOpenSSL when I compared the local and production pyOpenSSL versions, saw big version gap. Steps we followed

  • uninstalled pyOpenSSL-0.15.1

  • installed pyOpenSSL-17.2.0 (the latest version)

and it works now. Thank you for all your assistance. You can mark issue as solved 😄

@Lukasa
Copy link
Member

Lukasa commented Aug 18, 2017

Thanks!

@Lukasa Lukasa closed this as completed Aug 18, 2017
@bitsgalore bitsgalore mentioned this issue Aug 22, 2017
Closed
@iamaziz
Copy link

iamaziz commented Jan 9, 2018

@albayraktaroglu thanks :)!

It was solved by pip install -U pyopenssl

@codeskyblue codeskyblue mentioned this issue Mar 7, 2018
Closed
dochang added a commit to dochang/mb-url that referenced this issue Apr 20, 2018
@dochang
Install pyOpenSSL for httpie test
6bdce43 
psf/requests#4246 (comment)
dochang added a commit to dochang/mb-url that referenced this issue Apr 20, 2018
@dochang
Install pyOpenSSL for httpie test
e173160 
psf/requests#4246 (comment)
dochang added a commit to dochang/mb-url that referenced this issue Sep 1, 2018
@dochang
Install pyOpenSSL for httpie test
8ae24f6 
psf/requests#4246 (comment)
dochang added a commit to dochang/mb-url that referenced this issue Sep 1, 2018
@dochang
Install pyOpenSSL for httpie test
c2194ce 
psf/requests#4246 (comment)
@fatfingers23 fatfingers23 mentioned this issue Feb 15, 2019
Closed
@Bhupesh-V Bhupesh-V mentioned this issue Feb 23, 2020
Closed
@x0rw
Copy link

x0rw commented Apr 5, 2020

EZ
use and randomize proxies

@ShararAwsaf
Copy link

https://stackoverflow.com/q/24323858/13476428

This solution fixed the issue by syncing the openssl versions
if
--with-brewd-openssl
doesn't work try uninstalling python and then install openssl and reinstall python with homebrew with steps mentioned in the link

@lapp0 lapp0 mentioned this issue Jun 7, 2020
Closed
@RaviFefar
Copy link

Just use verify=False to ignore the SSL.

import requests

#old code
response = requests.get(url)

#new code
response = requests.get(url,verify=False)

@abhijeetmane21
Copy link

abhijeetmane21 commented Sep 14, 2020
edited
Loading

@albayraktaroglu The solution is not working for me. i have upgraded to 18.0.0 but still getting error.

SSLError
HTTPSConnectionPool(host='firebasedynamiclinks.googleapis.com', port=443): Max retries exceeded with url: /v1/shortLinks?key=key (Caused by SSLError(SSLError("bad handshake: SysCallError(-1, 'Unexpected EOF')",),))

@maldil
Copy link

maldil commented Sep 19, 2020

@albayraktaroglu Same story. Upgrading pyopenssl does not works for me. 👎

@ShararAwsaf
Copy link

See my comment on May 14th.

From what I get Python needs to reference the right version of openssl. To ensure that I uninstalled both python and openssl and followed the link for reinstallation

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 29, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@Lukasa @iamaziz @x0rw @albayraktaroglu @maldil @ShararAwsaf @abhijeetmane21 @RaviFefar