Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Stderr spammed with ssl-related error messages #3675

Closed
AMDmi3 opened this issue Apr 1, 2019 · 9 comments
Closed

Stderr spammed with ssl-related error messages #3675

AMDmi3 opened this issue Apr 1, 2019 · 9 comments
Assignees
Labels
client question StackOverflow

Comments

@AMDmi3
Copy link
Contributor

AMDmi3 commented Apr 1, 2019

Long story short

On SSL errors in connection, aiohttp issues messages to stderr. This doesn't seem to be correct behavior as these messages clobber actual application output, there's nothing useful can be done with them, and we have exceptions to actually handle the errors.

Expected behaviour

No messages from aiohttp on stderr.

Actual behaviour

A lot of messages even from a single request (output from the example program listed below):

SSL handshake failed on verifying the certificate
protocol: <asyncio.sslproto.SSLProtocol object at 0x802828cf8>
transport: <_SelectorSocketTransport fd=6 read=polling write=<idle, bufsize=0>>
Traceback (most recent call last):
  File "/usr/local/lib/python3.7/asyncio/sslproto.py", line 625, in _on_handshake_complete
    raise handshake_exc
  File "/usr/local/lib/python3.7/asyncio/sslproto.py", line 189, in feed_ssldata
    self._sslobj.do_handshake()
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch, certificate is not valid for 'geopandas.org'. (_ssl.c:1056)
SSL error in data received
protocol: <asyncio.sslproto.SSLProtocol object at 0x802828cf8>
transport: <_SelectorSocketTransport closing fd=6 read=idle write=<idle, bufsize=0>>
Traceback (most recent call last):
  File "/usr/local/lib/python3.7/asyncio/sslproto.py", line 526, in data_received
    ssldata, appdata = self._sslpipe.feed_ssldata(data)
  File "/usr/local/lib/python3.7/asyncio/sslproto.py", line 189, in feed_ssldata
    self._sslobj.do_handshake()
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch, certificate is not valid for 'geopandas.org'. (_ssl.c:1056)
SSL handshake failed on verifying the certificate
protocol: <asyncio.sslproto.SSLProtocol object at 0x8028b90f0>
transport: <_SelectorSocketTransport fd=6 read=polling write=<idle, bufsize=0>>
Traceback (most recent call last):
  File "/usr/local/lib/python3.7/asyncio/sslproto.py", line 625, in _on_handshake_complete
    raise handshake_exc
  File "/usr/local/lib/python3.7/asyncio/sslproto.py", line 189, in feed_ssldata
    self._sslobj.do_handshake()
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch, certificate is not valid for 'geopandas.org'. (_ssl.c:1056)
SSL error in data received
protocol: <asyncio.sslproto.SSLProtocol object at 0x8028b90f0>
transport: <_SelectorSocketTransport closing fd=6 read=idle write=<idle, bufsize=0>>
Traceback (most recent call last):
  File "/usr/local/lib/python3.7/asyncio/sslproto.py", line 526, in data_received
    ssldata, appdata = self._sslpipe.feed_ssldata(data)
  File "/usr/local/lib/python3.7/asyncio/sslproto.py", line 189, in feed_ssldata
    self._sslobj.do_handshake()
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch, certificate is not valid for 'geopandas.org'. (_ssl.c:1056)

Steps to reproduce

Despite SSL exception is intercepted, stderr is still polluted by a lot of errors as listed above.

import aiohttp
import asyncio

async def main():
    try:
        async with aiohttp.ClientSession() as sess:
            async with sess.head('https://geopandas.org/') as resp:
                print('ok',resp.status_code)
    except aiohttp.client_exceptions.ClientConnectorCertificateError:
        print('SSL error caught')

asyncio.run(main())

Your environment

aiohttp 3.5.4 (client), FreeBSD 12.0 amd64, python 3.7, no proxy server

@aio-libs-bot
Copy link

GitMate.io thinks the contributor most likely able to help you is @asvetlov.

Possibly related issues are #3242 (Error), #2822 (Unexpected SSL error (CERTIFICATE_VERIFY_FAILED)), #3393 (Fatal error on SSL transport), #3292 (Can't suppress all SSL verification errors), and #950 (WebSocket bad logic/error message).

@webknjaz
Copy link
Member

webknjaz commented Apr 1, 2019

Are you sure that it's aiohttp and not asyncio dumping such logs?

@webknjaz webknjaz added question StackOverflow client labels Apr 1, 2019
@aio-libs-bot aio-libs-bot added bug and removed client question StackOverflow labels Apr 1, 2019
@AMDmi3
Copy link
Contributor Author

AMDmi3 commented Apr 1, 2019

Are you sure that it's aiohttp and not asyncio dumping such logs?

Oh, I'm not. Judging by the tracebacks it's likely the case, sorry for the noise then.

@webknjaz
Copy link
Member

webknjaz commented Apr 1, 2019

Well, just check that first and maybe try setting up the logging to better identify the log sources. I think @asvetlov fixed something like this a while back in CPython so maybe also try Python 3.8 dev/alpha release.

@Harmon758
Copy link
Member

This is an issue with asyncio rather than aiohttp.
See https://bugs.python.org/issue34506 and https://stackoverflow.com/q/52012488/6191255.

@asvetlov
Copy link
Member

Not the same but tightly coupled with #3535

@Harmon758
Copy link
Member

This should now be fixed with python/cpython#13548 in Python 3.8.0 (and with python/cpython#13594 in Python 3.7.4). See https://bugs.python.org/issue37035.

@AMDmi3
Copy link
Contributor Author

AMDmi3 commented Oct 28, 2019

I'll confirm it - still waiting for 3.8.0 to appear in FreeBSD ports.

@AMDmi3
Copy link
Contributor Author

AMDmi3 commented Nov 18, 2019

Confirmed - with python 3.8 the problem is gone.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
client question StackOverflow
Projects
None yet
Development

No branches or pull requests

5 participants