Hi, > > Reddy writes: > > > ... > > > I'm trying to use locust (http://locust.io/) to run load test of one site > > > we're developing. Everything was running nice and smooth until we switch > > > the servers to use SNI. SNI is not officially supported in python 2.7.5 > > > you have two options: > > > > Python 2.7.9 implements PEP 466 "Network Security Enhancements for > > Python 2.7.x" including TLS 1.1, 1.2 and SNI support. 2.7.9 will be > > released shortly. You could try the 2.7 branch from hg.python.org. > > > > Use PyOpenSSL instead of Python's ssl module. It supports SNI, too. > > > A recent post in this list regarding missing SNI support in Python 2.x > > got as a suggestion to use the "backports.ssl" package on PyPI. > > Thanks Christian and Dieter for your prompt responses! > I tried yesterday with Python built from > https://hg.python.org/cpython/archive/9b4673d7b046.tar.gz. I also do use > pyOpenSSL as described at http://stackoverflow.com/a/19477363 so I used pip > to install pyOpenSSL, ndg-httpsclient and pyasn1 as well as patched locust > startup file with the following: > > from urllib3.contrib import pyopenssl > pyopenssl.inject_into_urllib3() > > I also tried adding the following: > from functools import partial > ssl.wrap_socket = partial(ssl.wrap_socket, ssl_version=ssl.PROTOCOL_TLSv1) > > Finally, I've just tried with: > /usr/local/bin/pip2.7 install backports.ssl > > and patching the lucust file with: > > import backports.ssl as ssl > import backports.ssl.monkey as monkey > import requests > monkey.patch() > > I've also added verify=False to my locust test scripts to disable certificate > verification according to http://docs.locust.io/en/latest/api.html > > ...And I still get exactly the same error: > > [2014-09-30 14:19:41,793] ip-x-x-x-x/ERROR/stderr: File > "build/bdist.linux-x86_64/egg/OpenSSL/SSL.py", line 977, in sendall > [2014-09-30 14:19:41,793] ip-x-x-x-x/ERROR/stderr: File > "build/bdist.linux-x86_64/egg/OpenSSL/SSL.py", line 849, in _raise_ssl_error > [2014-09-30 14:19:41,794] ip-x-x-x-x/ERROR/stderr: OpenSSL.SSL > [2014-09-30 14:19:41,794] ip-x-x-x-x/ERROR/stderr: . > [2014-09-30 14:19:41,794] ip-x-x-x-x/ERROR/stderr: WantWriteError > > Now I'm starting to think it's something else than SNI, but all those scripts > were working nice before and the only change done was turning on the SNI on > tested servers... > > Any idea what my actually cause this WantWriteError? > --
I think I have a clue what's wrong. By default using: /usr/local/bin/pip2.7 install pyOpenSSL ndg-httpsclient pyasn1 gives me pyOpenSSL version 0.14. When I downgrade it to 0.13 with /usr/local/bin/pip2.7 install pyOpenSSL==0.13 everything works nice and smooth. Interestingly, on my local Ubuntu I do have 0.14 version of that package and it works well there... I noticed that dowgrading it to 0.13 buids 'OpenSSL.crypto' extension and that does not happen when installing v. 0.14 so I guess there's simply a connection to openssl missing somehow there in 0.14. According to https://github.com/pyca/pyopenssl/releases there was a big change there: "Second, pyOpenSSL is no longer implemented in C as a collection of extension modules using the Python/C API. Instead, pyOpenSSL is now a pure-Python project with a dependency on a new project, http://github.com/pyca/cryptography, which provides (among other things) a cffi-based interface to OpenSSL." but I also have the most recent version of cryptography (0.6) installed there. And again - it works on local Ubuntu. Weird. I guess I'll just stick to pyOpenSSL==0.13 for the time being, unless somebody gives me a hint what I'm doing wrong with 0.14 :) Br, Reddy -- https://mail.python.org/mailman/listinfo/python-list
