GWDataFind server cannot handle proxy X.509 certificates
Summary
The new server can't handle proxy certificates. The old server can handle them (sort of).
How to reproduce
Consider the following python script:
#!/usr/bin/env python3
import os
import sys
import requests
host = "datafind-test.ligo.uwm.edu"
x509 = os.getenv('X509_USER_PROXY', "/tmp/x509up_u{}".format(os.geteuid()))
print(x509)
print(requests.get(
"https://{}:443/LDR/services/data/v1/gwf/L.json".format(host),
cert=x509,
).json())
The following then fails:
$ ligo-proxy-init -p duncan.macleod
Your identity: duncan.macleod@LIGO.ORG
Enter pass phrase for this identity:
Creating proxy .................................... Done
Your proxy is valid until: Nov 7 02:53:50 2020 GMT
$ grid-proxy-info
subject : /DC=org/DC=cilogon/C=US/O=LIGO/CN=Duncan Macleod duncan.macleod@ligo.org/CN=689830796
issuer : /DC=org/DC=cilogon/C=US/O=LIGO/CN=Duncan Macleod duncan.macleod@ligo.org
identity : /DC=org/DC=cilogon/C=US/O=LIGO/CN=Duncan Macleod duncan.macleod@ligo.org
type : RFC 3820 compliant impersonation proxy
strength : 2048 bits
path : /tmp/x509up_u42171
timeleft : 275:59:57 (11.5 days)
$ python3 test-datafind.py
/tmp/x509up_u42171
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/requests/packages/urllib3/connectionpool.py", line 672, in urlopen
chunked=chunked,
File "/usr/lib/python3.6/site-packages/requests/packages/urllib3/connectionpool.py", line 421, in _make_request
six.raise_from(e, None)
File "<string>", line 3, in raise_from
File "/usr/lib/python3.6/site-packages/requests/packages/urllib3/connectionpool.py", line 416, in _make_request
httplib_response = conn.getresponse()
File "/usr/lib64/python3.6/http/client.py", line 1346, in getresponse
response.begin()
File "/usr/lib64/python3.6/http/client.py", line 307, in begin
version, status, reason = self._read_status()
File "/usr/lib64/python3.6/http/client.py", line 268, in _read_status
line = str(self.fp.readline(_MAXLINE + 1), "iso-8859-1")
File "/usr/lib64/python3.6/socket.py", line 586, in readinto
return self._sock.recv_into(b)
File "/usr/lib/python3.6/site-packages/requests/packages/urllib3/contrib/pyopenssl.py", line 332, in recv_into
raise ssl.SSLError("read error: %r" % e)
ssl.SSLError: ("read error: Error([('SSL routines', 'ssl3_read_bytes', 'sslv3 alert certificate unknown'), ('SSL routines', 'ssl3_read_bytes', 'ssl handshake failure')],)",)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/requests/adapters.py", line 438, in send
timeout=timeout
File "/usr/lib/python3.6/site-packages/requests/packages/urllib3/connectionpool.py", line 720, in urlopen
method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]
File "/usr/lib/python3.6/site-packages/requests/packages/urllib3/util/retry.py", line 436, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
requests.packages.urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='datafind-test.ligo.uwm.edu', port=443): Max retries exceeded with url: /LDR/services/data/v1/gwf/L.json (Caused by SSLError(SSLError("read error: Error([('SSL routines', 'ssl3_read_bytes', 'sslv3 alert certificate unknown'), ('SSL routines', 'ssl3_read_bytes', 'ssl handshake failure')],)",),))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "test-datafind.py", line 12, in <module>
cert=x509,
File "/usr/lib/python3.6/site-packages/requests/api.py", line 72, in get
return request('get', url, params=params, **kwargs)
File "/usr/lib/python3.6/site-packages/requests/api.py", line 58, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/lib/python3.6/site-packages/requests/sessions.py", line 530, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3.6/site-packages/requests/sessions.py", line 651, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3.6/site-packages/requests/adapters.py", line 502, in send
raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='datafind-test.ligo.uwm.edu', port=443): Max retries exceeded with url: /LDR/services/data/v1/gwf/L.json (Caused by SSLError(SSLError("read error: Error([('SSL routines', 'ssl3_read_bytes', 'sslv3 alert certificate unknown'), ('SSL routines', 'ssl3_read_bytes', 'ssl handshake failure')],)",),))