[Pkg-openssl-devel] Bug#665452: Bug#665452: openssl > 1.0.0 breaks python-cloudfiles

Wed Apr 25 09:37:53 UTC 2012

After some wiresharking I've came to the conclusion that it is the host
auth.api.rackspacecloud.com:443 that is requested.

This is the output of a command similar to those mentioned before in this
bug:

joar at lina:~/git/mediagoblin$ openssl s_client -connect auth.api.rackspacecloud.com:443
CONNECTED(00000004)
depth=0 C = US, O = auth.api.rackspacecloud.com, OU = GT47404894, OU = See www.geotrust.com/resources/cps (c)09, OU = Domain Control Validated - QuickSSL(R), CN = auth.api.rackspacecloud.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = US, O = auth.api.rackspacecloud.com, OU = GT47404894, OU = See www.geotrust.com/resources/cps (c)09, OU = Domain Control Validated - QuickSSL(R), CN = auth.api.rackspacecloud.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 C = US, O = auth.api.rackspacecloud.com, OU = GT47404894, OU = See www.geotrust.com/resources/cps (c)09, OU = Domain Control Validated - QuickSSL(R), CN = auth.api.rackspacecloud.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/C=US/O=auth.api.rackspacecloud.com/OU=GT47404894/OU=See www.geotrust.com/resources/cps (c)09/OU=Domain Control Validated - QuickSSL(R)/CN=auth.api.rackspacecloud.com
   i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDSDCCArGgAwIBAgIDC+cgMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDkwNzEwMTEzNDU0WhcNMTQwNzExMDI1NzU5
WjCB0jELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG2F1dGguYXBpLnJhY2tzcGFjZWNs
b3VkLmNvbTETMBEGA1UECxMKR1Q0NzQwNDg5NDExMC8GA1UECxMoU2VlIHd3dy5n
ZW90cnVzdC5jb20vcmVzb3VyY2VzL2NwcyAoYykwOTEvMC0GA1UECxMmRG9tYWlu
IENvbnRyb2wgVmFsaWRhdGVkIC0gUXVpY2tTU0woUikxJDAiBgNVBAMTG2F1dGgu
YXBpLnJhY2tzcGFjZWNsb3VkLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEA3RHT8usNdod+LpWCuGUPlHirMrqfbbpDdn5YJWEsnnCoH7JX0g0fLZXRsidF
XkE4wktgUeOLblbQN7pOXj/cEiiRwD9cUsUDKnkzBshTOVN91UGq36KUuC5PsmzO
T4Mx7747AdNRYA2G1oFZCgQDL9NGLp+ravl1gi2TAGwyyAsCAwEAAaOBrjCBqzAO
BgNVHQ8BAf8EBAMCBPAwHQYDVR0OBBYEFO+L8KgBgmIm8XOp1vHP12Y00sraMDoG
A1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwuZ2VvdHJ1c3QuY29tL2NybHMvc2Vj
dXJlY2EuY3JsMB8GA1UdIwQYMBaAFEjmaPkr0rKV10fYIyAQTzOYkJ/UMB0GA1Ud
JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQUFAAOBgQAgiQGt
u3sNBuEvxwFAUgDkEgXNz5gBH+Y1szcmpp2OxW1NWHYT31Fif/tB7d9qT8ssjr9G
uWC3sPqR/logqqE1zRWQIixaNvhX3bTUIPcxBTqVG+/HZRYJznhbWe5KCZ6Q9PpM
Q1p/YaYUhpmG6ROHfpBXugtpe6/dlTGgeQb4QA==
-----END CERTIFICATE-----
subject=/C=US/O=auth.api.rackspacecloud.com/OU=GT47404894/OU=See www.geotrust.com/resources/cps (c)09/OU=Domain Control Validated - QuickSSL(R)/CN=auth.api.rackspacecloud.com
issuer=/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
No client certificate CA names sent
---
SSL handshake has read 1001 bytes and written 506 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.1
    Cipher    : RC4-SHA
    Session-ID: D1E0F026A4954B03CAC3790825543A153CD06AE39C0571C6347756CACD12CE74
    Session-ID-ctx: 
    Master-Key: A1584B09A7125A765DB851C46E842090697CB5556FFB1733F35B493ED309586AB94577B3F237C5F66AC479F1236A5B6A
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1335346375
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---
read:errno=0

Looks like the TLSv1.1 error you mentioned.

/Joar

On Mon, Apr 23, 2012 at 11:10:36PM +0200, Kurt Roeckx wrote:
> On Mon, Apr 23, 2012 at 09:16:34PM +0200, Joar Wandborg wrote:
> > I get the following errors in python
> > 
> > (mediagoblin)joar at lina:~/git/mediagoblin$ python
> > Python 2.7.2+ (default, Oct  4 2011, 20:06:09) 
> > [GCC 4.6.1] on linux2
> > Type "help", "copyright", "credits" or "license" for more information.
> > >>> import cloudfiles
> > >>> conn = cloudfiles.get_connection(username='blah', api_key='dah')
> [...]
> >   File "/usr/lib/python2.7/ssl.py", line 296, in do_handshake
> >     self._sslobj.do_handshake()
> > ssl.SSLError: [Errno 1] _ssl.c:503: error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol
> 
> I'm not sure how this is relavate to the bug report?  I will
> clearly need more details other than that it gives you an error,
> like what site are you trying to connect to, what protocol do you
> want to use?
> 
> 
> Kurt
> 