clang-tidy-html icon indicating copy to clipboard operation
clang-tidy-html copied to clipboard

Published 20 hours ago verified publisher icon austinbhale

SSLError: ('No cipher can be selected.',)

Open RobertZickler opened this issue 2 years ago • 1 comments

Greetings, if had an issue with the new release (1.6.1):

Traceback (most recent call last):
  File "/usr/local/bin/clang-tidy-html", line 11, in <module>
    sys.exit(main())
  File "/usr/local/lib/python3.6/site-packages/clang_html/clang_visualizer.py", line 89, in main
    clang_tidy_visualizer(tidy_log_lines, output_path, args.checks_dict_url)
  File "/usr/local/lib/python3.6/site-packages/clang_html/clang_visualizer.py", line 102, in clang_tidy_visualizer
    checks_dict = find_checks_dict(checks_dict_url)
  File "/usr/local/lib/python3.6/site-packages/clang_html/clang_visualizer.py", line 196, in find_checks_dict
    session.mount('https://', TLSAdapter())
  File "/usr/local/lib/python3.6/site-packages/requests/adapters.py", line 130, in __init__
    self.init_poolmanager(pool_connections, pool_maxsize, block=pool_block)
  File "/usr/local/lib/python3.6/site-packages/clang_html/clang_visualizer.py", line 189, in init_poolmanager
    ctx.set_ciphers('DEFAULT@SECLEVEL=1')
ssl.SSLError: ('No cipher can be selected.',)

https://github.com/austinbhale/clang-tidy-html/blob/782d2ebd7b50029b5af6b7d3ee2ae7d486c2d5e6/clang_html/clang_visualizer.py#L189

I tried it with this suggested ciphers: https://github.com/pschmitt/roombapy/issues/63#issuecomment-797372757 and got it working with:

ctx.set_ciphers('DEFAULT:!DH')

Due to the fact that I don't know a thing about what is happening there and don't have the time right now to investigate the problem deeper, I can't say if it is the right way to fix the problem.

Some side note: I run the package with GitLab Runner on CentOS 7.

Kind regards Robert

RobertZickler avatar Jan 03 '23 12:01 RobertZickler

I'm also seeing this behavior in one of my two relevant build environments. Neither build environment shows "DEFAULT@SECLEVEL=1" in the output of ctx.get_ciphers() or in the file pointed to by certifi.where(), so I don't have any idea how clang_html could avoid the exception raised by the "ctx.set_ciphers('DEFAULT@SECLEVEL=1')" line in the build environment where I'm seeing this problem. Assuming this line is necessary to work around problems in other environments, my best suggestion would be to embed it in a try/except/pass, so that in environments where it raises an exception and is not necessary (such as mine), clang_html will work properly:

        try:
            ctx.set_ciphers('DEFAULT@SECLEVEL=1')
        except:
            pass

Note that changing "ctx.set_ciphers('DEFAULT@SECLEVEL=1')" to "ctx.set_ciphers('DEFAULT:!DH')" would also work in both of my build environments.

JoevDubach avatar Jan 05 '23 21:01 JoevDubach