python-mattermost-driver icon indicating copy to clipboard operation
python-mattermost-driver copied to clipboard

Published 20 hours ago verified publisher icon Vaelor

Failed to establish websocket connection: Cannot create a client socket with a PROTOCOL_TLS_SERVER context (_ssl.c:801)

Open oculos opened this issue 2 years ago • 6 comments

I get this error when using Python 3.10:

Failed to establish websocket connection: Cannot create a client socket with a PROTOCOL_TLS_SERVER context (_ssl.c:801)

Is there any websocket option I can pass to mitigate this? Best, Francis

oculos avatar Mar 03 '22 11:03 oculos

I also had the same issue. The issue seems to be the following line in websocket.py:

context = ssl.create_default_context(purpose=ssl.Purpose.CLIENT_AUTH)

Based on the official documentation, Purpose.CLIENT_AUTH is used to create server-side sockets (https://docs.python.org/3/library/ssl.html#context-creation)

I replaced the following code in websocket.py (line 32):

context = ssl.create_default_context(purpose=ssl.Purpose.CLIENT_AUTH)
if not self.options['verify']:
    context.verify_mode = ssl.CERT_NONE

with the following:

context = ssl.create_default_context(purpose=ssl.Purpose.SERVER_AUTH)
if not self.options['verify']:
    context.check_hostname = False
    context.verify_mode = ssl.CERT_NONE

Now it seems to work.

0x483d avatar Mar 03 '22 15:03 0x483d

I had not had the time to look that up, I saw that problem when I tried to run it with 3.10 too - I wasn't sure what the proper fix for that is, setting check_hostname to false sounds like it may be a security issue(?). I plan to fix thie compatibility with python 3.10 for the next release which I hopefully get to around this march.

Vaelor avatar Mar 16 '22 15:03 Vaelor

hello,

Is there any progress on it?

mazlum avatar Jul 07 '22 06:07 mazlum

Hi @Vaelor, I see you guys already fixed that SERVER_AUTH (since it is in master), but when I try to install it using pip install mattermostdriver it installs version 7.3.2 (allegedly) but still contains CLIENT_AUTH - which causes that goddamn PROTOCOL_TLS_SERVER error. Perhaps there is a misalignment btw actual versions.

maxeval avatar May 17 '23 21:05 maxeval

Hi! Do you plan to make a release? Today I got the same problem using latest 7.3.2 and monkey-patching below actually fixed that problem:

import ssl
create_default_context_orig = ssl.create_default_context
def cdc(*args, **kwargs):
    kwargs["purpose"] = ssl.Purpose.SERVER_AUTH
    return create_default_context_orig(*args, **kwargs)
ssl.create_default_context = cdc

psrok1 avatar Nov 08 '23 15:11 psrok1

Just ran into this (again). This change in websocket.py is sufficient even for Python 3.12:

                context = ssl.create_default_context(purpose=ssl.Purpose.SERVER_AUTH)
                #context = ssl.create_default_context(purpose=ssl.Purpose.CLIENT_AUTH)

This was already fixed in master about 18 months ago, so a tiny release to make the library work again without intervention would be much appreciated.

jfolz avatar Dec 29 '23 16:12 jfolz