ZEO icon indicating copy to clipboard operation
ZEO copied to clipboard

Published 20 hours ago verified publisher icon zopefoundation

TimeoutError on connect via SSL

Open the-moog opened this issue 6 years ago • 4 comments

See https://stackoverflow.com/questions/58684677

I can connect to Zeo server using ssl and pure Python3, but ZEO.client() always fails.

I get a TimeoutError, but I think the underlying ZEO mechanisms are hiding the true error which I think is coming from ssl.

Is there a way to increate the debug log level?

the-moog avatar Nov 03 '19 21:11 the-moog

the-moog wrote at 2019-11-3 13:19 -0800:

See https://stackoverflow.com/questions/58684677

I can connect to Zeo server using ssl and pure Python3, but ZEO.client() always fails.

I get a TimeoutError, but I think the underlying ZEO mechanisms are hiding the true error which I think is coming from ssl.

Is there a way to increate the debug log level?

I had a similar problem with some ZEO tests. Those tests could be controlled via an envvar to log at debug level. Maybe, you look in the ZEO test suite to find out how this works and use the same mechanism for the analysis of your case.

The ZEO test issue has been caused by certificates without the CA extension. Maybe, your certificate has the same problem.

d-maurer avatar Nov 04 '19 06:11 d-maurer

Can you give an example? I can't find any such env reading in the code, the only env that looks possible is in _forker.py, ZEO_TEST_SERVER_DEBUG. Tried setting that to 1 with no effect. I'll see if I can add some more debugging, but it seems sadly ssl itself lacks debug features.

the-moog avatar Nov 04 '19 18:11 the-moog

the-moog wrote at 2019-11-4 10:13 -0800:

Can you give an example?

No.

I can't find any such env reading in the code, the only env that looks possible is in _forker.py, ZEO_TEST_SERVER_DEBUG.

The idea is to find the places where this envvar's value is used to change something. Then ensure that in your setup similar changes become effective.

but it seems sadly ssl itself lacks debug features.

You should at least get a more precise error information. This may give a clue regarding the problem cause.

d-maurer avatar Nov 04 '19 18:11 d-maurer

I've added code to properly turn on debugging. (By adding an env variable ZEODEBUG, and modifying the code) I've also created a simple asyncio client. Uses exactly the same loop.create_connection() call.

simple ssl client - works simple asyncio client - works ZEOClient - still fails

On the server, with ZEOClient, I see what looks like self referencing code.

I get StartingServer...AcceptingConnection, then the same but twice, then three times, all in rapid succession.

Conclusion: I don't think it's SSL. Either the client or server is retrying when it has already succeeded. Eventually an async timer kills off connection attempts kicks in.

the-moog avatar Nov 16 '19 13:11 the-moog