[CENTOS] What to do if you get "(35,'SSL connect error')" in pycurl (one of them)

When the host machine executed the script including pycurl on the python2 series of CentOS 6.X, pycurl.error: (35, 'SSL connect error') Was output. .. .. Ah, SSL access is an error. ..

The mystery that similar scripts are working in the staging environment ... I researched various things while wondering, "I don't really know the difference" or "Is it possible to use it before?"

Verify in interactive mode as follows

python


import pycurl
c = pycurl.Curl()
c.setopt(pycurl.URL, 'https://XXXX')
c.setopt(pycurl.VERBOSE, True)
c.perform()

Bad log in a bad environment (I decided this was the cause) ---- The following is an excerpt ----

* NSS error -5938
* Closing connection #0
* SSL connect error

OK-like log (I judged it OK because ↓ appeared)

----- The following is an excerpt -----

< HTTP/1.1 200 OK

here, Hmmm, I wonder if pycurl itself is bad, etc. It looks okay. (Forgot how to check)

I wonder if it's the curl version in the first place.

yum info libcurl

It's the same. .. ..

I didn't know what was wrong Finally here ↓ log

* NSS error -5938

Find out about.

What is NSS? ..

I'm ignorant, when I look up NSS, https://ja.wikipedia.org/wiki/Network_Security_Services It turns out that it is an SSL library.

Hmm? Is this something wrong? So if you look further http://www.at-link.ad.jp/topics/news/news-20151105.html To reach.

It seems that there is a vulnerability for the time being, so check the version.

rpm -q nss nss-util nspr

nss-3.16.2.3-3.el6_6.x86_64
nss-util-3.16.2.3-2.el6_6.x86_64
nspr-4.10.6-1.el6_5.x86_64

It's a vulnerable guy ...

I think that I will check in the same way in an environment where the script can be executed normally.

rpm -q nss nss-util nspr

nss-3.21.0-8.el6.x86_64
nss-util-3.21.0-2.el6.x86_64
nspr-4.11.0-1.el6.x86_64

The version is completely different. Both curl and pycurl look at the NSS of the execution environment (host machine), I'm sure. .. ..

By the way,

Production


cat /etc/redhat-release
CentOS release 6.6 (Final)

Staging


cat /etc/redhat-release
CentOS release 6.8 (Final)

The version of CentOS is also different.

Maybe CentOS 6.6 is bundled with vulnerable NSS from the beginning, 6.8 bundles vulnerable NSS, I guess there is a difference.

Execute ↓ for the time being

yum update nss nss-util nspr

After that, when the script that was not executable was executed again, it became executable without any error. (Event resolution) I feel that I have spent about 8 hours from the start of the survey so far. ..

If you can't run curl, try it. .. (There is no problem if the vulnerability is dealt with)

Recommended Posts

What to do if you get "(35,'SSL connect error')" in pycurl (one of them)
What to do if you get a "No versions found" error in pipenv
What to do if you get "coverage unknown" in Coveralls
What to do if you get an error when importing matplotlib in Python (Mac)
What to do if you get a minus zero in Python
What to do if you get Swagger-codegen in python and Import Error: No module named
What to do if you get a Cannot retrieve metalink for repository error in yum
What to do if you get an error when running "certbot renew" in CakePHP environment
What to do if you get lost in file reference with FileNotFoundError
What to do if you get angry in TensorFlow v2 without attribute'app'
What to do if you get an error when trying to load mnist
What to do if you get an error when installing Dlib (Ubuntu)
What to do if you get an error saying c compiler cannot create executables in configure
What to do if you get a must override `get_config` error when trying to model.save in Keras
What to do if you get an error when installing python with pyenv
What to do if you get "Python not configured." Using PyDev in Eclipse
What to do if you get angry with "Value Error: unknown local: UTF-8" in python manage.py syncdb
What to do if you get an error when trying to send a message in tasks.loop () immediately after startup
What to do if you get an OpenSSL error when installing Python 2 with pyenv
What to do if you get `No kernel for language python found` in Hydrogen
What to do if you get a memory error when converting from PySparkDataFrame to PandasDataFrame
What to do if a 0xC0000005 error occurs in tf.train.start_queue_runners ()
What to do if you get an Import Error when importing matplotlib with Jupyter
What to do if you can't log in as root
What to do if you get the error ʻERR_FEATURE_UNAVAILABLE_ON_PLATFORM` when using ts-node-dev on Linux
What to do if you run python in IntelliJ and end with an error
What to do if you get a Call with too many input arguments error at DoAndReturn in a golang test
What to do if you get an Undefined error when trying to use pip with pyenv
What to do if you get a UnicodeDecodeError with pip install
What to do if you can't use the trash in Lubuntu 18.04.
What to do if you have corrected the mistake in the IP address of the zone file but cannot connect to the DNS server
What to do if you get angry with'vertices' must be a 2D list ... in matplotlib arrow
What to do if you can't find PDO in Laravel or CakePHP
What to do if you can't use scikit grid search in Python
What to do if you get stuck during Anaconda installation on Linux
What to do if you get a TypeError with numpy min, max
What to do if you can't install with pip in babun environment
What to do if you get Could not fetch URL 443 with pip
[OSX] [pyenv] What to do when an SSL error occurs in pip
What to do if you get `locale.Error: unsupported locale setting` when getting the day of the week from a date in Python
What to do if pipreqs results in UnicodeDecodeError
What to do if you can't pipenv shell
What to do to get google spreadsheet in python
What to do if you get an error like'Qstring' has already been set to version 1 using mne python
What to do if you get a Permission denied (public key) error when trying to pull on Github
[Python] What to do if you get a ModuleNotFoundError when importing pandas using Jupyter Notebook in Anaconda
What to do if you get the error Target WSGI script'/var/www/xxx/xxx.wsgi' cannot be loaded as python module
[Python] What to do if an error occurs in pip (pyinstaller, pyautogui, etc.)
What to do if you get angry with swapon failed: Operation not permitted
[python] What to do when an error occurs in send_keys of headless chrome
What to do if a Unicode Encode Error occurs in Sublime Text Python
[Python] What to check when you get a Unicode Decode Error in Django
What to do if a version error occurs in the selenium Chrome driver
What to do if an SSL connection error (ssl.SSLError: [SSL: DH_KEY_TOO_SMALL]) occurs on Ubuntu 20.04
What to do if pip install fails in Xcode 5.1
What to do if you can't pip install mysqlclient
ModuleNotFoundError: No module What to do if you get'tensorflow.contrib'
What to do if a UnicodeDecodeError occurs in pip
What to do if you get the error Input contains NaN, infinity or a value too large for dtype ('float64'). In machine learning
What to do if you get the error RuntimeError: Python is not installed as a framework when trying to use matplitlib and pylab in Python 3.3
What to do if the print command itself causes an error in Maya python