Project

General

Profile

Scénario #11490

Réactiver SSLv3 sur les projets python

Added by Daniel Dehennin almost 6 years ago. Updated almost 6 years ago.

Status:
Terminé (Sprint)
Priority:
Normal
Assigned To:
Category:
-
Start date:
05/13/2015
Due date:
05/29/2015
% Done:

100%

Estimated time:
(Total: 2.00 h)
Spent time:
(Total: 0.75 h)
Story points:
1.0
Remaining (hours):
0.00 hour
Velocity based estimate:
Release relationship:
Auto

Subtasks

ead - Tâche #11610: Réactiver SSLv3 pour l’EADFerméDaniel Dehennin

EoleSSO - Tâche #11611: Réactiver SSLv3 pour le SSOFerméDaniel Dehennin


Related issues

Related to EoleSSO - Tâche #11329: Désactiver le SSLv3 sur EoleSSO Fermé 04/20/2015
Related to ead - Tâche #11332: Désactiver le SSLv3 sur l'EAD Fermé 04/20/2015

History

#1 Updated by Daniel Dehennin almost 6 years ago

  • Distribution changed from EOLE 2.5 to EOLE 2.3

La désactivation du SSLv3 fait planter les applications utilisant la bibliothèque SSL de python.

Dès qu’il faut valider un token SSO, ça plante, par exemple, pour EOP sur 2.3:

root@scribe:~# cat /var/log/eoleflask/eop.log 
Exception on /login [GET]
Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.6/flask/app.py", line 1504, in wsgi_app
    response = self.full_dispatch_request()
  File "/usr/lib/pymodules/python2.6/flask/app.py", line 1264, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/usr/lib/pymodules/python2.6/flask/app.py", line 1262, in full_dispatch_request
    rv = self.dispatch_request()
  File "/usr/lib/pymodules/python2.6/flask/app.py", line 1248, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "/usr/lib/pymodules/python2.6/eop/views.py", line 96, in login
    return user.authenticate()
  File "/usr/lib/pymodules/python2.6/eop/cas.py", line 55, in authenticate
    if self.is_authenticated():
  File "/usr/lib/pymodules/python2.6/eop/cas.py", line 75, in is_authenticated
    username = self.validate(request.args.get('ticket'))
  File "/usr/lib/pymodules/python2.6/eop/cas.py", line 92, in validate
    f_validate   = urllib.urlopen(cas_validate)
  File "/usr/lib/python2.6/urllib.py", line 86, in urlopen
    return opener.open(url)
  File "/usr/lib/python2.6/urllib.py", line 205, in open
    return getattr(self, name)(url)
  File "/usr/lib/python2.6/urllib.py", line 439, in open_https
    h.endheaders()
  File "/usr/lib/python2.6/httplib.py", line 904, in endheaders
    self._send_output()
  File "/usr/lib/python2.6/httplib.py", line 776, in _send_output
    self.send(msg)
  File "/usr/lib/python2.6/httplib.py", line 735, in send
    self.connect()
  File "/usr/lib/python2.6/httplib.py", line 1112, in connect
    self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file)
  File "/usr/lib/python2.6/ssl.py", line 350, in wrap_socket
    suppress_ragged_eofs=suppress_ragged_eofs)
  File "/usr/lib/python2.6/ssl.py", line 118, in __init__
    self.do_handshake()
  File "/usr/lib/python2.6/ssl.py", line 293, in do_handshake
    self._sslobj.do_handshake()
IOError: [Errno socket error] [Errno 8] _ssl.c:480: EOF occurred in violation of protocol

Que ce soit urllib ou urllib2 c’est pareil.

#2 Updated by Scrum Master almost 6 years ago

  • Due date set to 05/29/2015
  • Target version set to Sprint_2015_20-22 - Équipe MENESR
  • Start date set to 05/11/2015

#3 Updated by Joël Cuissinat almost 6 years ago

  • Assigned To set to force violette

#4 Updated by Scrum Master almost 6 years ago

  • Story points set to 1.0

#5 Updated by Daniel Dehennin almost 6 years ago

  • Project changed from ead to Distribution EOLE

#6 Updated by Joël Cuissinat almost 6 years ago

  • Status changed from Nouveau to Terminé (Sprint)

Also available in: Atom PDF