pulp 2.3 EOF occurred in violation of protocol

Please visit http://www.pulpproject.org/ if you want some more information about the pulp (Juicy software repository management) project.

We were having trouble syncing multiple pulp repositories with redhat cdn, this was cause by the incorrect negotiation of SSL version:

+----------------------------------------------------------------------+
Synchronizing Repository [dummy]
+----------------------------------------------------------------------+
This command may be exited via ctrl+c without affecting the request.
Downloading metadata...
[\]
... failed
[Errno 8] _ssl.c:504: EOF occurred in violation of protocol

Here is some testcode to manually reproduce the error:
from os.path import abspath, dirname, join
import requests

import logging
logging.basicConfig(level=logging.DEBUG)
logger = logging.getLogger(__name__)

import ssl
from requests.adapters import HTTPAdapter
from requests.packages.urllib3.poolmanager import PoolManager

class Ssl3HttpAdapter(HTTPAdapter):
""""Transport adapter" that allows us to use SSLv3."""

def init_poolmanager(self, connections, maxsize, block=False):
self.poolmanager = PoolManager(num_pools=connections,maxsize=maxsize,block=block,ssl_version=ssl.PROTOCOL_SSLv3)

BASEDIR=abspath(dirname(__file__))

rhn_url = "https://cdn.redhat.com/content/dist/rhel/server/6/6Server/x86_64/cf-tools/1/os/repodata/repomd.xml"
cert = join(BASEDIR, "redhat-cert.pem")
cacert = join(BASEDIR, "redhat-ca.pem")
key = join(BASEDIR, "redhat-key.pem")

s = requests.session()
s.cert = (cert, key)
s.verify = cacert

s.mount('https://cdn.redhat.com',Ssl3HttpAdapter())
print s.get(rhn_url)

If we mount the Ssl3HttpAdapter to the requests session we can communicate with redhat cdn.

It took quite a while before this bug was reported and a patch was available:
SOLUTION: https://bugzilla.redhat.com/show_bug.cgi?id=1099243

References:

  • http://lukasa.co.uk/2013/01/Choosing_SSL_Version_In_Requests/
  • https://bugzilla.redhat.com/show_bug.cgi?id=1039471

Leave a Reply

Your email address will not be published. Required fields are marked *