Odoo GTK Client (MOVED TO GITHUB)

[6.0] GTK Client cannot connect via Secure XML-RPC on Python 2.5-

Bug #673775 reported by Open Net Sàrl
58
This bug affects 12 people
Affects Status Importance Assigned to Milestone
Odoo GTK Client (MOVED TO GITHUB)
Fix Released
Medium
OpenERP sa GTK client R&D
Odoo GTK Client (MOVED TO GITHUB) 6.0.2

Bug Description

We are using 6.0 RC 1 with python 2.6 on Debian server

Linux GTK client can connect using xml-rpc secure
Windows client (Vista and Seven) are unable to connect on secure mode

Could you check the ssh packaging ?

Tags: packaging

Related branches

lp:openobject-client/6.0
Revision history for this message
Olivier Dony (Odoo) (odo-openerp) wrote :

Assigning to packaging team for investigation

Changed in openobject-client:
assignee: nobody → Stephane Wirtel (OpenERP) (stephane-openerp)
milestone: none → 6.0-rc2
status: New → Triaged
DBR (OpenERP) (dbr-openerp)
Changed in openobject-client:
assignee: Stephane Wirtel (OpenERP) (stephane-openerp) → OpenERP sa GTK client R&D (openerp-dev-gtk)
Revision history for this message
xrg (xrg) wrote : Re: [Bug 673775] [NEW] V 6.0 RC1 Windows packages do not allow the secure mode

On Thursday 11 November 2010, you wrote:
> Could you check the ssh packaging ?
>
 Let me correct you: it is "ssl", not "ssh" that we use as the encryption
layer.

Stephane: in the server, as of v6.0, we are using the "ssl" module of base
python, rather than the "openssl" independent module. I think (but it's a long
time and I may have forgotten) that python 2.5 gave me trouble wrt. to ssl. I
would recommend py 2.6 for ssl usage.

Don't hesitate to ping me on the subject.

Naresh(OpenERP) (nch-openerp)
Changed in openobject-client:
assignee: OpenERP sa GTK client R&D (openerp-dev-gtk) → Stephane Wirtel (OpenERP) (stephane-openerp)
Revision history for this message
Open Net Sàrl (openerp-open-net) wrote : Re: V 6.0 RC1 Windows packages do not allow the secure mode

RC2 release has not solved the problem

Revision history for this message
pitititi (pitititi) wrote :

how can we communicate with openerp in ssl mode with windows ?
I know that linux is a better os but not everyone...

Revision history for this message
Open Net Sàrl (openerp-open-net) wrote :

Still unsolved in final release 6.0.0 !!! :-( :-(

Revision history for this message
Open Net Sàrl (openerp-open-net) wrote :

The new 6.0.1 Windows client still doesn't work ... :-(

Revision history for this message
Olivier Dony (Odoo) (odo-openerp) wrote :

I'm reassigning to GTK team as Stephane is currently unavailable.

Changed in openobject-client:
assignee: Stephane Wirtel (OpenERP) (stephane-openerp) → OpenERP sa GTK client R&D (openerp-dev-gtk)
importance: Undecided → Medium
milestone: 6.0-rc2 → 6.0.2
status: Triaged → Confirmed
Revision history for this message
Olivier Dony (Odoo) (odo-openerp) wrote : Re: [6.0] GTK Client cannot connect via Secure XML-RPC on Windows

I marked bug 682579 as a duplicate of this one, because I believe it is the same issue, however it brings more info to light, including the server-side error:

Traceback (most recent call last):
  File "/home/openerp/openerp/server/bin/service/websrv_lib.py", line 527, in _handle_request2
    self.process_request(request, client_address)
  File "/usr/lib/python2.6/SocketServer.py", line 309, in process_request
    self.finish_request(request, client_address)
  File "/usr/lib/python2.6/SocketServer.py", line 322, in finish_request
    self.RequestHandlerClass(request, client_address, self)
  File "/home/openerp/openerp/server/bin/service/websrv_lib.py", line 245, in __init__
    SocketServer.StreamRequestHandler.__init__(self,request,client_address,server)
  File "/usr/lib/python2.6/SocketServer.py", line 616, in __init__
    self.setup()
  File "/home/openerp/openerp/server/bin/service/websrv_lib.py", line 464, in setup
    ssl_version=ssl.PROTOCOL_SSLv23)
  File "/usr/lib/python2.6/ssl.py", line 338, in wrap_socket
    suppress_ragged_eofs=suppress_ragged_eofs)
  File "/usr/lib/python2.6/ssl.py", line 118, in __init__
    cert_reqs, ssl_version, ca_certs)
SSLError: [Errno 336265218] _ssl.c:339: error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib

The following forum thread seems to indicate the same thing, and also contains relevant information: http://www.openerp.com/forum/post74095.html

summary: - V 6.0 RC1 Windows packages do not allow the secure mode
+ [6.0] GTK Client cannot connect via Secure XML-RPC on Windows
tfr (Openerp) (tfr)
tags: added: packaging
Revision history for this message
Olivier Dony (Odoo) (odo-openerp) wrote :

The root of this issue seems to be this python bug in xmlrpclib: http://bugs.python.org/issue1223

It was fixed in Python 2.6, but not in earlier version, so the problem should be reproducible on all Python 2.5 versions, not just Windows. Of course, since Python 2.5 is currently packaged with the OpenERP Windows installer, Windows clients are likely to have this problem.
If you have a working OpenERP Server with XML-RPCS enabled, you can do the following test to see if you can reproduce the error:

On Python 2.4 or 2.5 it fails:

Python 2.5.5 (r255:77872, Sep 14 2010, 17:19:13)
[GCC 4.4.3] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import xmlrpclib
>>> s = xmlrpclib.ServerProxy('https://localhost:8071/xmlrpc/common')
>>> uid = s.login('some_db','admin','admin')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python2.5/xmlrpclib.py", line 1147, in __call__
    return self.__send(self.__name, args)
  File "/usr/lib/python2.5/xmlrpclib.py", line 1437, in __request
    verbose=self.__verbose
  File "/usr/lib/python2.5/xmlrpclib.py", line 1201, in request
    return self._parse_response(h.getfile(), sock)
  File "/usr/lib/python2.5/xmlrpclib.py", line 1328, in _parse_response
    response = sock.recv(1024)
  File "/usr/lib/python2.5/httplib.py", line 1113, in recv
    return self._ssl.read(len)
socket.sslerror: (8, 'EOF occurred in violation of protocol')

On Python 2.6 it just works:

Python 2.6.6 (r266:84292, Sep 15 2010, 16:22:56)
[GCC 4.4.5] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import xmlrpclib
>>> s = xmlrpclib.ServerProxy('https://localhost:8071/xmlrpc/common')
>>> uid = s.login('test_install2','admin','admin')
>>>

Changed in openobject-client:
status: Confirmed → In Progress
summary: - [6.0] GTK Client cannot connect via Secure XML-RPC on Windows
+ [6.0] GTK Client cannot connect via Secure XML-RPC on Python 2.5-
Revision history for this message
Olivier Dony (Odoo) (odo-openerp) wrote :
Revision history for this message
Olivier Dony (Odoo) (odo-openerp) wrote :

For those who don't have a SSL private key and certificate file handy for testing, I'm attaching sample ones you can readily use with your OpenERP server. Obviously, these should not be used in production, but only for testing.

Revision history for this message
Olivier Dony (Odoo) (odo-openerp) wrote :

CherryPy has a HTTPSTransport test class [1] that can be used to workaround this bug in xmlrpclib by avoiding direct socket access, as explained in ticket 743 [2].

We can probably use a similar workaround in our clients, but I'd like to make sure there's no way to fix this server-side first.

[1] http://www.cherrypy.org/browser/trunk/py2/cherrypy/test/test_xmlrpc.py
[2] http://www.cherrypy.org/ticket/743

Revision history for this message
Olivier Dony (Odoo) (odo-openerp) wrote :

The fix has landed in 6.0 with revision 1825 revid: <email address hidden>.
It will be ported to trunk soon.

This is not the cleanest patch, but the Python bug is very low-level in the SSL module, so it is difficult to fix properly.
We will be able to drop this workaround if/when Python 2.6 becomes required for OpenERP.

Changed in openobject-client:
status: In Progress → Fix Released
Revision history for this message
GEM (nimp3) wrote :

Hi,
if you need gtk client 6.0.1 windows installer with this correction to test, you can download it here :

http://dl.free.fr/n8P10WDkD/openerp-client-setup-6.0.1-ssl.zip

feedback is welcome.
bye

Revision history for this message
Alan Lord (theopensourcerer) wrote :

I'm still getting problems with this I'm afraid.

I'm running OpenERP-6.0.2 on Ubuntu 10.04 (server end) and the client end is Ubuntu 10.10. Both are running Python 2.6.

I have tried with my own self-signed files and the ones in #10 and #11 but with the same results.

Using the GTK client on Ubuntu the server log reports:

[2011-04-06 12:14:37,861][?] ERROR:init:Server error in request from ('81.202.99.1', 54878):
Traceback (most recent call last):
  File "/opt/openerp/server/bin/service/websrv_lib.py", line 528, in _handle_request2
    self.process_request(request, client_address)
  File "/usr/lib/python2.6/SocketServer.py", line 307, in process_request
    self.finish_request(request, client_address)
  File "/usr/lib/python2.6/SocketServer.py", line 320, in finish_request
    self.RequestHandlerClass(request, client_address, self)
  File "/opt/openerp/server/bin/service/websrv_lib.py", line 246, in __init__
    SocketServer.StreamRequestHandler.__init__(self,request,client_address,server)
  File "/usr/lib/python2.6/SocketServer.py", line 614, in __init__
    self.setup()
  File "/opt/openerp/server/bin/service/websrv_lib.py", line 465, in setup
    ssl_version=ssl.PROTOCOL_SSLv23)
  File "/usr/lib/python2.6/ssl.py", line 350, in wrap_socket
    suppress_ragged_eofs=suppress_ragged_eofs)
  File "/usr/lib/python2.6/ssl.py", line 113, in __init__
    cert_reqs, ssl_version, ca_certs)
SSLError: [Errno 336265218] _ssl.c:337: error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib

Using the test described in #9 I see the following on the client:
>>> uid = s.login('dbname','user','password')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python2.6/xmlrpclib.py", line 1199, in __call__
    return self.__send(self.__name, args)
  File "/usr/lib/python2.6/xmlrpclib.py", line 1489, in __request
    verbose=self.__verbose
  File "/usr/lib/python2.6/xmlrpclib.py", line 1235, in request
    self.send_content(h, request_body)
  File "/usr/lib/python2.6/xmlrpclib.py", line 1349, in send_content
    connection.endheaders()
  File "/usr/lib/python2.6/httplib.py", line 908, in endheaders
    self._send_output()
  File "/usr/lib/python2.6/httplib.py", line 780, in _send_output
    self.send(msg)
  File "/usr/lib/python2.6/httplib.py", line 739, in send
    self.connect()
  File "/usr/lib/python2.6/httplib.py", line 1116, in connect
    self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file)
  File "/usr/lib/python2.6/ssl.py", line 338, in wrap_socket
    suppress_ragged_eofs=suppress_ragged_eofs)
  File "/usr/lib/python2.6/ssl.py", line 120, in __init__
    self.do_handshake()
  File "/usr/lib/python2.6/ssl.py", line 279, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [Errno 8] _ssl.c:490: EOF occurred in violation of protocol
>>>

This prompts the same error in the server log as above with the GTK Client.

Revision history for this message
Alan Lord (theopensourcerer) wrote :

Sorry, my bad.

I had an error in my start-up script that was preventing the server from finding the key file.

My apologies. It is now working over a secured connection.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.