Bug 1220864 - Make sure SSL retries are done using the exact same data buffer
Summary: Make sure SSL retries are done using the exact same data buffer
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: python-eventlet
Version: 5.0 (RHEL 6)
Hardware: x86_64
OS: Linux
medium
high
Target Milestone: z5
: 5.0 (RHEL 6)
Assignee: Robbie Harwood
QA Contact: Ofer Blaut
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-05-12 16:03 UTC by Jon Thomas
Modified: 2023-02-22 23:02 UTC (History)
10 users (show)

Fixed In Version: python-eventlet-0.14.0-3.el7ost python-eventlet-0.14.0-3.el6
Doc Type: Bug Fix
Doc Text:
Prior to this update, eventlet behaved incorrectly around SSL retries. As a consequence, sporadic connection failures (for example, of API calls) occurred. To fix this problem, a patch has been added in which SSL retries use the same data buffer. As a result, SSL retries now work correctly.
Clone Of:
Environment:
Last Closed: 2015-09-10 11:45:19 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 2120331 0 None None None 2016-01-12 08:32:36 UTC
Red Hat Product Errata RHBA-2015:1763 0 normal SHIPPED_LIVE Red Hat Enterprise Linux OpenStack Platform Bug Fix and Enhancement Advisory 2015-09-10 15:45:07 UTC

Description Jon Thomas 2015-05-12 16:03:40 UTC 
2015-05-08 13:40:56.645 6348 INFO nova.osapi_compute.wsgi.server [req-a34b1736-9976-4ca4-be9e-2633f113ce22 epg-ost-admin fb055870f64a4242ae73a7da2693ec48] 10.95.82.22 "GET /v2/fb055870f64a4242ae73a7da2693ec48/se
rvers/detail?all_tenants=1&status=ERROR HTTP/1.1" status: 200 len: 187 time: 0.2828262
2015-05-08 13:41:09.783 6353 INFO urllib3.connectionpool [-] Starting new HTTPS connection (1): prod-epg-ostlb-vip.hi.inet
2015-05-08 13:41:10.402 6353 INFO nova.osapi_compute.wsgi.server [req-1ac51877-0ed5-457d-b374-2939b33206a6 iot jenkins ost 6ca88644f0664199b8ab263e045b220c] Traceback (most recent call last):
  File "/usr/lib/python2.6/site-packages/eventlet/wsgi.py", line 406, in handle_one_response
    write(''.join(towrite))
  File "/usr/lib/python2.6/site-packages/eventlet/wsgi.py", line 354, in write
    _writelines(towrite)
  File "/usr/lib64/python2.6/socket.py", line 334, in writelines
    self.flush()
  File "/usr/lib64/python2.6/socket.py", line 303, in flush
    self._sock.sendall(buffer(data, write_offset, buffer_size))
  File "/usr/lib/python2.6/site-packages/eventlet/green/ssl.py", line 131, in sendall
    v = self.send(data[count:])
  File "/usr/lib/python2.6/site-packages/eventlet/green/ssl.py", line 107, in send
    super(GreenSSLSocket, self).send, data, flags)
  File "/usr/lib/python2.6/site-packages/eventlet/green/ssl.py", line 77, in _call_trampolining
    return func(*a, **kw)
  File "/usr/lib64/python2.6/ssl.py", line 174, in send
    v = self._sslobj.write(data)
SSLError: [Errno 1] _ssl.c:1276: error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write retry

workaround discussion
http://stackoverflow.com/questions/2997218/why-am-i-getting-error1409f07fssl-routinesssl3-write-pending-bad-write-retr


fixed:

https://github.com/eventlet/eventlet/commit/8b3ce03cbb5e7695fd4878ef7ae54db1814a9500
Comment 3 Jon Thomas 2015-05-12 16:20:49 UTC 
Also reported is that when this occurs, api calls fail.
Comment 11 Robbie Harwood 2015-07-21 15:43:04 UTC 
Apologies; please use this version instead.
Comment 17 errata-xmlrpc 2015-09-10 11:45:19 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-1763.html
Note You need to log in before you can comment on or make changes to this bug.