from __future__ import print_function import sys from ovs import jsonrpc from ovs import stream from ovs.unixctl import client
URI='ssl:127.0.0.1:6641' PRIV='sandbox/ovnnb-privkey.pem' CERT='sandbox/ovnnb-cert.pem' CACERT='sandbox/pki/switchca/cacert.pem' stream.Stream.ssl_set_private_key_file(PRIV) stream.Stream.ssl_set_certificate_file(CERT) stream.Stream.ssl_set_ca_cert_file(CACERT) class SSLClient(client.UnixctlClient): @classmethod def create(cls, uri): error, _stream = stream.Stream.open_block( stream.Stream.open(uri)) if error: client.vlog.warn("failed to connect to %s" % path) return error, None return 0, cls(jsonrpc.Connection(_stream)) _, c = SSLClient.create(URI) print(c.transact("echo", ["hello world"])) c.close() On Wed, Jul 10, 2019 at 12:17 PM Mark Michelson <mmich...@redhat.com> wrote: > On 7/10/19 12:11 PM, Terry Wilson wrote: > > An example of a reproducer script attached. If you enable SSL and OVN w/ > > the sandbox and run it, looking in the sandbox/nb1.log you'll see the > > disconnect errors that the patch makes go away. > > > > Hi Terry. It looks like the mailing list has eaten your attachment. If > possible, can you include it in-line? > > > On Wed, Jul 10, 2019 at 11:07 AM Terry Wilson <twil...@redhat.com> > wrote: > > > >> Without shutting down the SSL connection, log messages like: > >> > >> stream_ssl|WARN|SSL_read: unexpected SSL connection close > >> jsonrpc|WARN|ssl:127.0.0.1:47052: receive error: Protocol error > >> reconnect|WARN|ssl:127.0.0.1:47052: connection dropped (Protocol error) > >> > >> would occur whenever the socket is closed. This just adds an > >> SSLStream.close() that calls shutdown() and ignores read/write > >> errors. > >> > >> Signed-off-by: Terry Wilson <twil...@redhat.com> > >> --- > >> python/ovs/stream.py | 8 ++++++++ > >> 1 file changed, 8 insertions(+) > >> > >> diff --git a/python/ovs/stream.py b/python/ovs/stream.py > >> index c15be4b..fd1045e 100644 > >> --- a/python/ovs/stream.py > >> +++ b/python/ovs/stream.py > >> @@ -825,6 +825,14 @@ class SSLStream(Stream): > >> except SSL.SysCallError as e: > >> return -ovs.socket_util.get_exception_errno(e) > >> > >> + def close(self): > >> + if self.socket: > >> + try: > >> + self.socket.shutdown() > >> + except (SSL.WantReadError, SSL.WantWriteError): > >> + pass > >> + return super(SSLStream, self).close() > >> + > >> > >> if SSL: > >> # Register SSL only if the OpenSSL module is available > >> -- > >> 1.8.3.1 > >> > >> > >> > >> _______________________________________________ > >> dev mailing list > >> d...@openvswitch.org > >> https://mail.openvswitch.org/mailman/listinfo/ovs-dev > > _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev