abort: error: EOF occurred in violation of protocol (_ssl.c:590)

Andreas Buff autobuff at gmx.de
Tue Feb 28 15:09:17 UTC 2017


Hi,

thank you for coming back to me. Really appreciate.
> Did you run this python script with /usr/bin/python? That’s what hg is
> running with if you used our package installer, and I suspect you’ve
> got inadequate TLS support.
>
> (This is a known deficiency of our packaged builds, and is something
> we’re hoping to address soon.)

I have re-tried both Python scripts, explicitly using /usr/bin/python.
Exact same result. It is another version though:

*/usr/bin/python -V:*

Python 2.7.10

I have also tried to install Mercurial via macports and homebrew. Same
results.

Do you (or anyone) know a workaround this (how I understand known) issue?

Kind regards,
Andreas



On 26/02/17 02:21, Augie Fackler wrote:
>
>> On Feb 24, 2017, at 4:05 PM, Andreas Buff <autobuff at gmx.de
>> <mailto:autobuff at gmx.de>> wrote:
>>
>> Hi,
>>
>> I seem to have an issue using HTTPS/TLS when cloning a repo.
>>
>> Using "hg clone https://domain.com/path/to/repo",
>>
>> The error I get is:
>>
>> "abort: error: EOF occurred in violation of protocol (_ssl.c:590)"
>>
>> --debug --traceback output can be found on the bottom.
>> This does work though: hg clone http://selenic.com/hg mercurial-repo
>> I am using Mercurial 4.0.1 on *OSX 10.11.6* (installed with package
>> installer
>> <https://www.mercurial-scm.org/mac/binaries/Mercurial-4.0.1-macosx10.11.pkg>).
>>
>> *hg --version:*
>> Mercurial Distributed SCM (version 4.0.1)
>>
>> *python -V:*
>> Python 2.7.13
>>
>> *My .hgrc**:*
>>
>> [hostsecurity]
>> disabletls10warning = true
>> [hostfingerprints]
>> domain.com <http://domain.com> =
>> my:sh:aa:a0:29:04:02:ed:aa:23:40:66:b2:eb:e1:0a:03:c0:ec:66
>>
>> *This Python script runs fine:*
>
> Did you run this python script with /usr/bin/python? That’s what hg is
> running with if you used our package installer, and I suspect you’ve
> got inadequate TLS support.
>
> (This is a known deficiency of our packaged builds, and is something
> we’re hoping to address soon.)
>
>> import socket, ssl
>> context = ssl.create_default_context()
>> context.verify_mode = ssl.CERT_REQUIRED
>> context.load_default_certs()
>> conn = context.wrap_socket(socket.socket(socket.AF_INET), server_hostname='www.mozilla.org')
>> conn.connect(('www.mozilla.org', 443))
>>
>> *This Python script**:*
>>
>> import ssl
>> context = ssl.create_default_context()
>> context.load_default_certs()
>> context.cert_store_stats()
>>
>> *returns:* {'x509': 0, 'x509_ca': 0, 'crl': 0}
>>
>> which does look fishy to me.
>>
>> I searched /a lot/ and get out of ideas.
>>
>> Thankful for any hints.
>>
>> Best,
>> Andreas
>> *Output of "hg clone --debug --traceback https://dom**ain.com/
>> <http://ain.com/>**path/to/repo":* sending capabilities command
>> Traceback (most recent call last):   File
>> "/Library/Python/2.7/site-packages/mercurial/dispatch.py", line 205,
>> in _runcatchfunc     return _dispatch(req)   File
>> "/Library/Python/2.7/site-packages/mercurial/dispatch.py", line 901,
>> in _dispatch     cmdpats, cmdoptions)   File
>> "/Library/Python/2.7/site-packages/mercurial/dispatch.py", line 650,
>> in runcommand     ret = _runcommand(ui, options, cmd, d)   File
>> "/Library/Python/2.7/site-packages/mercurial/dispatch.py", line 909,
>> in _runcommand     return cmdfunc()   File
>> "/Library/Python/2.7/site-packages/mercurial/dispatch.py", line 898,
>> in <lambda>     d = lambda: util.checksignature(func)(ui, *args,
>> **cmdoptions)   File
>> "/Library/Python/2.7/site-packages/mercurial/util.py", line 1037, in
>> check     return func(*args, **kwargs)   File
>> "/Library/Python/2.7/site-packages/mercurial/commands.py", line 1559,
>> in clone     shareopts=opts.get('shareopts'))   File
>> "/Library/Python/2.7/site-packages/mercurial/hg.py", line 447, in
>> clone     srcpeer = peer(ui, peeropts, source)   File
>> "/Library/Python/2.7/site-packages/mercurial/hg.py", line 175, in
>> peer     return _peerorrepo(rui, path, create).peer()   File
>> "/Library/Python/2.7/site-packages/mercurial/hg.py", line 152, in
>> _peerorrepo     obj = _peerlookup(path).instance(ui, path, create)  
>> File "/Library/Python/2.7/site-packages/mercurial/httppeer.py", line
>> 298, in instance     inst._fetchcaps()   File
>> "/Library/Python/2.7/site-packages/mercurial/httppeer.py", line 78,
>> in _fetchcaps     self.caps = set(self._call('capabilities').split())
>>   File "/Library/Python/2.7/site-packages/mercurial/httppeer.py",
>> line 207, in _call     fp = self._callstream(cmd, **args)   File
>> "/Library/Python/2.7/site-packages/mercurial/httppeer.py", line 154,
>> in _callstream     resp = self.urlopener.open(req)   File
>> "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py",
>> line 431, in open     response = self._open(req, data)   File
>> "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py",
>> line 449, in _open     '_open', req)   File
>> "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py",
>> line 409, in _call_chain     result = func(*args)   File
>> "/Library/Python/2.7/site-packages/mercurial/url.py", line 342, in
>> https_open     return self.do_open(self._makeconnection, req)   File
>> "/Library/Python/2.7/site-packages/mercurial/keepalive.py", line 264,
>> in do_open     raise urlerr.urlerror(err) URLError: <urlopen error
>> EOF occurred in violation of protocol (_ssl.c:590)>
>> _______________________________________________ Mercurial mailing
>> list Mercurial at mercurial-scm.org <mailto:Mercurial at mercurial-scm.org>
>> https://www.mercurial-scm.org/mailman/listinfo/mercurial 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mercurial-scm.org/pipermail/mercurial/attachments/20170228/1c6bcad4/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mercurial-scm.org/pipermail/mercurial/attachments/20170228/1c6bcad4/attachment.asc>


More information about the Mercurial mailing list