← Back to team overview

touch-packages team mailing list archive

[Bug 1394244] Re: pycurl gives 'gnutls_handshake() warning: The server name sent was not recognized', curl on command line and wget work with same URL

 

** Changed in: system-config-printer (Ubuntu Trusty)
       Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pycurl in Ubuntu.
https://bugs.launchpad.net/bugs/1394244

Title:
  pycurl gives 'gnutls_handshake() warning: The server name sent was not
  recognized', curl on command line and wget work with same URL

Status in pycurl package in Ubuntu:
  New
Status in system-config-printer package in Ubuntu:
  Fix Released
Status in pycurl source package in Trusty:
  New
Status in system-config-printer source package in Trusty:
  Fix Committed
Status in pycurl source package in Utopic:
  New
Status in system-config-printer source package in Utopic:
  Fix Released

Bug description:
  From a Python program (system-config-printer) I need to access an
  https URL (on OpenPrinting) assuring that the answer really comes from
  OpenPrinting and not from an attacker. This serves for automatically
  downloading and installing driver packages for detected and locally
  unsupported printers.

  A typical URL sent by system-config-printer to find driver packages
  for a detected printer is

  https://www.openprinting.org/query.cgi?moreinfo=1&showprinterid=1&onlynewestdriverpackages=0&architectures=amd64&noobsoletes=1&onlyfree=0&onlymanufacturer=0&onlydownload=1&packagesystem=deb&onlysigneddriverpackages=0&format=xml&type=drivers&printer=MFG:EPSON;MDL
  :EP-805A%20Series;DES:EPSON%20EP-805A%20Series;CLS:PRINTER;

  The "https://..."; allows for checking whether the answer really comes
  from OpenPrinting. It is no problem accessing this URL with a browser
  or by the command line:

  curl
  'https://www.openprinting.org/query.cgi?moreinfo=1&showprinterid=1&onlynewestdriverpackages=0&architectures=amd64&noobsoletes=1&onlyfree=0&onlymanufacturer=0&onlydownload=1&packagesystem=deb&onlysigneddriverpackages=0&format=xml&type=drivers&printer=MFG:EPSON;MDL
  :EP-805A%20Series;DES:EPSON%20EP-805A%20Series;CLS:PRINTER;'

  wget
  'https://www.openprinting.org/query.cgi?moreinfo=1&showprinterid=1&onlynewestdriverpackages=0&architectures=amd64&noobsoletes=1&onlyfree=0&onlymanufacturer=0&onlydownload=1&packagesystem=deb&onlysigneddriverpackages=0&format=xml&type=drivers&printer=MFG:EPSON;MDL
  :EP-805A%20Series;DES:EPSON%20EP-805A%20Series;CLS:PRINTER;'

  In all cases I get an XML data set in a reasonable amount of time (so
  server performance is OK). The XML data set tells about a driver
  package from Epson with all info to download it and to establish
  automatic updates via the facilities of the distro. RPM- and DEB-based
  distros with 32-bit or 64-bit Intel architectures are supported.

  system-config-printer is written completely in Python and uses the
  pycurl library to call the URL with verification that the
  communication is done with the actual OpenPrinting server. This does
  not work any more. If I run the following simple Python code it fails:

  ----------
  import pycurl
  def collect_data(result):
     print(result)
     return len(result)

  curl = pycurl.Curl()
  curl.setopt(pycurl.SSL_VERIFYPEER, 1)
  curl.setopt(pycurl.SSL_VERIFYHOST, 2)
  curl.setopt(pycurl.WRITEFUNCTION, collect_data)
  curl.setopt(pycurl.URL, 'https://www.openprinting.org/query.cgi?moreinfo=1&showprinterid=1&onlynewestdriverpackages=0&architectures=amd64&noobsoletes=1&onlyfree=0&onlymanufacturer=0&onlydownload=1&packagesystem=deb&onlysigneddriverpackages=0&format=xml&type=drivers&printer=MFG:EPSON;MDL:EP-805A%20Series;DES:EPSON%20EP-805A%20Series;CLS:PRINTER;')
  status = curl.perform()
  repr(status)
  quit()
  ----------

  You can paste the lines into a text editor to get a Python program or
  run "python" or "python3" (Python version seems not to matter) and
  paste the bunch of lines to the prompt.

  The result is always the same, the "status = curl.perform()" line
  gives:

  Traceback (most recent call last):
    File "<stdin>", line 1, in <module>
  pycurl.error: (51, 'gnutls_handshake() warning: The server name sent was not recognized')

  For me it looks like that something has changed, as formerly this
  Python code worked correctly.

  If I change "https://..."; to "http://..."; all works correctly and I
  get the XML data, but then there is no verification any more that the
  communication is really done with OpenPrinting.

  See also

  http://stackoverflow.com/questions/568247/pycurl-fails-but-curl-from-
  bash-works-in-ubuntu

  This all looks like a bug in pycurl.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pycurl/+bug/1394244/+subscriptions


References