Mailman 3 August 2017 - Twisted-web

Twisted Web Agent configurable Elliptic Curves settings
by Paul Tremberth 16 Dec '21

16 Dec '21

Hello, The other day, we had a Scrapy user report an issue connecting to https://www.skelbiu.lt/ with OpenSSL 1.1 [1] To not mix scrapy's things with Twisted Web, I used this (adapted from official docs): #--------------- from __future__ import print_function from twisted.internet import reactor from twisted.web.client import Agent from twisted.web.http_headers import Headers agent = Agent(reactor) d = agent.request( 'GET', 'https://www.skelbiu.lt/', Headers({'User-Agent': ['Twisted Web Client Example']}), None) def cbResponse(ignored): print('Response received') d.addCallback(cbResponse) def cbShutdown(ignored): print(ignored) reactor.stop() d.addBoth(cbShutdown) reactor.run() #--------------- And I did get a Handshake failure too: $ python twistedtest.py [Failure instance: Traceback (failure with no frames): <class 'twisted.web._newclient.ResponseNeverReceived'>: [<twisted.python.failure.Failure OpenSSL.SSL.Error: [('SSL routines', 'ssl3_read_bytes', 'sslv3 alert handshake failure')]>] ] It seems this happens (at least) with OpenSSL 1.1.0e (currently in Debian 9 sid [2]) It does not happen (for me) with OpenSSL 1.0.2g for example. I dug into this this afternoon and narrowed it down to the use of _defaultCurveName = u"prime256v1" in twisted.internet._sslverify.py I tried patching the current trunk with _defaultCurveName = u"secp384r1" (the EC that ssllabs.com reports) and it did work. Looking at ClientHello messages for openssl 1.0.2 and 1.1 [4]: with 1.1, only 1 Elliptic Curve is sent by Twisted Web Agent, secp256r1 openssl v1.1 client uses 4 by default: ecdh_x25519, secp256r1, secp521r1, secp384r1 I was wondering what is the proper way to configure requested Elliptic Curves. I haven't seen any interface for this, contrary to ciphers with acceptableCiphers. Thank you for your input. Best, Paul. [1] https://github.com/scrapy/scrapy/issues/2717 [2] https://packages.debian.org/fr/source/sid/openssl [3] https://github.com/twisted/twisted/blob/78679af87e349721a167f35bef239e192e9… [4] https://github.com/scrapy/scrapy/issues/2717#issuecomment-297464034

2 2

Test
by Philippe Lafoucrière 05 Aug '21

05 Aug '21

Hi all just a test

3 2

Python and Cors
by Deve Krehbiel 27 Aug '17

27 Aug '17

First post so forgive me if I am not explaining this right. I am trying to make a baby cam and then heavily document it for everyone to have access to. I am using a Raspberry Pi with Rasbian. I am using mjpg-streamer for the streaming with no problems. The problem is I am also using two servos for pan and tilt. To accomplish this I am using an Arduino Uno. This is so I can add IR lighting for night vision, etc later. I am not a programmer so this is getting frustrating after a few weeks of failure. How is it failing you might ask..well, its working perfectly with only ONE exception: Every time I push the button for left/right/up/down I get this: XMLHttpRequest cannot load http://192.168.1.122:81/servos.rpy?value=100P. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://192.168.1.122:9000' is therefore not allowed access. On the local area network, it still works, but taking it to the internet it does not. Here are the two programs that make this happen. One is servos.rpy and the other is the supporting HTML/Get script; **** servos.rpy ----------------------------------- # Import necessary files import serial from twisted.web.resource import Resource # Setup Arduino at correct speed try: arduino = serial.Serial('/dev/ttyACM0', 9600) except: arduino = serial.Serial('/dev/ttyACM1', 9600) class MoveServo(Resource): isLeaf = True def render_GET(self,request): try: # Send value over serial to the Arduino arduino.write(request.args['value'][0]) return 'Success' except: return 'Failure' resource = MoveServo() *** Now for the HTML/Get script: ** <!doctype html> <html> <head> <title>Make Use Of DIY Security Camera</title> <style type="text/css"> #container { /* center the content */ margin: 0 auto; text-align: center; } </style> </head> <body> <div id="container"> <img src="/?action=stream" /><br> <script src=" https://ajax.googleapis.com/ajax/libs/jquery/3.1.0/jquery.min.js"></script><br /> <button onclick="servos.move('P', 10)">Left</button> <button onclick="servos.move('P', -10)">Right</button> <button onclick="servos.move('T', -10)">Down</button> <button onclick="servos.move('T', 10)">Up</button> </div> </body> <script> var servos; $( document ).ready(function() { servos = moveServos(); }); function moveServos() { // Store some settings, adjust to suit var panPos = 70, tiltPos = 90, tiltMax = 170, tiltMin = 45, panMax = 170, panMin = 20; return { move:function(servo, adjustment) { var value; if(servo == 'P') { if(!((panPos >= panMax && adjustment > 0) || (panPos <= panMin && adjustment < 0))) { // Still within allowed range, "schedule" the movement panPos += adjustment; } value = panPos + 'P'; } else if(servo == 'T') { if(!((tiltPos >= tiltMax && adjustment > 0) || (tiltPos <= tiltMin && adjustment < 0))) { // Still within allowed range, "schedule" the movement tiltPos += adjustment; } value = tiltPos + 'T'; } // Use AJAX to actually move the servo $.get('http://192.168.1.122:81/servos.rpy?value=' + value); }, } } </script> </html> ***** Twisted is started: sudo twistd -n web -p 81 --path /usr/local/www/ I would be forever grateful if someone could take a serious look at this and tell me where I am going wrong. Once this is fixed, I can start documenting the entire system for everyone. Thank you! Deve

2 6

Nevow 0.14.3rc1 released
by Tristan Seligmann 19 Aug '17

19 Aug '17

Hi all, I've uploaded a prerelease of Nevow 0.14.3 to PyPI[1]. This contains a fix for some Athena client-side timeout behaviour (or more specifically, the lack of one) and removes use of FilePath.getmtime. If you are using Athena, please a) let me know! and b) give this prerelease a try to see if anything breaks. As the de facto Nevow release manager, and one of its last users, I'd like to avoid going overboard on release engineering if it isn't necessary, but I'd also like to avoid making life worse for any other remaining users, so it would be useful to hear from any of you out there still using Nevow. [1] https://pypi.python.org/pypi/Nevow/0.14.3rc1

1 1

Status for me implementing connection upgrade for the twisted.web.client.Agent.
by Mike Mestnik 04 Aug '17

04 Aug '17

I've started working with twisted git, not the old twisted-web. Current patch https://github.com/cheako/twisted/commit/969ea0bced7048a922efd4999fde951e6b… I'm lost trying to find where Response is created so I can remove the connection from the pool.

2 1

Support for websockets.
by Mike Mestnik 04 Aug '17

04 Aug '17

I was working on Tor2web, a client of twisted web. I discover that to move forward I'd need [iResponce](https://github.com/racker/python-twisted-web/blob/master/twisted… to expose the socket or something to read/write on. Once it's necessary to edit twisted-web I might as well go all out and at least partially implement Websockets. Here is what I did for [Tor2web](https://pastebin.com/MbHVvwNz) It's incomplete, I was reading twisted-web and discovered the masked interface. Here is a [good reference for Websockets](https://developer.mozilla.org/en-US/docs/Web/API/WebSockets_API… at a protocol level, it does say server but if you'r not working in Javascript this is the document u need to read. Here is what I'd envision for an interface, knowing only a little Python and almost no twisted. 1. Upon receiving the response headers indicating a change of protocol(connection: upgrade). Remove the socket from any connection pool, as it can't ever be used for http. The connection will be upgraded until it's closed. 2. Expose a socket interface in the iResponse class, it could be the class itself or an attribute. This could be a copy of the twisted socket interface or even that interface itself. With at least. a. onRead callback. b. Write. c. Close. d. onClose callback. e. onError, ect. The api does not NEED a method to determine if the connection was upgraded, since the headers indicate as much. However to prevent attempts to access the Websocket API when it's not available a python(ish) method for detecting as much I'll leave to your discretion. Thank you.

2 5

Looks like a whitespace bug.
by Mike Mestnik 04 Aug '17

04 Aug '17

See: https://github.com/racker/python-twisted-web/commit/c58ea9b3f192106c3e3d1c1…

2 1