Hello,
The other day, we had a Scrapy user report an issue connecting to
https://www.skelbiu.lt/ with OpenSSL 1.1 [1]
To not mix scrapy's things with Twisted Web, I used this (adapted from
official docs):
#---------------
from __future__ import print_function
from twisted.internet import reactor
from twisted.web.client import Agent
from twisted.web.http_headers import Headers
agent = Agent(reactor)
d = agent.request(
'GET',
'https://www.skelbiu.lt/',
Headers({'User-Agent': ['Twisted Web Client Example']}),
None)
def cbResponse(ignored):
print('Response received')
d.addCallback(cbResponse)
def cbShutdown(ignored):
print(ignored)
reactor.stop()
d.addBoth(cbShutdown)
reactor.run()
#---------------
And I did get a Handshake failure too:
$ python twistedtest.py
[Failure instance: Traceback (failure with no frames): <class
'twisted.web._newclient.ResponseNeverReceived'>:
[<twisted.python.failure.Failure OpenSSL.SSL.Error: [('SSL routines',
'ssl3_read_bytes', 'sslv3 alert handshake failure')]>]
]
It seems this happens (at least) with OpenSSL 1.1.0e (currently in Debian 9
sid [2])
It does not happen (for me) with OpenSSL 1.0.2g for example.
I dug into this this afternoon and narrowed it down to the use of
_defaultCurveName = u"prime256v1"
in twisted.internet._sslverify.py
I tried patching the current trunk with _defaultCurveName = u"secp384r1"
(the EC that ssllabs.com reports)
and it did work.
Looking at ClientHello messages for openssl 1.0.2 and 1.1 [4]:
with 1.1, only 1 Elliptic Curve is sent by Twisted Web Agent, secp256r1
openssl v1.1 client uses 4 by default: ecdh_x25519, secp256r1, secp521r1,
secp384r1
I was wondering what is the proper way to configure requested Elliptic
Curves.
I haven't seen any interface for this, contrary to ciphers with
acceptableCiphers.
Thank you for your input.
Best,
Paul.
[1] https://github.com/scrapy/scrapy/issues/2717
[2] https://packages.debian.org/fr/source/sid/openssl
[3]
https://github.com/twisted/twisted/blob/78679af87e349721a167f35bef239e192e9…
[4] https://github.com/scrapy/scrapy/issues/2717#issuecomment-297464034
First post so forgive me if I am not explaining this right.
I am trying to make a baby cam and then heavily document it for everyone to
have access to. I am using a Raspberry Pi with Rasbian. I am using
mjpg-streamer for the streaming with no problems.
The problem is I am also using two servos for pan and tilt. To accomplish
this I am using an Arduino Uno. This is so I can add IR lighting for night
vision, etc later. I am not a programmer so this is getting frustrating
after a few weeks of failure.
How is it failing you might ask..well, its working perfectly with only ONE
exception:
Every time I push the button for left/right/up/down I get this:
XMLHttpRequest cannot load http://192.168.1.122:81/servos.rpy?value=100P.
No 'Access-Control-Allow-Origin' header is present on the requested
resource. Origin 'http://192.168.1.122:9000' is therefore not allowed
access.
On the local area network, it still works, but taking it to the internet it
does not.
Here are the two programs that make this happen. One is servos.rpy and the
other is the supporting HTML/Get script;
****
servos.rpy
-----------------------------------
# Import necessary files
import serial
from twisted.web.resource import Resource
# Setup Arduino at correct speed
try:
arduino = serial.Serial('/dev/ttyACM0', 9600)
except:
arduino = serial.Serial('/dev/ttyACM1', 9600)
class MoveServo(Resource):
isLeaf = True
def render_GET(self,request):
try:
# Send value over serial to the Arduino
arduino.write(request.args['value'][0])
return 'Success'
except:
return 'Failure'
resource = MoveServo()
***
Now for the HTML/Get script:
**
<!doctype html>
<html>
<head>
<title>Make Use Of DIY Security Camera</title>
<style type="text/css">
#container {
/* center the content */
margin: 0 auto;
text-align: center;
}
</style>
</head>
<body>
<div id="container">
<img src="/?action=stream" /><br>
<script src="
https://ajax.googleapis.com/ajax/libs/jquery/3.1.0/jquery.min.js"></script><br
/>
<button onclick="servos.move('P', 10)">Left</button>
<button onclick="servos.move('P', -10)">Right</button>
<button onclick="servos.move('T', -10)">Down</button>
<button onclick="servos.move('T', 10)">Up</button>
</div>
</body>
<script>
var servos;
$( document ).ready(function() {
servos = moveServos();
});
function moveServos() {
// Store some settings, adjust to suit
var panPos = 70,
tiltPos = 90,
tiltMax = 170,
tiltMin = 45,
panMax = 170,
panMin = 20;
return {
move:function(servo, adjustment) {
var value;
if(servo == 'P') {
if(!((panPos >= panMax && adjustment > 0) || (panPos <= panMin &&
adjustment < 0))) {
// Still within allowed range, "schedule" the movement
panPos += adjustment;
}
value = panPos + 'P';
}
else if(servo == 'T') {
if(!((tiltPos >= tiltMax && adjustment > 0) || (tiltPos <= tiltMin &&
adjustment < 0))) {
// Still within allowed range, "schedule" the movement
tiltPos += adjustment;
}
value = tiltPos + 'T';
}
// Use AJAX to actually move the servo
$.get('http://192.168.1.122:81/servos.rpy?value=' + value);
},
}
}
</script>
</html>
*****
Twisted is started: sudo twistd -n web -p 81 --path /usr/local/www/
I would be forever grateful if someone could take a serious look at this
and tell me where I am going wrong. Once this is fixed, I can start
documenting the entire system for everyone. Thank you!
Deve
Hi all,
I've uploaded a prerelease of Nevow 0.14.3 to PyPI[1]. This contains a fix
for some Athena client-side timeout behaviour (or more specifically, the
lack of one) and removes use of FilePath.getmtime.
If you are using Athena, please a) let me know! and b) give this prerelease
a try to see if anything breaks. As the de facto Nevow release manager, and
one of its last users, I'd like to avoid going overboard on release
engineering if it isn't necessary, but I'd also like to avoid making life
worse for any other remaining users, so it would be useful to hear from any
of you out there still using Nevow.
[1] https://pypi.python.org/pypi/Nevow/0.14.3rc1
I was working on Tor2web, a client of twisted web. I discover that to
move forward I'd need
[iResponce](https://github.com/racker/python-twisted-web/blob/master/twisted…
to expose the socket or something to read/write on. Once it's
necessary to edit twisted-web I might as well go all out and at least
partially implement Websockets.
Here is what I did for [Tor2web](https://pastebin.com/MbHVvwNz) It's
incomplete, I was reading twisted-web and discovered the masked
interface. Here is a [good reference for
Websockets](https://developer.mozilla.org/en-US/docs/Web/API/WebSockets_API…
at a protocol level, it does say server but if you'r not working in
Javascript this is the document u need to read.
Here is what I'd envision for an interface, knowing only a little
Python and almost no twisted.
1. Upon receiving the response headers indicating a change of
protocol(connection: upgrade). Remove the socket from any connection
pool, as it can't ever be used for http. The connection will be
upgraded until it's closed.
2. Expose a socket interface in the iResponse class, it could be the
class itself or an attribute. This could be a copy of the twisted
socket interface or even that interface itself. With at least.
a. onRead callback.
b. Write.
c. Close.
d. onClose callback.
e. onError, ect.
The api does not NEED a method to determine if the connection was
upgraded, since the headers indicate as much. However to prevent
attempts to access the Websocket API when it's not available a
python(ish) method for detecting as much I'll leave to your
discretion.
Thank you.
