No subject
Wed Mar 2 09:44:18 PST 2011
2011-03-03 13:04:49,904 DEBUG: Querying openprinting.org database...
2011-03-03 13:04:49,904 DEBUG: ... querying for MFG:Epson;MDL:Stylus N=
X110;
2011-03-03 13:04:56,203 DEBUG: OpenPrintingDriverDB: driver driver/epson-=
stylus-nx110-series info: {'nonfreesoftware': True, 'name': 'epson-stylus-n=
x110-series', 'license': 'LGPL and SEIKO EPSON CORPORATION SOFTWARE LICENSE=
AGREEMENT', 'url': 'http://avasys.jp/english/linux_e/', 'thirdpartysupplie=
d': False, 'supportcontacts': [{'url': 'http://avasys.jp/english/linux_e/co=
ntact/', 'name': 'AVASYS Corporation', 'level': 'voluntary'}], 'recommended=
': True, 'functionality': {'text': '100', 'lineart': '100', 'photo': '100',=
'graphics': '100'}, 'manufacturersupplied': True, 'licensetext': u'License=
agreement fo..', 'supplier': 'Seiko Epson Corporation', 'freesoftware': Fa=
lse, 'packages': {'i386': {'epson-inkjet-printer-stylus-nx110-series_1.0.0-=
1lsb3.2_i386.deb': {'url': 'http://linux.avasys.jp/drivers/lsb/epson-inkjet=
/stable/debian/dists/lsb3.2/main/binary-i386/epson-inkjet-printer-stylus-nx=
110-series_1.0.0-1lsb3.2_i386.deb', 'pkgsys': 'deb', 'repositories': {'apt'=
: 'deb http://linux.avasys.jp/drivers/lsb/epson-inkjet/stable/debian/ lsb3.=
2 main'}, 'version': '1.0.0', 'fingerprint': 'https://linux.avasys.jp/drive=
rs/lsb/epson-inkjet/key/fingerprint', 'release': '1', 'realversion': '1.0.0=
'}}}, 'shortdescription': 'Epson Inkjet Printer Driver for Linux', 'patents=
': False}
2011-03-03 13:04:56,252 WARNING: https://linux.avasys.jp/drivers/lsb/epso=
n-inkjet/key/fingerprint has invalid certificate, ignoring driver: Host 172=
.xx.xx.xx:8080 returned an invalid certificate (_ssl.c:499: error:140770FC:=
SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol)
=09
2011-03-03 13:04:56,252 DEBUG: Ignoring driver as it does not have a vali=
d GPG fingerprint
2011-03-03 13:04:56,253 DEBUG: openprinting.org database query finished
We've chased the WARNING statement down to the connect method of
_CertValidatingHTTPSConnection in jockey's verified_https.py
def connect(self):
sock =3D socket.create_connection((self.host, self.port))
self.sock =3D ssl.wrap_socket(sock, cert_reqs=3Dssl.CERT_REQUIRED,
ca_certs=3Dself.ca_certs)
cert =3D self.sock.getpeercert()
hostname =3D self.host.split(':', 0)[0]
if not self._validate_certificate_hostname(cert, hostname):
raise InvalidCertificateException(hostname, cert,
'hostname mismatch')
The ssl.wrap_socket raises an ssl.SSLError. What puzzles us is that
this method creates a connection to the _proxy_ rather than to the host
where the fingerprint resides. The wireshark capture for a wget went
straight to the latter host and negotiated TLSv1 with the proxy on the
fly.
We've also played with passing different ssl_version parameters to
ssl.wrap_socket but that didn't help. We're not sure whether this
method negotiates a usable version but if it doesn't that something that
probably needs fixing as well.
Hope this helps,
--=20
Olaf Meeuwissen, LPIC-2 FLOSS Engineer -- AVASYS CORPORATION
FSF Associate Member #1962 Help support software freedom
http://www.fsf.org/jf?referrer=3D1962
More information about the Printing-architecture
mailing list