No subject

Wed Mar 2 09:44:18 PST 2011

  2011-03-03 13:04:49,904 DEBUG: Querying database...
  2011-03-03 13:04:49,904 DEBUG:    ... querying for MFG:Epson;MDL:Stylus N=
  2011-03-03 13:04:56,203 DEBUG: OpenPrintingDriverDB: driver driver/epson-=
stylus-nx110-series info: {'nonfreesoftware': True, 'name': 'epson-stylus-n=
 AGREEMENT', 'url': '', 'thirdpartysupplie=
d': False, 'supportcontacts': [{'url': '
ntact/', 'name': 'AVASYS Corporation', 'level': 'voluntary'}], 'recommended=
': True, 'functionality': {'text': '100', 'lineart': '100', 'photo': '100',=
 'graphics': '100'}, 'manufacturersupplied': True, 'licensetext': u'License=
 agreement fo..', 'supplier': 'Seiko Epson Corporation', 'freesoftware': Fa=
lse, 'packages': {'i386': {'epson-inkjet-printer-stylus-nx110-series_1.0.0-=
1lsb3.2_i386.deb': {'url': '
110-series_1.0.0-1lsb3.2_i386.deb', 'pkgsys': 'deb', 'repositories': {'apt'=
: 'deb lsb3.=
2 main'}, 'version': '1.0.0', 'fingerprint': '
rs/lsb/epson-inkjet/key/fingerprint', 'release': '1', 'realversion': '1.0.0=
'}}}, 'shortdescription': 'Epson Inkjet Printer Driver for Linux', 'patents=
': False}
  2011-03-03 13:04:56,252 WARNING:
n-inkjet/key/fingerprint has invalid certificate, ignoring driver: Host 172=
.xx.xx.xx:8080 returned an invalid certificate (_ssl.c:499: error:140770FC:=
SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol)
  2011-03-03 13:04:56,252 DEBUG: Ignoring driver as it does not have a vali=
d GPG fingerprint
  2011-03-03 13:04:56,253 DEBUG: database query finished

We've chased the WARNING statement down to the connect method of
_CertValidatingHTTPSConnection in jockey's

   def connect(self):
        sock =3D socket.create_connection((, self.port))
        self.sock =3D ssl.wrap_socket(sock, cert_reqs=3Dssl.CERT_REQUIRED,
        cert =3D self.sock.getpeercert()
        hostname =3D':', 0)[0]
        if not self._validate_certificate_hostname(cert, hostname):
            raise InvalidCertificateException(hostname, cert,
                                              'hostname mismatch')

The ssl.wrap_socket raises an ssl.SSLError.  What puzzles us is that
this method creates a connection to the _proxy_ rather than to the host
where the fingerprint resides.  The wireshark capture for a wget went
straight to the latter host and negotiated TLSv1 with the proxy on the

We've also played with passing different ssl_version parameters to
ssl.wrap_socket but that didn't help.  We're not sure whether this
method negotiates a usable version but if it doesn't that something that
probably needs fixing as well.

Hope this helps,
Olaf Meeuwissen, LPIC-2           FLOSS Engineer -- AVASYS CORPORATION
FSF Associate Member #1962               Help support software freedom

More information about the Printing-architecture mailing list