st can't work when setting up ssl access
Hi Experts,
I met a problem after setting up ssl access in my SAIO environment. The error is as follows.
root@OpenStackS
Traceback (most recent call last):
File "/usr/local/
execfile(
File "/root/
error_queue)
File "/root/
headers = conn.head_account()
File "/root/
return self._retry(
File "/root/
rv = func(self.url, self.token, *args, **kwargs)
File "/root/
conn.
File "/usr/lib/
self.
File "/usr/lib/
self.
File "/usr/lib/
self.
File "/usr/lib/
self.send(msg)
File "/usr/lib/
self.connect()
File "/root/
return HTTPConnection.
File "/usr/lib/
self.timeout)
File "/usr/lib/
raise error, msg
socket.error: [Errno 111] ECONNREFUSED
root@OpenStackS
But accessing with curl worked correctly, just like this.
root@OpenStackS
* About to connect() to 127.0.0.1 port 443 (#0)
* Trying 127.0.0.1... connected
* Connected to 127.0.0.1 (127.0.0.1) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES256-SHA
* Server certificate:
* subject: C=AU; ST=Some-State; L=bj; O=Internet Widgits Pty Ltd; OU=hp; CN=zhj; emailAddress=
* start date: 2011-07-10 14:09:25 GMT
* expire date: 2011-08-09 14:09:25 GMT
* common name: zhj (does not match '127.0.0.1')
* issuer: C=AU; ST=Some-State; L=bj; O=Internet Widgits Pty Ltd; OU=hp; CN=zhj; emailAddress=
* SSL certificate verify result: self signed certificate (18), continuing anyway.
> GET /auth/v1.0 HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-
> Host: 127.0.0.1
> Accept: */*
> X-Storage-User: test:tester
> X-Storage-Pass: testing
>
< HTTP/1.1 200 OK
< X-Storage-Url: http://
< X-Storage-Token: AUTH_tk677233de
< X-Auth-Token: AUTH_tk677233de
< Content-Length: 112
< Date: Sun, 10 Jul 2011 16:56:54 GMT
<
* Connection #0 to host 127.0.0.1 left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
{"storage": {"default": "local", "local": "http://
root@OpenStackS
* About to connect() to 127.0.0.1 port 443 (#0)
* Trying 127.0.0.1... connected
* Connected to 127.0.0.1 (127.0.0.1) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES256-SHA
* Server certificate:
* subject: C=AU; ST=Some-State; L=bj; O=Internet Widgits Pty Ltd; OU=hp; CN=zhj; emailAddress=
* start date: 2011-07-10 14:09:25 GMT
* expire date: 2011-08-09 14:09:25 GMT
* common name: zhj (does not match '127.0.0.1')
* issuer: C=AU; ST=Some-State; L=bj; O=Internet Widgits Pty Ltd; OU=hp; CN=zhj; emailAddress=
* SSL certificate verify result: self signed certificate (18), continuing anyway.
> GET /v1/AUTH_
> User-Agent: curl/7.19.7 (x86_64-
> Host: 127.0.0.1
> Accept: */*
> X-Auth-Token: AUTH_tk677233de
>
< HTTP/1.1 200 OK
< X-Account-
< X-Account-
< X-Account-
< Content-Length: 5
< Content-Type: text/plain; charset=utf8
< Date: Sun, 10 Jul 2011 16:57:31 GMT
<
test
* Connection #0 to host 127.0.0.1 left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
root@OpenStackS
The proxy-server.conf content is as follows.
root@OpenStackS
[DEFAULT]
# Enter these next two values if using SSL certifications
cert_file = /etc/swift/cert.crt
key_file = /etc/swift/cert.key
bind_port = 443
user = root
log_facility = LOG_LOCAL1
[pipeline:main]
pipeline = healthcheck cache swauth proxy-server
[app:proxy-server]
use = egg:swift#proxy
allow_account_
[filter:swauth]
use = egg:swift#swauth
# Highly recommended to change this.
super_admin_key = swauthkey
[filter:
use = egg:swift#
[filter:cache]
use = egg:swift#memcache
memcache_servers = 192.168.
proxy-server.conf (END)
Before I set up ssl, st can work properly. I am not sure where is wrong. Please help me.
BTW, the swift version is 1.3.0.
TIA,
Jun Zhang
Question information
- Language:
- English Edit question
- Status:
- Solved
- Assignee:
- No assignee Edit question
- Solved by:
- Marcelo Martins
- Solved:
- Last query:
- Last reply: