[Answered ]-Why do I get a "SSL error: called a function you should not call" with Django

0πŸ‘

βœ…

The problem seems to be solved by changing the database settings

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.postgresql',
        'NAME': 'name',
        'USER': 'user',
        'PASSWORD': 'password',
        'HOST': 'host',
        'PORT': '',
        'OPTIONS': {
            'sslmode': 'disable',
        },
    }
}

If not set the option is using prefer as default (see https://www.postgresql.org/docs/9.5/static/libpq-ssl.html) which seems to have unpredicted behavior.

I guess that the root cause is an OpenSSL mismatch between Apache and Postgres. It has to be investigated.

The current fix makes the database connection not secured but this is another story.

πŸ‘€luc

1πŸ‘

Looks like a psycopg2 bug (or rather, as piro pointed out, the underlying libpqβ€˜s bug). It appears to be violating the required call order – likely not waiting for some event. Since this occurs irregularly, it can be a race condition.

It even provides incomplete information about the error which is another bug. It should use ERR_print_errors() to get the full message which has the format [pid]:error:[error code]:[library name]:[function name]:[reason string]:[file name]:[line]:[optional text message].

πŸ‘€ivan_pozdeev

1πŸ‘

There was a related bug #58956 in Apache + OpenSSL in SSL_shutdown handshake, ending with exactly the same error message, that has been fixed by OpenSSL in February 2016. Try to upgrade to 1.0.2g or 1.1.0 or newer.


EDIT: If you have some 1.0.2 version (maybe more versions, but your package of interest is linked to 1.0.2) then the upgrade of SSL is worth considering. The version 1.1.0 is here written only for completeness to anybody can easily check a version later, whether is related to this bug. Nobody have now a 1.1 probably on a production hosting and a self-made upgrade to it would be probably a bad idea.

πŸ‘€hynekcer

Leave a comment