linux machine not connecting to windows manager using tls connection

[creilly]

I can connect to the labrad manager on a windows machine from a different windows machine by specifying the host alias (not the ip address) as the host. If I specify the ip address the connection fails with an "Invalid DNS-ID" error, shown below.

Attempting to connect from a linux machine with the host alias throws an error about not resolving the host name. Using the ip address fails with the same error as with the windows machine.

Removing the tls requirement works.

In [7]: os.environ['LABRAD_TLS']='starttls'

In [8]: labrad.connect()
Out[8]: 
LabRAD Client: 'Python Client (molecule)' on 172.17.13.199:None

Available servers:
    analog_output
    auth
    data_vault
    delay_generator
    manager
    node_scatter
    registry
    stepper_motor
    voltmeter

In [9]: labrad.connect(tls_mode='starttls')
/usr/local/lib/python2.7/dist-packages/service_identity-16.0.0-py2.7.egg/service_identity/pyopenssl.py:97: SubjectAltNameWarning: Certificate has no `subjectAltName`, falling back to check for a `commonName` for now.  This feature is being removed by major browsers and deprecated by RFC 2818.
  SubjectAltNameWarning
Error during info_callback
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/twisted/internet/tcp.py", line 209, in doRead
    return self._dataReceived(data)
  File "/usr/local/lib/python2.7/dist-packages/twisted/internet/tcp.py", line 215, in _dataReceived
    rval = self.protocol.dataReceived(data)
  File "/usr/local/lib/python2.7/dist-packages/twisted/protocols/tls.py", line 423, in dataReceived
    self._write(bytes)
  File "/usr/local/lib/python2.7/dist-packages/twisted/protocols/tls.py", line 571, in _write
    sent = self._tlsConnection.send(toSend)
--- <exception caught here> ---
  File "/usr/local/lib/python2.7/dist-packages/twisted/internet/_sslverify.py", line 1154, in infoCallback
    return wrapped(connection, where, ret)
  File "/usr/local/lib/python2.7/dist-packages/twisted/internet/_sslverify.py", line 1253, in _identityVerifyingInfoCallback
    verifyHostname(connection, self._hostnameASCII)
  File "/usr/local/lib/python2.7/dist-packages/service_identity-16.0.0-py2.7.egg/service_identity/pyopenssl.py", line 45, in verify_hostname
    obligatory_ids=[DNS_ID(hostname)],
  File "/usr/local/lib/python2.7/dist-packages/service_identity-16.0.0-py2.7.egg/service_identity/_common.py", line 245, in __init__
    raise ValueError("Invalid DNS-ID.")
exceptions.ValueError: Invalid DNS-ID.

STARTTLS failed due to untrusted server certificate:
SHA1 Fingerprint=B1:6A:8E:0D:01:31:01:F5:E4:B6:3E:23:9E:D9:D8:77:EB:7F:81:E1

Accept server certificate for host "172.17.13.199"? (accept just this [O]nce; [S]ave and always accept this cert; [R]eject) s
Error during info_callback
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/twisted/internet/tcp.py", line 209, in doRead
    return self._dataReceived(data)
  File "/usr/local/lib/python2.7/dist-packages/twisted/internet/tcp.py", line 215, in _dataReceived
    rval = self.protocol.dataReceived(data)
  File "/usr/local/lib/python2.7/dist-packages/twisted/protocols/tls.py", line 423, in dataReceived
    self._write(bytes)
  File "/usr/local/lib/python2.7/dist-packages/twisted/protocols/tls.py", line 571, in _write
    sent = self._tlsConnection.send(toSend)
--- <exception caught here> ---
  File "/usr/local/lib/python2.7/dist-packages/twisted/internet/_sslverify.py", line 1154, in infoCallback
    return wrapped(connection, where, ret)
  File "/usr/local/lib/python2.7/dist-packages/twisted/internet/_sslverify.py", line 1253, in _identityVerifyingInfoCallback
    verifyHostname(connection, self._hostnameASCII)
  File "/usr/local/lib/python2.7/dist-packages/service_identity-16.0.0-py2.7.egg/service_identity/pyopenssl.py", line 45, in verify_hostname
    obligatory_ids=[DNS_ID(hostname)],
  File "/usr/local/lib/python2.7/dist-packages/service_identity-16.0.0-py2.7.egg/service_identity/_common.py", line 245, in __init__
    raise ValueError("Invalid DNS-ID.")
exceptions.ValueError: Invalid DNS-ID.

---------------------------------------------------------------------------
Exception                                 Traceback (most recent call last)
<ipython-input-9-17c0b0f9ba2e> in <module>()
----> 1 labrad.connect(tls_mode='starttls')

/usr/local/lib/python2.7/dist-packages/labrad/__init__.pyc in connect(host, port, name, **kw)
     22 def connect(host=constants.MANAGER_HOST, port=None, name=None, **kw):
     23     """Create a client connection to the labrad manager."""
---> 24     cxn = backend.connect(host=host, port=port, name=name, **kw)
     25     return client.Client(cxn)
     26 

/usr/local/lib/python2.7/dist-packages/labrad/backend.pyc in connect(host, port, name, backend, **kw)
    416             backend = 'asyncore'
    417     cxn = backends[backend](name)
--> 418     cxn.connect(host, port, **kw)
    419     return cxn
    420 

/usr/local/lib/python2.7/dist-packages/labrad/backend.pyc in connect(self, host, port, timeout, password, tls_mode, username, headless)
     43         self.headless = headless
     44         self.ID = self._connect(password, timeout, tls_mode=tls_mode,
---> 45                                 username=username, headless=headless)
     46 
     47     @property

/usr/local/lib/python2.7/dist-packages/labrad/backend.pyc in _connect(self, password, _timeout, tls_mode, username, headless)
    106                 defer.returnValue(cxn)
    107             startReactor()
--> 108             self.cxn = self.call(_connect_deferred).result()
    109             return self.cxn.ID
    110 

/usr/local/lib/python2.7/dist-packages/futures-3.0.5-py2.7.egg/concurrent/futures/_base.pyc in result(self, timeout)
    403                 raise CancelledError()
    404             elif self._state == FINISHED:
--> 405                 return self.__get_result()
    406             else:
    407                 raise TimeoutError()

/usr/local/lib/python2.7/dist-packages/futures-3.0.5-py2.7.egg/concurrent/futures/_base.pyc in __get_result(self)
    355     def __get_result(self):
    356         if self._exception:
--> 357             raise type(self._exception), self._exception, self._traceback
    358         else:
    359             return self._result

Exception: Connection lost.

[maffoo]

It looks like that error is getting raised after the following check:

if hostname == u"" or _is_ip_address(hostname):
    raise ValueError("Invalid DNS-ID.")

I'm guessing that you have LABRADHOST set to an IP address and that is what is causing the problem here. You might try using a proper hostname instead of just an IP address. You can use an alias in your /etc/hosts file, but whatever alias you use, you'll have to tell the manager to generate a self-signed cert for that name by setting the --tls-hosts command line flag (or LABRAD_TLS_HOSTS environment variable) appropriately when you run the manager. Of course, the ideal would be to use a real DNS hostname and get a real certificate for it, but I realize that is not always straightforward.

[creilly]

editing the hosts file did the trick : )
it does not appear to make a difference whether or not the manager includes the linux machine's ip address in the --tls-hosts option.
why should using an alias be required?

[maffoo]

By default the manager generates certs for 'localhost' and for whatever it gets by asking the OS for its hostname. If your entry in the hosts file on another machine matches one of those, then things will work. If you want to use a different name, you'd need to tell the manager to generate a cert for that name.