From: Olaf Meeuwissen <olaf.meeuwissen@avasys.jp>
To: Till Kamppeter <till.kamppeter@gmail.com>
Cc: printing-architecture@lists.linux-foundation.org,
printing-japan@lists.linux-foundation.org,
martin.pitt@ubuntu.com, michael.vogt@ubuntu.com
Subject: Re: [Printing-architecture] Ubuntu Natty the first distribution which does automatic download of binary printer driver packages
Date: Fri, 04 Mar 2011 18:29:51 +0900 [thread overview]
Message-ID: <87ei6ndyi8.fsf@avasys.jp> (raw)
In-Reply-To: <4D6D6D45.3070907@gmail.com> (Till Kamppeter's message of "Tue, 01 Mar 2011 23:03:49 +0100")
Hi Till,
Saito-san and I have been looking at how well the automatic download
works when behind a proxy. Short story: it doesn't. The long story
follows below.
Till Kamppeter <till.kamppeter@gmail.com> writes:
> for testing the automatic driver download on current Natty [...]
> apply the patch attached to my previous mail [...]
> 0001-Activated-and-fixed-testing-mode-for-device-ID-drive.patch
We upgraded Natty on 2011-03-03 and applied your patch to
system-config-printer.
> cupsctl FileDevice=yes
> cd /usr/share/system-config-printer/
> python newprinter.py --setup-printer=file:/tmp/printout
> --devid="MFG:Epson;MDL:Stylus NX110;"
That's what we did. We've been looking at jockey debug logs, wireshark
network traffic captures and the jockey code trying to figure out where
things went wrong. According to the logs, the query of the OpenPrinting
DB went just fine. It's getting the fingerprint that bombs. Using wget
to fetch the fingerprint in the same environment works fine.
From the jockey debug logs:
2011-03-03 13:04:49,904 DEBUG: Querying openprinting.org database...
2011-03-03 13:04:49,904 DEBUG: ... querying for MFG:Epson;MDL:Stylus NX110;
2011-03-03 13:04:56,203 DEBUG: OpenPrintingDriverDB: driver driver/epson-stylus-nx110-series info: {'nonfreesoftware': True, 'name': 'epson-stylus-nx110-series', 'license': 'LGPL and SEIKO EPSON CORPORATION SOFTWARE LICENSE AGREEMENT', 'url': 'http://avasys.jp/english/linux_e/', 'thirdpartysupplied': False, 'supportcontacts': [{'url': 'http://avasys.jp/english/linux_e/contact/', 'name': 'AVASYS Corporation', 'level': 'voluntary'}], 'recommended': True, 'functionality': {'text': '100', 'lineart': '100', 'photo': '100', 'graphics': '100'}, 'manufacturersupplied': True, 'licensetext': u'License agreement fo..', 'supplier': 'Seiko Epson Corporation', 'freesoftware': False, 'packages': {'i386': {'epson-inkjet-printer-stylus-nx110-series_1.0.0-1lsb3.2_i386.deb': {'url': 'http://linux.avasys.jp/drivers/lsb/epson-inkjet/stable/debian/dists/lsb3.2/main/binary-i386/epson-inkjet-printer-stylus-nx110-series_1.0.0-1lsb3.2_i386.deb', 'pkgsys': 'deb', 'repositories': {'apt': 'deb http://linux.avasys.jp/drivers/lsb/epson-inkjet/stable/debian/ lsb3.2 main'}, 'version': '1.0.0', 'fingerprint': 'https://linux.avasys.jp/drivers/lsb/epson-inkjet/key/fingerprint', 'release': '1', 'realversion': '1.0.0'}}}, 'shortdescription': 'Epson Inkjet Printer Driver for Linux', 'patents': False}
2011-03-03 13:04:56,252 WARNING: https://linux.avasys.jp/drivers/lsb/epson-inkjet/key/fingerprint has invalid certificate, ignoring driver: Host 172.xx.xx.xx:8080 returned an invalid certificate (_ssl.c:499: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol)
2011-03-03 13:04:56,252 DEBUG: Ignoring driver as it does not have a valid GPG fingerprint
2011-03-03 13:04:56,253 DEBUG: openprinting.org database query finished
We've chased the WARNING statement down to the connect method of
_CertValidatingHTTPSConnection in jockey's verified_https.py
def connect(self):
sock = socket.create_connection((self.host, self.port))
self.sock = ssl.wrap_socket(sock, cert_reqs=ssl.CERT_REQUIRED,
ca_certs=self.ca_certs)
cert = self.sock.getpeercert()
hostname = self.host.split(':', 0)[0]
if not self._validate_certificate_hostname(cert, hostname):
raise InvalidCertificateException(hostname, cert,
'hostname mismatch')
The ssl.wrap_socket raises an ssl.SSLError. What puzzles us is that
this method creates a connection to the _proxy_ rather than to the host
where the fingerprint resides. The wireshark capture for a wget went
straight to the latter host and negotiated TLSv1 with the proxy on the
fly.
We've also played with passing different ssl_version parameters to
ssl.wrap_socket but that didn't help. We're not sure whether this
method negotiates a usable version but if it doesn't that something that
probably needs fixing as well.
Hope this helps,
--
Olaf Meeuwissen, LPIC-2 FLOSS Engineer -- AVASYS CORPORATION
FSF Associate Member #1962 Help support software freedom
http://www.fsf.org/jf?referrer=1962
next prev parent reply other threads:[~2011-03-04 9:29 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <F30723B8678F584CB6A4269E911255CB03396379@m1a.epkowa.co.jp>
[not found] ` <4B8241D4.2040207@gmail.com>
[not found] ` <F30723B8678F584CB6A4269E911255CB034CE4DE@m1a.epkowa.co.jp>
[not found] ` <4B8E4CEF.8040007@gmail.com>
[not found] ` <F30723B8678F584CB6A4269E911255CB035D7CF6@m1a.epkowa.co.jp>
[not found] ` <4BBBA6A9.5050005@gmail.com>
[not found] ` <F30723B8678F584CB6A4269E911255CB0392318F@m1a.epkowa.co.jp>
[not found] ` <4BD18655.8060000@gmail.com>
[not found] ` <F30723B8678F584CB6A4269E911255CB03BF5E5C@m1a.epkowa.co.jp>
[not found] ` <4C091F92.7050102@gmail.com>
[not found] ` <4C1284F4.3000707@gmail.com>
[not found] ` <4C89CF0C.60003@avasys.jp>
2010-11-18 16:55 ` [Printing-architecture] Updates for auto-downloadable printer packages Till Kamppeter
2010-12-03 6:16 ` yuji.saito
2010-12-06 16:54 ` Till Kamppeter
2011-01-07 0:13 ` [Printing-architecture] Ubuntu Natty the first distribution which does automatic download of binary printer driver packages Till Kamppeter
2011-01-07 0:20 ` Till Kamppeter
2011-01-21 2:36 ` yuji.saito
2011-01-24 23:00 ` Till Kamppeter
[not found] ` <20110131104358.GC4406@piware.de>
2011-02-24 9:38 ` Till Kamppeter
2011-02-25 7:00 ` yuji.saito
2011-02-25 12:40 ` Till Kamppeter
2011-02-25 21:26 ` Tim Waugh
2011-02-25 21:31 ` Till Kamppeter
2011-02-25 21:37 ` Till Kamppeter
2011-03-01 21:06 ` Till Kamppeter
2011-03-01 22:03 ` Till Kamppeter
2011-03-04 9:29 ` Olaf Meeuwissen [this message]
2011-03-04 16:50 ` Till Kamppeter
[not found] ` <20110304172254.GF30872@piware.de>
2011-03-07 1:32 ` Olaf Meeuwissen
2011-03-11 3:03 ` [Printing-architecture] [Printing-japan] " Olaf Meeuwissen
[not found] ` <20110311080832.GB2541@piware.de>
2011-03-11 15:50 ` Till Kamppeter
2011-03-14 9:29 ` Olaf Meeuwissen
2011-03-11 16:15 ` Till Kamppeter
2011-03-11 16:59 ` Tim Waugh
2011-03-11 17:45 ` Till Kamppeter
2011-03-12 16:21 ` Till Kamppeter
2011-03-12 17:36 ` Till Kamppeter
2011-03-14 11:13 ` Tim Waugh
2011-03-14 9:39 ` Olaf Meeuwissen
2011-03-14 20:47 ` Till Kamppeter
2011-03-08 15:55 ` [Printing-architecture] " Tim Waugh
2011-02-25 13:03 ` Till Kamppeter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ei6ndyi8.fsf@avasys.jp \
--to=olaf.meeuwissen@avasys.jp \
--cc=martin.pitt@ubuntu.com \
--cc=michael.vogt@ubuntu.com \
--cc=printing-architecture@lists.linux-foundation.org \
--cc=printing-japan@lists.linux-foundation.org \
--cc=till.kamppeter@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.