hawkins
SSLError occurs unexpectedly when refreshing inbox with ssl=True
The following error is encountered when refreshing inbox with ssl=True:
SSLError: [('SSL routines', 'SSL3_GET_RECORD', 'decryption failed or bad record mac')]
This error occurs when using imapclient==1.0.2 with ssl=True. It seems that this does not occur when using ssl=False on some networks, yet on some other networks, setting ssl=False will cause the IMAP server to be unable to connect.
I've tried using imapclient==0.13 to avoid an SSL Version error, but this seems to be the new issue.
Not sure what's going on here, but may have something to do with this SO post on multiprocessing in Python with SSL.
Full stack trace is as follows:
Traceback (most recent call last):
File "/usr/lib/python2.7/threading.py", line 801, in __bootstrap_inner
self.run()
File "/usr/lib/python2.7/threading.py", line 1073, in run
self.function(*self.args, **self.kwargs)
File "/home/chrx/git/shawk/shawk/Client.py", line 197, in auto_refresh
self.refresh()
File "/home/chrx/git/shawk/shawk/Client.py", line 207, in refresh
raw_msgs = self.imap.fetch(uids, ['BODY[TEXT]', 'BODY[HEADER.FIELDS (FROM)]', 'INTERNALDATE'])
File "/usr/local/lib/python2.7/dist-packages/imapclient/imapclient.py", line 972, in fetch
typ, data = self._imap._command_complete('FETCH', tag)
File "/usr/lib/python2.7/imaplib.py", line 910, in _command_complete
typ, data = self._get_tagged_response(tag)
File "/usr/lib/python2.7/imaplib.py", line 1017, in _get_tagged_response
self._get_response()
File "/usr/lib/python2.7/imaplib.py", line 974, in _get_response
data = self.read(size)
File "/usr/local/lib/python2.7/dist-packages/imapclient/tls.py", line 181, in read
return self.file.read(size)
File "/usr/local/lib/python2.7/dist-packages/backports/ssl/core.py", line 488, in read
data = _safe_ssl_call(False, self._sock, 'recv', maxbufsize)
File "/usr/local/lib/python2.7/dist-packages/backports/ssl/core.py", line 222, in _safe_ssl_call
raise SSLError(*e.args)
SSLError: [('SSL routines', 'SSL3_GET_RECORD', 'decryption failed or bad record mac')]
I've replaced how threading works in recent commits so here's the latest info on failing to connect.
I'm on another network today, worth mentioning that this network has no proxy. I can only use Shawk successfully with ssl=True on this network.
ssl=False seems to time-out and results in the following error:
Traceback (most recent call last):
File "./test.py", line 79, in <module>
c.setup_inbox(pwd, auto=False, ssl=False)
File "/home/chrx/git/hawkins/shawk/shawk/Client.py", line 177, in setup_inbox
self.imap = imapclient.IMAPClient('imap.gmail.com', ssl=ssl)
File "/usr/local/lib/python2.7/dist-packages/imapclient/imapclient.py", line 152, in __init__
self._imap = self._create_IMAP4()
File "/usr/local/lib/python2.7/dist-packages/imapclient/imapclient.py", line 166, in _create_IMAP4
return imap4.IMAP4WithTimeout(self.host, self.port, self._timeout)
File "/usr/local/lib/python2.7/dist-packages/imapclient/imap4.py", line 13, in __init__
imaplib.IMAP4.__init__(self, address, port)
File "/usr/lib/python2.7/imaplib.py", line 173, in __init__
self.open(host, port)
File "/usr/lib/python2.7/imaplib.py", line 239, in open
self.sock = socket.create_connection((host, port))
File "/usr/lib/python2.7/socket.py", line 575, in create_connection
raise err
socket.error: [Errno 101] Network is unreachable
Not sure how best to approach this. Should Shawk try to connect with ssl=True by default, then fallback to ssl=False if this fails? Or should it be left up to developers using Shawk to determine which works best for them?
Found this issue on imapclient that seems to have similar issues. They also suggested using IMAPClient==0.13, like Shawk used to, so the proposed workaround may prove useful.
I've implemented their workaround in a new branch and will test as soon as I encounter a network where ssl=True fails with the master branch's configuration.