Synapse (matrix server) broken https endpoint on hardened kernel
To reproduce:
- apk add —virtual .matrix-server sqlite-dev libffi-dev build-base libxslt-dev linux-headers python2-dev py-virtualenv libressl-dev libjpeg-turbo-dev git
- virtualenv -p python2.7 ~/.synapse
source ~/.synapse/bin/activate
pip install —upgrade pip
pip install —upgrade setuptools
pip install https://github.com/matrix-org/synapse/tarball/master - cd ~/.synapse
python -m synapse.app.homeserver \
—server-name alpinelinux.org \
—config-path homeserver.yaml \
—generate-config \
—report-stats=no - source ~/.synapse/bin/activate
synctl start # if not already running
register_new_matrix_user -c homeserver.yaml https://localhost:8448
This will return the following error:
New user localpart [matrix]: foobar
Password:
Confirm password:
Make admin [no]: no
Sending registration request...
Traceback (most recent call last):
File "/home/matrix/.synapse/bin/register_new_matrix_user", line 174, in <module>
register_new_user(args.user, args.password, args.server_url, secret, args.admin)
File "/home/matrix/.synapse/bin/register_new_matrix_user", line 117, in register_new_user
request_registration(user, password, server_location, shared_secret, bool(admin))
File "/home/matrix/.synapse/bin/register_new_matrix_user", line 63, in request_registration
f = urllib2.urlopen(req, context=ssl.SSLContext(ssl.PROTOCOL_SSLv23))
File "/usr/lib/python2.7/urllib2.py", line 154, in urlopen
return opener.open(url, data, timeout)
File "/usr/lib/python2.7/urllib2.py", line 429, in open
response = self._open(req, data)
File "/usr/lib/python2.7/urllib2.py", line 447, in _open
'_open', req)
File "/usr/lib/python2.7/urllib2.py", line 407, in _call_chain
result = func(*args)
File "/usr/lib/python2.7/urllib2.py", line 1241, in https_open
context=self._context)
File "/usr/lib/python2.7/urllib2.py", line 1198, in do_open
raise URLError(err)
urllib2.URLError: <urlopen error EOF occurred in violation of protocol (_ssl.c:661)>
When querying the synapse https port via curl the below error message will appear.
Curl also exists with an ssl error:
curl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:8448
The synapse logfile will show:
2017-09-26 08:10:56,293 - twisted - 131 - CRITICAL - - Unhandled Error
Traceback (most recent call last):
File "/home/matrix/.synapse/lib/python2.7/site-packages/twisted/python/log.py", line 86, in callWithContext
return context.call({ILogContext: newCtx}, func, *args, **kw)
File "/home/matrix/.synapse/lib/python2.7/site-packages/twisted/python/context.py", line 122, in callWithContext
return self.currentContext().callWithContext(ctx, func, *args, **kw)
File "/home/matrix/.synapse/lib/python2.7/site-packages/twisted/python/context.py", line 85, in callWithContext
return func(*args,**kw)
File "/home/matrix/.synapse/lib/python2.7/site-packages/twisted/internet/posixbase.py", line 614, in _doReadOrWrite
why = selectable.doRead()
--- <exception caught here> ---
File "/home/matrix/.synapse/lib/python2.7/site-packages/twisted/internet/tcp.py", line 1073, in doRead
protocol.makeConnection(transport)
File "/home/matrix/.synapse/lib/python2.7/site-packages/twisted/protocols/tls.py", line 199, in makeConnection
self._tlsConnection = self.factory._createConnection(self)
File "/home/matrix/.synapse/lib/python2.7/site-packages/twisted/protocols/tls.py", line 825, in _createConnection
self._applyProtocolNegotiation(connection)
File "/home/matrix/.synapse/lib/python2.7/site-packages/twisted/protocols/tls.py", line 803, in _applyProtocolNegotiation
_setAcceptableProtocols(context, protocols)
File "/home/matrix/.synapse/lib/python2.7/site-packages/twisted/internet/_sslverify.py", line 1988, in _setAcceptableProtocols
supported = protocolNegotiationMechanisms()
File "/home/matrix/.synapse/lib/python2.7/site-packages/twisted/internet/_sslverify.py", line 226, in protocolNegotiationMechanisms
ctx.set_npn_advertise_callback(lambda c: None)
File "/home/matrix/.synapse/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1228, in set_npn_advertise_callback
self._npn_advertise_helper = _NpnAdvertiseHelper(callback)
File "/home/matrix/.synapse/lib/python2.7/site-packages/OpenSSL/SSL.py", line 287, in __init__
wrapper
exceptions.SystemError: error return without exception set
2017-09-26 08:10:56,293 - twisted - 131 - CRITICAL - - Unhandled Error
Traceback (most recent call last):
File "/home/matrix/.synapse/lib/python2.7/site-packages/twisted/python/log.py", line 103, in callWithLogger
return callWithContext({"system": lp}, func, *args, **kw)
File "/home/matrix/.synapse/lib/python2.7/site-packages/twisted/python/log.py", line 86, in callWithContext
return context.call({ILogContext: newCtx}, func, *args, **kw)
File "/home/matrix/.synapse/lib/python2.7/site-packages/twisted/python/context.py", line 122, in callWithContext
return self.currentContext().callWithContext(ctx, func, *args, **kw)
File "/home/matrix/.synapse/lib/python2.7/site-packages/twisted/python/context.py", line 85, in callWithContext
return func(*args,**kw)
--- <exception caught here> ---
File "/home/matrix/.synapse/lib/python2.7/site-packages/twisted/internet/posixbase.py", line 614, in _doReadOrWrite
why = selectable.doRead()
File "/home/matrix/.synapse/lib/python2.7/site-packages/twisted/internet/tcp.py", line 205, in doRead
return self._dataReceived(data)
File "/home/matrix/.synapse/lib/python2.7/site-packages/twisted/internet/tcp.py", line 211, in _dataReceived
rval = self.protocol.dataReceived(data)
File "/home/matrix/.synapse/lib/python2.7/site-packages/twisted/protocols/tls.py", line 310, in dataReceived
self._tlsConnection.bio_write(bytes)
File "/home/matrix/.synapse/lib/python2.7/site-packages/twisted/protocols/policies.py", line 114, in __getattr__
return getattr(self.transport, name)
exceptions.AttributeError: 'NoneType' object has no attribute '_tlsConnection'
2017-09-26 08:10:56,295 - twisted - 131 - CRITICAL - - Unhandled Error
Traceback (most recent call last):
File "/home/matrix/.synapse/lib/python2.7/site-packages/synapse/app/homeserver.py", line 461, in in_thread
reactor.run()
File "/home/matrix/.synapse/lib/python2.7/site-packages/twisted/internet/base.py", line 1243, in run
self.mainLoop()
File "/home/matrix/.synapse/lib/python2.7/site-packages/twisted/internet/base.py", line 1255, in mainLoop
self.doIteration(t)
File "/home/matrix/.synapse/lib/python2.7/site-packages/twisted/internet/epollreactor.py", line 235, in doPoll
log.callWithLogger(selectable, _drdw, selectable, fd, event)
--- <exception caught here> ---
File "/home/matrix/.synapse/lib/python2.7/site-packages/twisted/python/log.py", line 103, in callWithLogger
return callWithContext({"system": lp}, func, *args, **kw)
File "/home/matrix/.synapse/lib/python2.7/site-packages/twisted/python/log.py", line 86, in callWithContext
return context.call({ILogContext: newCtx}, func, *args, **kw)
File "/home/matrix/.synapse/lib/python2.7/site-packages/twisted/python/context.py", line 122, in callWithContext
return self.currentContext().callWithContext(ctx, func, *args, **kw)
File "/home/matrix/.synapse/lib/python2.7/site-packages/twisted/python/context.py", line 85, in callWithContext
return func(*args,**kw)
File "/home/matrix/.synapse/lib/python2.7/site-packages/twisted/internet/posixbase.py", line 627, in _doReadOrWrite
self._disconnectSelectable(selectable, why, inRead)
File "/home/matrix/.synapse/lib/python2.7/site-packages/twisted/internet/posixbase.py", line 258, in _disconnectSelectable
selectable.connectionLost(failure.Failure(why))
File "/home/matrix/.synapse/lib/python2.7/site-packages/twisted/internet/tcp.py", line 289, in connectionLost
protocol.connectionLost(reason)
File "/home/matrix/.synapse/lib/python2.7/site-packages/twisted/protocols/tls.py", line 397, in connectionLost
self._tlsConnection.bio_shutdown()
File "/home/matrix/.synapse/lib/python2.7/site-packages/twisted/protocols/policies.py", line 114, in __getattr__
return getattr(self.transport, name)
exceptions.AttributeError: 'NoneType' object has no attribute '_tlsConnection'
(from redmine: issue id 7920, created on 2017-09-27)