SSL Hanshake Failure, User authentication Failure and a series of other failure

Shubham_Sharma6 · September 20, 2021, 4:14pm

Hello,

We have a flask based server which interacts with the Atlas cluster. we have noticed that the server keeps going down again and again at random intervals.

After investigation, we noticed that we are getting multiple ‘AtlasError’ in our logs. We have various types of pymongo.errors.

pymongo.errors.OperationFailure where the user account is not found.
pymongo.errors.ServerSelectionTimeoutError:
pymongo.errors.NetworkTimeout: SSL handshake failed:
pymongo.errors.NetworkTimeout: SSL handshake failed:
pymongo.errors.NetworkTimeout: SSL handshake failed:
pymongo.errors.ServerSelectionTimeoutError: SSL handshake failed:

And various similar issues.

Please note that once we rebuild the environment and reset everything the connection is established and then again after sometime these errors start occurring and the system goes down.

Driver details :
Have tested this with pymongo 3.7.x, 3.11.x, 3.12.x

Using this with client configurations as follows:

pymongo.MongoClient(<connection_string>,
   authMechanism='SCRAM-SHA-1',
   connectTimeoutMS = 4000,
   serverSelectionTimeoutMS = 4000,
   socketTimeoutMS = 4000,
   appname = '<app_name>',
   retryWrites = True,
   retryReads = True,
   readPreference = 'secondaryPreferred',
   #tlsDisableOCSPEndpointCheck = True, ##Try deploying with this also.
)

In this, we have tried different timeout values ranging from 5-30 secs. And we have recently put out a version where we have succumbed to disabling OCSP Endpoint checks (which we wouldn’t like to continue with since its a huge security risk - we have done this for the time being to see if it keeps the server up for longer).

Regards,
Shubham

Shane · September 21, 2021, 6:55pm

Hi thanks for opening this issue. Nothing stands out yet as an obvious culprit to me. Please provide the full traceback and full error message for the various exceptions you are experiencing. You can redact and sensitive info like host names or user names.

Please also provide the output of pip list so we can determine if you are using PyOpenSSL or not.

Can you also describe what server product (atlas dedicated, atlas free tier) and version (MongoDB 4.0, 5.0, etc) you are using?

Shubham_Sharma6 · September 22, 2021, 11:36am

Hey Shane,

Thanks for the response.

Specifics logs related to issues are:

[Mon Sep 20 15:00:13.672604 2021] [:error] [pid 6534] [remote <remote_ip>] [2021-09-20 15:00:13,656] ERROR in app: Exception on /wi/api/v1/gettacurrent/ [GET]
[Mon Sep 20 15:00:13.672623 2021] [:error] [pid 6534] [remote <remote_ip>] Traceback (most recent call last):
[Mon Sep 20 15:00:13.672627 2021] [:error] [pid 6534] [remote <remote_ip>] File “/opt/python/current/app/app/init.py”, line 193, in before_request
[Mon Sep 20 15:00:13.672630 2021] [:error] [pid 6534] [remote <remote_ip>] sec_check = client_sec.admin.command(‘ping’)
[Mon Sep 20 15:00:13.672633 2021] [:error] [pid 6534] [remote <remote_ip>] File “/opt/python/run/venv/local/lib64/python3.6/site-packages/pymongo/database.py”, line 752, in command
[Mon Sep 20 15:00:13.672636 2021] [:error] [pid 6534] [remote <remote_ip>] read_preference, session) as (sock_info, secondary_ok):
[Mon Sep 20 15:00:13.672639 2021] [:error] [pid 6534] [remote <remote_ip>] File “/usr/lib64/python3.6/contextlib.py”, line 81, in enter
[Mon Sep 20 15:00:13.672642 2021] [:error] [pid 6534] [remote <remote_ip>] return next(self.gen)
[Mon Sep 20 15:00:13.672645 2021] [:error] [pid 6534] [remote <remote_ip>] File “/opt/python/run/venv/local/lib64/python3.6/site-packages/pymongo/mongo_client.py”, line 1387, in _socket_for_reads
[Mon Sep 20 15:00:13.672648 2021] [:error] [pid 6534] [remote <remote_ip>] server = self._select_server(read_preference, session)
[Mon Sep 20 15:00:13.672651 2021] [:error] [pid 6534] [remote <remote_ip>] File “/opt/python/run/venv/local/lib64/python3.6/site-packages/pymongo/mongo_client.py”, line 1346, in _select_server
[Mon Sep 20 15:00:13.672654 2021] [:error] [pid 6534] [remote <remote_ip>] server = topology.select_server(server_selector)
[Mon Sep 20 15:00:13.672657 2021] [:error] [pid 6534] [remote <remote_ip>] File “/opt/python/run/venv/local/lib64/python3.6/site-packages/pymongo/topology.py”, line 246, in select_server
[Mon Sep 20 15:00:13.672660 2021] [:error] [pid 6534] [remote <remote_ip>] address))
[Mon Sep 20 15:00:13.672663 2021] [:error] [pid 6534] [remote <remote_ip>] File “/opt/python/run/venv/local/lib64/python3.6/site-packages/pymongo/topology.py”, line 203, in select_servers
[Mon Sep 20 15:00:13.672665 2021] [:error] [pid 6534] [remote <remote_ip>] selector, server_timeout, address)
[Mon Sep 20 15:00:13.672668 2021] [:error] [pid 6534] [remote <remote_ip>] File “/opt/python/run/venv/local/lib64/python3.6/site-packages/pymongo/topology.py”, line 220, in _select_servers_loop
[Mon Sep 20 15:00:13.672671 2021] [:error] [pid 6534] [remote <remote_ip>] (self._error_message(selector), timeout, self.description))
[Mon Sep 20 15:00:13.672675 2021] [:error] [pid 6534] [remote <remote_ip>] pymongo.errors.ServerSelectionTimeoutError:
[Mon Sep 20 15:08:11.630506 2021] [:error] [pid 6534] close and retry db connections.
[Mon Sep 20 15:08:11.715236 2021] [:error] [pid 6534] [remote <remote_ip>] [2021-09-20 15:08:03,121] ERROR in app: Request finalizing failed with an error while handling an error
[Mon Sep 20 15:08:11.715260 2021] [:error] [pid 6534] [remote <remote_ip>] Traceback (most recent call last):
[Mon Sep 20 15:08:11.715263 2021] [:error] [pid 6534] [remote <remote_ip>] File “/opt/python/run/venv/local/lib/python3.6/site-packages/flask/app.py”, line 2292, in wsgi_app
[Mon Sep 20 15:08:11.715267 2021] [:error] [pid 6534] [remote <remote_ip>] response = self.full_dispatch_request()
[Mon Sep 20 15:08:11.715270 2021] [:error] [pid 6534] [remote <remote_ip>] File “/opt/python/run/venv/local/lib/python3.6/site-packages/flask/app.py”, line 1815, in full_dispatch_request
[Mon Sep 20 15:08:11.715273 2021] [:error] [pid 6534] [remote <remote_ip>] rv = self.handle_user_exception(e)
[Mon Sep 20 15:08:11.715276 2021] [:error] [pid 6534] [remote <remote_ip>] File “/opt/python/run/venv/local/lib/python3.6/site-packages/flask/app.py”, line 1718, in handle_user_exception
[Mon Sep 20 15:08:11.715279 2021] [:error] [pid 6534] [remote <remote_ip>] reraise(exc_type, exc_value, tb)
[Mon Sep 20 15:08:11.715282 2021] [:error] [pid 6534] [remote <remote_ip>] File “/opt/python/run/venv/local/lib/python3.6/site-packages/flask/_compat.py”, line 35, in reraise
[Mon Sep 20 15:08:11.715285 2021] [:error] [pid 6534] [remote <remote_ip>] raise value
[Mon Sep 20 15:08:11.715288 2021] [:error] [pid 6534] [remote <remote_ip>] File “/opt/python/run/venv/local/lib/python3.6/site-packages/flask/app.py”, line 1813, in full_dispatch_request
[Mon Sep 20 15:08:11.715291 2021] [:error] [pid 6534] [remote <remote_ip>] rv = self.dispatch_request()
[Mon Sep 20 15:08:11.715294 2021] [:error] [pid 6534] [remote <remote_ip>] File “/opt/python/run/venv/local/lib/python3.6/site-packages/flask/app.py”, line 1799, in dispatch_request
[Mon Sep 20 15:08:11.715297 2021] [:error] [pid 6534] [remote <remote_ip>] return self.view_functionsrule.endpoint
[Mon Sep 20 15:08:11.715299 2021] [:error] [pid 6534] [remote <remote_ip>] File “/opt/python/run/venv/local/lib/python3.6/site-packages/flask_httpauth.py”, line 99, in decorated
[Mon Sep 20 15:08:11.715302 2021] [:error] [pid 6534] [remote <remote_ip>] if not self.authenticate(auth, password):
[Mon Sep 20 15:08:11.715305 2021] [:error] [pid 6534] [remote <remote_ip>] File “/opt/python/run/venv/local/lib/python3.6/site-packages/flask_httpauth.py”, line 136, in authenticate
[Mon Sep 20 15:08:11.715308 2021] [:error] [pid 6534] [remote <remote_ip>] return self.verify_password_callback(username, client_password)
[Mon Sep 20 15:08:11.715311 2021] [:error] [pid 6534] [remote <remote_ip>] File “/opt/python/current/app/app/auth.py”, line 281, in verify_pwd_2
[Mon Sep 20 15:08:11.715313 2021] [:error] [pid 6534] [remote <remote_ip>] doc = db_sec.our_user.find_one({‘mn’:mn},{‘pwd_hash’:1, ‘email’:1})
[Mon Sep 20 15:08:11.715316 2021] [:error] [pid 6534] [remote <remote_ip>] File “/opt/python/run/venv/local/lib64/python3.6/site-packages/pymongo/collection.py”, line 1328, in find_one
[Mon Sep 20 15:08:11.715319 2021] [:error] [pid 6534] [remote <remote_ip>] for result in cursor.limit(-1):
[Mon Sep 20 15:08:11.715322 2021] [:error] [pid 6534] [remote <remote_ip>] File “/opt/python/run/venv/local/lib64/python3.6/site-packages/pymongo/cursor.py”, line 1238, in next
[Mon Sep 20 15:08:11.715324 2021] [:error] [pid 6534] [remote <remote_ip>] if len(self.__data) or self._refresh():
[Mon Sep 20 15:08:11.715327 2021] [:error] [pid 6534] [remote <remote_ip>] File “/opt/python/run/venv/local/lib64/python3.6/site-packages/pymongo/cursor.py”, line 1155, in _refresh
[Mon Sep 20 15:08:11.715341 2021] [:error] [pid 6534] [remote <remote_ip>] self.__send_message(q)
[Mon Sep 20 15:08:11.715344 2021] [:error] [pid 6534] [remote <remote_ip>] File “/opt/python/run/venv/local/lib64/python3.6/site-packages/pymongo/cursor.py”, line 1045, in __send_message
[Mon Sep 20 15:08:11.715347 2021] [:error] [pid 6534] [remote <remote_ip>] operation, self._unpack_response, address=self.__address)
[Mon Sep 20 15:08:11.715350 2021] [:error] [pid 6534] [remote <remote_ip>] File “/opt/python/run/venv/local/lib64/python3.6/site-packages/pymongo/mongo_client.py”, line 1426, in _run_operation
[Mon Sep 20 15:08:11.715353 2021] [:error] [pid 6534] [remote <remote_ip>] address=address, retryable=isinstance(operation, message._Query))
[Mon Sep 20 15:08:11.715355 2021] [:error] [pid 6534] [remote <remote_ip>] File “/opt/python/run/venv/local/lib64/python3.6/site-packages/pymongo/mongo_client.py”, line 1515, in _retryable_read
[Mon Sep 20 15:08:11.715358 2021] [:error] [pid 6534] [remote <remote_ip>] read_pref, session, address=address)
[Mon Sep 20 15:08:11.715361 2021] [:error] [pid 6534] [remote <remote_ip>] File “/opt/python/run/venv/local/lib64/python3.6/site-packages/pymongo/mongo_client.py”, line 1346, in _select_server
[Mon Sep 20 15:08:11.715364 2021] [:error] [pid 6534] [remote <remote_ip>] server = topology.select_server(server_selector)
[Mon Sep 20 15:08:11.715367 2021] [:error] [pid 6534] [remote <remote_ip>] File “/opt/python/run/venv/local/lib64/python3.6/site-packages/pymongo/topology.py”, line 246, in select_server
[Mon Sep 20 15:08:11.715369 2021] [:error] [pid 6534] [remote <remote_ip>] address))
[Mon Sep 20 15:08:11.715372 2021] [:error] [pid 6534] [remote <remote_ip>] File “/opt/python/run/venv/local/lib64/python3.6/site-packages/pymongo/topology.py”, line 203, in select_servers
[Mon Sep 20 15:08:11.715375 2021] [:error] [pid 6534] [remote <remote_ip>] selector, server_timeout, address)
[Mon Sep 20 15:08:11.715378 2021] [:error] [pid 6534] [remote <remote_ip>] File “/opt/python/run/venv/local/lib64/python3.6/site-packages/pymongo/topology.py”, line 220, in _select_servers_loop
[Mon Sep 20 15:08:11.715381 2021] [:error] [pid 6534] [remote <remote_ip>] (self._error_message(selector), timeout, self.description))
[Mon Sep 20 15:08:11.715385 2021] [:error] [pid 6534] [remote <remote_ip>] pymongo.errors.ServerSelectionTimeoutError: SSL handshake failed:
[Mon Sep 20 15:08:11.715391 2021] [:error] [pid 6534] [remote <remote_ip>]
[Mon Sep 20 15:08:11.715393 2021] [:error] [pid 6534] [remote <remote_ip>] During handling of the above exception, another exception occurred:
[Mon Sep 20 15:08:11.715396 2021] [:error] [pid 6534] [remote <remote_ip>]
[Mon Sep 20 15:08:11.715399 2021] [:error] [pid 6534] [remote <remote_ip>] Traceback (most recent call last):
[Mon Sep 20 15:08:11.715404 2021] [:error] [pid 6534] [remote <remote_ip>] File “/opt/python/run/venv/local/lib64/python3.6/site-packages/pymongo/pool.py”, line 1394, in _get_socket
[Mon Sep 20 15:08:11.715407 2021] [:error] [pid 6534] [remote <remote_ip>] sock_info = self.sockets.popleft()
[Mon Sep 20 15:08:11.715410 2021] [:error] [pid 6534] [remote <remote_ip>] IndexError: pop from an empty deque
[Mon Sep 20 15:08:11.715413 2021] [:error] [pid 6534] [remote <remote_ip>]
[Mon Sep 20 15:08:11.715415 2021] [:error] [pid 6534] [remote <remote_ip>] During handling of the above exception, another exception occurred:
[Mon Sep 20 15:08:11.715418 2021] [:error] [pid 6534] [remote <remote_ip>]
[Mon Sep 20 15:08:11.715420 2021] [:error] [pid 6534] [remote <remote_ip>] Traceback (most recent call last):
[Mon Sep 20 15:08:11.715423 2021] [:error] [pid 6534] [remote <remote_ip>] File “/opt/python/run/venv/local/lib64/python3.6/site-packages/pymongo/pool.py”, line 1040, in _configured_socket
[Mon Sep 20 15:08:11.715426 2021] [:error] [pid 6534] [remote <remote_ip>] sock = ssl_context.wrap_socket(sock, server_hostname=host)
[Mon Sep 20 15:08:11.715429 2021] [:error] [pid 6534] [remote <remote_ip>] File “/usr/lib64/python3.6/ssl.py”, line 407, in wrap_socket
[Mon Sep 20 15:08:11.715432 2021] [:error] [pid 6534] [remote <remote_ip>] _context=self, _session=session)
[Mon Sep 20 15:08:11.715434 2021] [:error] [pid 6534] [remote <remote_ip>] File “/usr/lib64/python3.6/ssl.py”, line 817, in init
[Mon Sep 20 15:08:11.715437 2021] [:error] [pid 6534] [remote <remote_ip>] self.do_handshake()
[Mon Sep 20 15:08:11.715440 2021] [:error] [pid 6534] [remote <remote_ip>] File “/usr/lib64/python3.6/ssl.py”, line 1077, in do_handshake
[Mon Sep 20 15:08:11.715442 2021] [:error] [pid 6534] [remote <remote_ip>] self._sslobj.do_handshake()
[Mon Sep 20 15:08:11.715445 2021] [:error] [pid 6534] [remote <remote_ip>] File “/usr/lib64/python3.6/ssl.py”, line 689, in do_handshake
[Mon Sep 20 15:08:11.715448 2021] [:error] [pid 6534] [remote <remote_ip>] self._sslobj.do_handshake()
[Mon Sep 20 15:08:11.715451 2021] [:error] [pid 6534] [remote <remote_ip>] socket.timeout: _ssl.c:835: The handshake operation timed out
[Mon Sep 20 15:08:11.715453 2021] [:error] [pid 6534] [remote <remote_ip>]

Also, we have noticed that corresponding to these errors occurring on application end - the mongodb logs show -

{“t”:{"$date":“2021-09-20T15:19:41.053+00:00”},“s”:“W”, “c”:“NETWORK”, “id”:5512201, “ctx”:“OCSP Fetch and Staple”,“msg”:“Server was unable to staple OCSP Response”,“attr”:{“reason”:{“code”:141,“codeName”:“SSLHandshakeFailed”,“errmsg”:“SSL peer certificate revocation status checking failed: Could not verify X509 certificate store for OCSP Stapling. error: 00000000:lib(0):func(0):reason(0)”}}}

{“t”:{"$date":“2021-09-20T15:12:00.827+00:00”},“s”:“I”, “c”:“NETWORK”, “id”:22989, “ctx”:“conn10652”,“msg”:“Error sending response to client. Ending connection from remote”,“attr”:{“error”:{“code”:6,“codeName”:“HostUnreachable”,“errmsg”:“Connection reset by peer”},“remote”:":",“connectionId”:10652}}

{“t”:{"$date":“2021-09-20T15:11:54.820+00:00”},“s”:“I”, “c”:“CONNPOOL”, “id”:22572, “ctx”:“MirrorMaestro”,“msg”:“Dropping all pooled connections”,“attr”:{“hostAndPort”:“host:port”,“error”:“ShutdownInProgress: Pool for host:port has expired.”}

Also, noticed repeated OCSP stapling errors in the mongod logs of primary of the cluster in question:

Line 5673: {“t”:{"$date":“2021-09-20T14:44:41.053+00:00”},“s”:“W”, “c”:“NETWORK”, “id”:5512201, “ctx”:“OCSP Fetch and Staple”,“msg”:“Server was unable to staple OCSP Response”,“attr”:{“reason”:{“code”:141,“codeName”:“SSLHandshakeFailed”,“errmsg”:“SSL peer certificate revocation status checking failed: Could not verify X509 certificate store for OCSP Stapling. error: 00000000:lib(0):func(0):reason(0)”}}}
Line 5673: {“t”:{"$date":“2021-09-20T14:44:41.053+00:00”},“s”:“W”, “c”:“NETWORK”, “id”:5512201, “ctx”:“OCSP Fetch and Staple”,“msg”:“Server was unable to staple OCSP Response”,“attr”:{“reason”:{“code”:141,“codeName”:“SSLHandshakeFailed”,“errmsg”:“SSL peer certificate revocation status checking failed: Could not verify X509 certificate store for OCSP Stapling. error: 00000000:lib(0):func(0):reason(0)”}}}
Line 5799: {“t”:{"$date":“2021-09-20T14:49:41.053+00:00”},“s”:“W”, “c”:“NETWORK”, “id”:5512201, “ctx”:“OCSP Fetch and Staple”,“msg”:“Server was unable to staple OCSP Response”,“attr”:{“reason”:{“code”:141,“codeName”:“SSLHandshakeFailed”,“errmsg”:“SSL peer certificate revocation status checking failed: Could not verify X509 certificate store for OCSP Stapling. error: 00000000:lib(0):func(0):reason(0)”}}}
Line 5799: {“t”:{"$date":“2021-09-20T14:49:41.053+00:00”},“s”:“W”, “c”:“NETWORK”, “id”:5512201, “ctx”:“OCSP Fetch and Staple”,“msg”:“Server was unable to staple OCSP Response”,“attr”:{“reason”:{“code”:141,“codeName”:“SSLHandshakeFailed”,“errmsg”:“SSL peer certificate revocation status checking failed: Could not verify X509 certificate store for OCSP Stapling. error: 00000000:lib(0):func(0):reason(0)”}}}
Line 5799: {“t”:{"$date":“2021-09-20T14:49:41.053+00:00”},“s”:“W”, “c”:“NETWORK”, “id”:5512201, “ctx”:“OCSP Fetch and Staple”,“msg”:“Server was unable to staple OCSP Response”,“attr”:{“reason”:{“code”:141,“codeName”:“SSLHandshakeFailed”,“errmsg”:“SSL peer certificate revocation status checking failed: Could not verify X509 certificate store for OCSP Stapling. error: 00000000:lib(0):func(0):reason(0)”}}}
Line 5967: {“t”:{"$date":“2021-09-20T14:54:41.053+00:00”},“s”:“W”, “c”:“NETWORK”, “id”:5512201, “ctx”:“OCSP Fetch and Staple”,“msg”:“Server was unable to staple OCSP Response”,“attr”:{“reason”:{“code”:141,“codeName”:“SSLHandshakeFailed”,“errmsg”:“SSL peer certificate revocation status checking failed: Could not verify X509 certificate store for OCSP Stapling. error: 00000000:lib(0):func(0):reason(0)”}}}
Line 5967: {“t”:{"$date":“2021-09-20T14:54:41.053+00:00”},“s”:“W”, “c”:“NETWORK”, “id”:5512201, “ctx”:“OCSP Fetch and Staple”,“msg”:“Server was unable to staple OCSP Response”,“attr”:{“reason”:{“code”:141,“codeName”:“SSLHandshakeFailed”,“errmsg”:“SSL peer certificate revocation status checking failed: Could not verify X509 certificate store for OCSP Stapling. error: 00000000:lib(0):func(0):reason(0)”}}}
Line 5967: {“t”:{"$date":“2021-09-20T14:54:41.053+00:00”},“s”:“W”, “c”:“NETWORK”, “id”:5512201, “ctx”:“OCSP Fetch and Staple”,“msg”:“Server was unable to staple OCSP Response”,“attr”:{“reason”:{“code”:141,“codeName”:“SSLHandshakeFailed”,“errmsg”:“SSL peer certificate revocation status checking failed: Could not verify X509 certificate store for OCSP Stapling. error: 00000000:lib(0):func(0):reason(0)”}}}
Line 6157: {“t”:{"$date":“2021-09-20T14:59:41.053+00:00”},“s”:“W”, “c”:“NETWORK”, “id”:5512201, “ctx”:“OCSP Fetch and Staple”,“msg”:“Server was unable to staple OCSP Response”,“attr”:{“reason”:{“code”:141,“codeName”:“SSLHandshakeFailed”,“errmsg”:“SSL peer certificate revocation status checking failed: Could not verify X509 certificate store for OCSP Stapling. error: 00000000:lib(0):func(0):reason(0)”}}}
Line 6157: {“t”:{"$date":“2021-09-20T14:59:41.053+00:00”},“s”:“W”, “c”:“NETWORK”, “id”:5512201, “ctx”:“OCSP Fetch and Staple”,“msg”:“Server was unable to staple OCSP Response”,“attr”:{“reason”:{“code”:141,“codeName”:“SSLHandshakeFailed”,“errmsg”:“SSL peer certificate revocation status checking failed: Could not verify X509 certificate store for OCSP Stapling. error: 00000000:lib(0):func(0):reason(0)”}}}
Line 6157: {“t”:{"$date":“2021-09-20T14:59:41.053+00:00”},“s”:“W”, “c”:“NETWORK”, “id”:5512201, “ctx”:“OCSP Fetch and Staple”,“msg”:“Server was unable to staple OCSP Response”,“attr”:{“reason”:{“code”:141,“codeName”:“SSLHandshakeFailed”,“errmsg”:“SSL peer certificate revocation status checking failed: Could not verify X509 certificate store for OCSP Stapling. error: 00000000:lib(0):func(0):reason(0)”}}}
Line 6497: {“t”:{"$date":“2021-09-20T15:04:41.053+00:00”},“s”:“W”, “c”:“NETWORK”, “id”:5512201, “ctx”:“OCSP Fetch and Staple”,“msg”:“Server was unable to staple OCSP Response”,“attr”:{“reason”:{“code”:141,“codeName”:“SSLHandshakeFailed”,“errmsg”:“SSL peer certificate revocation status checking failed: Could not verify X509 certificate store for OCSP Stapling. error: 00000000:lib(0):func(0):reason(0)”}}}
Line 6497: {“t”:{"$date":“2021-09-20T15:04:41.053+00:00”},“s”:“W”, “c”:“NETWORK”, “id”:5512201, “ctx”:“OCSP Fetch and Staple”,“msg”:“Server was unable to staple OCSP Response”,“attr”:{“reason”:{“code”:141,“codeName”:“SSLHandshakeFailed”,“errmsg”:“SSL peer certificate revocation status checking failed: Could not verify X509 certificate store for OCSP Stapling. error: 00000000:lib(0):func(0):reason(0)”}}}
Line 6497: {“t”:{"$date":“2021-09-20T15:04:41.053+00:00”},“s”:“W”, “c”:“NETWORK”, “id”:5512201, “ctx”:“OCSP Fetch and Staple”,“msg”:“Server was unable to staple OCSP Response”,“attr”:{“reason”:{“code”:141,“codeName”:“SSLHandshakeFailed”,“errmsg”:“SSL peer certificate revocation status checking failed: Could not verify X509 certificate store for OCSP Stapling. error: 00000000:lib(0):func(0):reason(0)”}}}
Line 6868: {“t”:{"$date":“2021-09-20T15:09:41.053+00:00”},“s”:“W”, “c”:“NETWORK”, “id”:5512201, “ctx”:“OCSP Fetch and Staple”,“msg”:“Server was unable to staple OCSP Response”,“attr”:{“reason”:{“code”:141,“codeName”:“SSLHandshakeFailed”,“errmsg”:“SSL peer certificate revocation status checking failed: Could not verify X509 certificate store for OCSP Stapling. error: 00000000:lib(0):func(0):reason(0)”}}}
Line 6868: {“t”:{"$date":“2021-09-20T15:09:41.053+00:00”},“s”:“W”, “c”:“NETWORK”, “id”:5512201, “ctx”:“OCSP Fetch and Staple”,“msg”:“Server was unable to staple OCSP Response”,“attr”:{“reason”:{“code”:141,“codeName”:“SSLHandshakeFailed”,“errmsg”:“SSL peer certificate revocation status checking failed: Could not verify X509 certificate store for OCSP Stapling. error: 00000000:lib(0):func(0):reason(0)”}}}
Line 6868: {“t”:{"$date":“2021-09-20T15:09:41.053+00:00”},“s”:“W”, “c”:“NETWORK”, “id”:5512201, “ctx”:“OCSP Fetch and Staple”,“msg”:“Server was unable to staple OCSP Response”,“attr”:{“reason”:{“code”:141,“codeName”:“SSLHandshakeFailed”,“errmsg”:“SSL peer certificate revocation status checking failed: Could not verify X509 certificate store for OCSP Stapling. error: 00000000:lib(0):func(0):reason(0)”}}}
Line 7211: {“t”:{"$date":“2021-09-20T15:14:41.053+00:00”},“s”:“W”, “c”:“NETWORK”, “id”:5512201, “ctx”:“OCSP Fetch and Staple”,“msg”:“Server was unable to staple OCSP Response”,“attr”:{“reason”:{“code”:141,“codeName”:“SSLHandshakeFailed”,“errmsg”:“SSL peer certificate revocation status checking failed: Could not verify X509 certificate store for OCSP Stapling. error: 00000000:lib(0):func(0):reason(0)”}}}
Line 7211: {“t”:{"$date":“2021-09-20T15:14:41.053+00:00”},“s”:“W”, “c”:“NETWORK”, “id”:5512201, “ctx”:“OCSP Fetch and Staple”,“msg”:“Server was unable to staple OCSP Response”,“attr”:{“reason”:{“code”:141,“codeName”:“SSLHandshakeFailed”,“errmsg”:“SSL peer certificate revocation status checking failed: Could not verify X509 certificate store for OCSP Stapling. error: 00000000:lib(0):func(0):reason(0)”}}}
Line 7211: {“t”:{"$date":“2021-09-20T15:14:41.053+00:00”},“s”:“W”, “c”:“NETWORK”, “id”:5512201, “ctx”:“OCSP Fetch and Staple”,“msg”:“Server was unable to staple OCSP Response”,“attr”:{“reason”:{“code”:141,“codeName”:“SSLHandshakeFailed”,“errmsg”:“SSL peer certificate revocation status checking failed: Could not verify X509 certificate store for OCSP Stapling. error: 00000000:lib(0):func(0):reason(0)”}}}
Line 7356: {“t”:{"$date":“2021-09-20T15:19:41.053+00:00”},“s”:“W”, “c”:“NETWORK”, “id”:5512201, “ctx”:“OCSP Fetch and Staple”,“msg”:“Server was unable to staple OCSP Response”,“attr”:{“reason”:{“code”:141,“codeName”:“SSLHandshakeFailed”,“errmsg”:“SSL peer certificate revocation status checking failed: Could not verify X509 certificate store for OCSP Stapling. error: 00000000:lib(0):func(0):reason(0)”}}}
Line 7356: {“t”:{"$date":“2021-09-20T15:19:41.053+00:00”},“s”:“W”, “c”:“NETWORK”, “id”:5512201, “ctx”:“OCSP Fetch and Staple”,“msg”:“Server was unable to staple OCSP Response”,“attr”:{“reason”:{“code”:141,“codeName”:“SSLHandshakeFailed”,“errmsg”:“SSL peer certificate revocation status checking failed: Could not verify X509 certificate store for OCSP Stapling. error: 00000000:lib(0):func(0):reason(0)”}}}
Line 7356: {“t”:{"$date":“2021-09-20T15:19:41.053+00:00”},“s”:“W”, “c”:“NETWORK”, “id”:5512201, “ctx”:“OCSP Fetch and Staple”,“msg”:“Server was unable to staple OCSP Response”,“attr”:{“reason”:{“code”:141,“codeName”:“SSLHandshakeFailed”,“errmsg”:“SSL peer certificate revocation status checking failed: Could not verify X509 certificate store for OCSP Stapling. error: 00000000:lib(0):func(0):reason(0)”}}}
Line 7509: {“t”:{"$date":“2021-09-20T15:24:41.053+00:00”},“s”:“W”, “c”:“NETWORK”, “id”:5512201, “ctx”:“OCSP Fetch and Staple”,“msg”:“Server was unable to staple OCSP Response”,“attr”:{“reason”:{“code”:141,“codeName”:“SSLHandshakeFailed”,“errmsg”:“SSL peer certificate revocation status checking failed: Could not verify X509 certificate store for OCSP Stapling. error: 00000000:lib(0):func(0):reason(0)”}}}
Line 7509: {“t”:{"$date":“2021-09-20T15:24:41.053+00:00”},“s”:“W”, “c”:“NETWORK”, “id”:5512201, “ctx”:“OCSP Fetch and Staple”,“msg”:“Server was unable to staple OCSP Response”,“attr”:{“reason”:{“code”:141,“codeName”:“SSLHandshakeFailed”,“errmsg”:“SSL peer certificate revocation status checking failed: Could not verify X509 certificate store for OCSP Stapling. error: 00000000:lib(0):func(0):reason(0)”}}}
Line 7509: {“t”:{"$date":“2021-09-20T15:24:41.053+00:00”},“s”:“W”, “c”:“NETWORK”, “id”:5512201, “ctx”:“OCSP Fetch and Staple”,“msg”:“Server was unable to staple OCSP Response”,“attr”:{“reason”:{“code”:141,“codeName”:“SSLHandshakeFailed”,“errmsg”:“SSL peer certificate revocation status checking failed: Could not verify X509 certificate store for OCSP Stapling. error: 00000000:lib(0):func(0):reason(0)”}}}
Line 7673: {“t”:{"$date":“2021-09-20T15:29:41.053+00:00”},“s”:“W”, “c”:“NETWORK”, “id”:5512201, “ctx”:“OCSP Fetch and Staple”,“msg”:“Server was unable to staple OCSP Response”,“attr”:{“reason”:{“code”:141,“codeName”:“SSLHandshakeFailed”,“errmsg”:“SSL peer certificate revocation status checking failed: Could not verify X509 certificate store for OCSP Stapling. error: 00000000:lib(0):func(0):reason(0)”}}}
Line 7673: {“t”:{"$date":“2021-09-20T15:29:41.053+00:00”},“s”:“W”, “c”:“NETWORK”, “id”:5512201, “ctx”:“OCSP Fetch and Staple”,“msg”:“Server was unable to staple OCSP Response”,“attr”:{“reason”:{“code”:141,“codeName”:“SSLHandshakeFailed”,“errmsg”:“SSL peer certificate revocation status checking failed: Could not verify X509 certificate store for OCSP Stapling. error: 00000000:lib(0):func(0):reason(0)”}}}
Line 7673: {“t”:{"$date":“2021-09-20T15:29:41.053+00:00”},“s”:“W”, “c”:“NETWORK”, “id”:5512201, “ctx”:“OCSP Fetch and Staple”,“msg”:“Server was unable to staple OCSP Response”,“attr”:{“reason”:{“code”:141,“codeName”:“SSLHandshakeFailed”,“errmsg”:“SSL peer certificate revocation status checking failed: Could not verify X509 certificate store for OCSP Stapling. error: 00000000:lib(0):func(0):reason(0)”}}}

Output from pip list:

Package Version

boto3 1.18.44
botocore 1.21.44
certifi 2021.5.30
chardet 3.0.4
click 6.7
docutils 0.17.1
Flask 1.0.2
Flask-HTTPAuth 3.2.4
Flask-Limiter 1.2.1
idna 2.8
itsdangerous 0.24
Jinja2 2.10
jmespath 0.10.0
limits 1.5.1
MarkupSafe 1.1.1
passlib 1.7.1
pip 20.0.2
pkg-resources 0.0.0
polyline 1.4.0
pycryptodome 3.9.8
pymongo 3.12.0
python-dateutil 2.8.2
redis 3.2.1
requests 2.22.0
s3transfer 0.5.0
setuptools 44.0.0
six 1.16.0
urllib3 1.25.11
Werkzeug 0.14.1
wheel 0.37.0

I don’t see the PyOpenSSL package in this.

We are using MongoDB Atlas M10 cluster. Initially this was an M0 where we noticed this issue. We thought this could be a network issue due to shared hardware so bumped it up to M10. The server version currently is 4.4.8

Please let me know if you need any more details.