Skip to content

gh-110467: Fix EOF occurred in violation of protocol starting Python3.10 on large requests #115273

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 7 commits into from
+22 −19
Closed

gh-110467: Fix EOF occurred in violation of protocol starting Python3.10 on large requests #115273

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
99a1944
gh-110467: Fix EOF occurred in violation of protocol starting Python3…
keepworking Feb 11, 2024
4101d1a
gh-110467: update server of test_ssl exception handling
keepworking Feb 11, 2024
bd0cf4f
gh-110467: update server exception handling of test_ssl
keepworking Feb 11, 2024
a3ac76b
gh-110467: update test_wrong_cert_tls13, test_pha_required_nocert ass…
keepworking Feb 11, 2024
1af6fb0
gh-110467: update test_wrong_cert_tls13, test_pha_required_nocert ass…
keepworking Feb 11, 2024
76a1552
add NEWS.d
keepworking Feb 11, 2024
87f2a63
📜🤖 Added by blurb_it.
blurb-it[bot] Feb 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 16 additions & 13 deletions Lib/test/test_ssl.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2397,16 +2397,19 @@ def run(self):
self.write(msg.lower())
except OSError as e:
# handles SSLError and socket errors
if isinstance(e, ConnectionError):
# OpenSSL 1.1.1 sometimes raises
# ConnectionResetError when connection is not
# shut down gracefully.
print(
f" Connection reset by peer: {self.addr}"
)

self.close()
self.running = False
return
if self.server.chatty and support.verbose:
if isinstance(e, ConnectionError):
# OpenSSL 1.1.1 sometimes raises
# ConnectionResetError when connection is not
# shut down gracefully.
print(
f" Connection reset by peer: {self.addr}"
)
else:
handle_error("Test server failure:\n")
handle_error("Test server failure:\n")
try:
self.write(b"ERROR\n")
except OSError:
Expand Down Expand Up @@ -3093,8 +3096,8 @@ def test_wrong_cert_tls13(self):
suppress_ragged_eofs=False) as s:
s.connect((HOST, server.port))
with self.assertRaisesRegex(
ssl.SSLError,
'alert unknown ca|EOF occurred'
(ssl.SSLError, OSError),
'(alert unknown ca|EOF occurred|closed by the remote host)'
):
# TLS 1.3 perform client cert exchange after handshake
s.write(b'data')
Expand Down Expand Up @@ -4446,8 +4449,8 @@ def msg_cb(conn, direction, version, content_type, msg_type, data):
# test sometimes fails with EOF error. Test passes as long as
# server aborts connection with an error.
with self.assertRaisesRegex(
ssl.SSLError,
'(certificate required|EOF occurred)'
(ssl.SSLError, OSError),
'(certificate required|EOF occurred|closed by the remote host)'
):
# receive CertificateRequest
data = s.recv(1024)
Expand Down
2 changes: 2 additions & 0 deletions Misc/NEWS.d/next/Library/2024-02-11-19-11-54.gh-issue-110467.lIaa2u.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
Fix :c:func:`PySSL_SetError` : Modify retval handling logic for handling
SSL_ERROR_SYSCALL.
2 changes: 2 additions & 0 deletions Misc/NEWS.d/next/Library/2024-02-18-09-48-11.gh-issue-115627.HGchj0.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
Fix :c:func:`PySSL_SetError` : Modify retval handling logic for handling
SSL_ERROR_SYSCALL.
8 changes: 2 additions & 6 deletions Modules/_ssl.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -645,11 +645,11 @@ PySSL_SetError(PySSLSocket *sslsock, int ret, const char *filename, int lineno)
{
if (e == 0) {
PySocketSockObject *s = GET_SOCKET(sslsock);
if (ret == 0 || (((PyObject *)s) == Py_None)) {
if (((PyObject *)s) == Py_None) {
p = PY_SSL_ERROR_EOF;
type = state->PySSLEOFErrorObject;
errstr = "EOF occurred in violation of protocol";
} else if (s && ret == -1) {
} else {
/* underlying BIO reported an I/O error */
ERR_clear_error();
#ifdef MS_WINDOWS
Expand All @@ -666,10 +666,6 @@ PySSL_SetError(PySSLSocket *sslsock, int ret, const char *filename, int lineno)
type = state->PySSLEOFErrorObject;
errstr = "EOF occurred in violation of protocol";
}
} else { /* possible? */
p = PY_SSL_ERROR_SYSCALL;
type = state->PySSLSyscallErrorObject;
errstr = "Some I/O error occurred";
}
} else {
if (ERR_GET_LIB(e) == ERR_LIB_SSL &&
Expand Down