diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index 1b18230d83577d..b336ec7c6c5032 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -2397,16 +2397,19 @@ def run(self): self.write(msg.lower()) except OSError as e: # handles SSLError and socket errors + if isinstance(e, ConnectionError): + # OpenSSL 1.1.1 sometimes raises + # ConnectionResetError when connection is not + # shut down gracefully. + print( + f" Connection reset by peer: {self.addr}" + ) + + self.close() + self.running = False + return if self.server.chatty and support.verbose: - if isinstance(e, ConnectionError): - # OpenSSL 1.1.1 sometimes raises - # ConnectionResetError when connection is not - # shut down gracefully. - print( - f" Connection reset by peer: {self.addr}" - ) - else: - handle_error("Test server failure:\n") + handle_error("Test server failure:\n") try: self.write(b"ERROR\n") except OSError: @@ -3093,8 +3096,8 @@ def test_wrong_cert_tls13(self): suppress_ragged_eofs=False) as s: s.connect((HOST, server.port)) with self.assertRaisesRegex( - ssl.SSLError, - 'alert unknown ca|EOF occurred' + (ssl.SSLError, OSError), + '(alert unknown ca|EOF occurred|closed by the remote host)' ): # TLS 1.3 perform client cert exchange after handshake s.write(b'data') @@ -4446,8 +4449,8 @@ def msg_cb(conn, direction, version, content_type, msg_type, data): # test sometimes fails with EOF error. Test passes as long as # server aborts connection with an error. with self.assertRaisesRegex( - ssl.SSLError, - '(certificate required|EOF occurred)' + (ssl.SSLError, OSError), + '(certificate required|EOF occurred|closed by the remote host)' ): # receive CertificateRequest data = s.recv(1024) diff --git a/Misc/NEWS.d/next/Library/2024-02-11-19-11-54.gh-issue-110467.lIaa2u.rst b/Misc/NEWS.d/next/Library/2024-02-11-19-11-54.gh-issue-110467.lIaa2u.rst new file mode 100644 index 00000000000000..58e2fb81676d4a --- /dev/null +++ b/Misc/NEWS.d/next/Library/2024-02-11-19-11-54.gh-issue-110467.lIaa2u.rst @@ -0,0 +1,2 @@ +Fix :c:func:`PySSL_SetError` : Modify retval handling logic for handling +SSL_ERROR_SYSCALL. diff --git a/Misc/NEWS.d/next/Library/2024-02-18-09-48-11.gh-issue-115627.HGchj0.rst b/Misc/NEWS.d/next/Library/2024-02-18-09-48-11.gh-issue-115627.HGchj0.rst new file mode 100644 index 00000000000000..86d98db0469de2 --- /dev/null +++ b/Misc/NEWS.d/next/Library/2024-02-18-09-48-11.gh-issue-115627.HGchj0.rst @@ -0,0 +1,2 @@ +Fix :c:func:`PySSL_SetError` : Modify retval handling logic for handling +SSL_ERROR_SYSCALL. diff --git a/Modules/_ssl.c b/Modules/_ssl.c index bc302909424227..3fe6fc7ac4e040 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -645,11 +645,11 @@ PySSL_SetError(PySSLSocket *sslsock, int ret, const char *filename, int lineno) { if (e == 0) { PySocketSockObject *s = GET_SOCKET(sslsock); - if (ret == 0 || (((PyObject *)s) == Py_None)) { + if (((PyObject *)s) == Py_None) { p = PY_SSL_ERROR_EOF; type = state->PySSLEOFErrorObject; errstr = "EOF occurred in violation of protocol"; - } else if (s && ret == -1) { + } else { /* underlying BIO reported an I/O error */ ERR_clear_error(); #ifdef MS_WINDOWS @@ -666,10 +666,6 @@ PySSL_SetError(PySSLSocket *sslsock, int ret, const char *filename, int lineno) type = state->PySSLEOFErrorObject; errstr = "EOF occurred in violation of protocol"; } - } else { /* possible? */ - p = PY_SSL_ERROR_SYSCALL; - type = state->PySSLSyscallErrorObject; - errstr = "Some I/O error occurred"; } } else { if (ERR_GET_LIB(e) == ERR_LIB_SSL &&