From 99a19441ad05932b0a79d1164b5dcbb1f06678ba Mon Sep 17 00:00:00 2001 From: yevgeny Date: Sun, 11 Feb 2024 16:22:16 +0900 Subject: [PATCH 1/7] gh-110467: Fix EOF occurred in violation of protocol starting Python3.10 on large requests --- Modules/_ssl.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/Modules/_ssl.c b/Modules/_ssl.c index bc302909424227..3fe6fc7ac4e040 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -645,11 +645,11 @@ PySSL_SetError(PySSLSocket *sslsock, int ret, const char *filename, int lineno) { if (e == 0) { PySocketSockObject *s = GET_SOCKET(sslsock); - if (ret == 0 || (((PyObject *)s) == Py_None)) { + if (((PyObject *)s) == Py_None) { p = PY_SSL_ERROR_EOF; type = state->PySSLEOFErrorObject; errstr = "EOF occurred in violation of protocol"; - } else if (s && ret == -1) { + } else { /* underlying BIO reported an I/O error */ ERR_clear_error(); #ifdef MS_WINDOWS @@ -666,10 +666,6 @@ PySSL_SetError(PySSLSocket *sslsock, int ret, const char *filename, int lineno) type = state->PySSLEOFErrorObject; errstr = "EOF occurred in violation of protocol"; } - } else { /* possible? */ - p = PY_SSL_ERROR_SYSCALL; - type = state->PySSLSyscallErrorObject; - errstr = "Some I/O error occurred"; } } else { if (ERR_GET_LIB(e) == ERR_LIB_SSL && From 4101d1a1e6eae7b27074ba152c9e0479e67ca6c8 Mon Sep 17 00:00:00 2001 From: yevgeny Date: Sun, 11 Feb 2024 23:46:10 +0900 Subject: [PATCH 2/7] gh-110467: update server of test_ssl exception handling --- Lib/test/test_ssl.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index 1b18230d83577d..d29b8559703e3c 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -2405,6 +2405,10 @@ def run(self): print( f" Connection reset by peer: {self.addr}" ) + + self.close() + self.running = False + return else: handle_error("Test server failure:\n") try: From bd0cf4fbbe6a02642429c992a78495c442d0e85a Mon Sep 17 00:00:00 2001 From: yevgeny Date: Mon, 12 Feb 2024 01:03:23 +0900 Subject: [PATCH 3/7] gh-110467: update server exception handling of test_ssl --- Lib/test/test_ssl.py | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index d29b8559703e3c..98bfa002ba23c1 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -2397,20 +2397,19 @@ def run(self): self.write(msg.lower()) except OSError as e: # handles SSLError and socket errors - if self.server.chatty and support.verbose: - if isinstance(e, ConnectionError): - # OpenSSL 1.1.1 sometimes raises - # ConnectionResetError when connection is not - # shut down gracefully. - print( - f" Connection reset by peer: {self.addr}" - ) + if isinstance(e, ConnectionError): + # OpenSSL 1.1.1 sometimes raises + # ConnectionResetError when connection is not + # shut down gracefully. + print( + f" Connection reset by peer: {self.addr}" + ) - self.close() - self.running = False - return - else: - handle_error("Test server failure:\n") + self.close() + self.running = False + return + if self.server.chatty and support.verbose: + handle_error("Test server failure:\n") try: self.write(b"ERROR\n") except OSError: From a3ac76b1c385bfc053dd7109ab2f49e1e62aa5ab Mon Sep 17 00:00:00 2001 From: yevgeny Date: Mon, 12 Feb 2024 02:45:08 +0900 Subject: [PATCH 4/7] gh-110467: update test_wrong_cert_tls13, test_pha_required_nocert assertRaisesRegex (append OSError) --- Lib/test/test_ssl.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index 98bfa002ba23c1..2571a491d8a1d9 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -3096,8 +3096,8 @@ def test_wrong_cert_tls13(self): suppress_ragged_eofs=False) as s: s.connect((HOST, server.port)) with self.assertRaisesRegex( - ssl.SSLError, - 'alert unknown ca|EOF occurred' + (ssl.SSLError, OSError), + '(alert unknown ca|EOF occurred|ConnectionResetError)' ): # TLS 1.3 perform client cert exchange after handshake s.write(b'data') @@ -4449,8 +4449,8 @@ def msg_cb(conn, direction, version, content_type, msg_type, data): # test sometimes fails with EOF error. Test passes as long as # server aborts connection with an error. with self.assertRaisesRegex( - ssl.SSLError, - '(certificate required|EOF occurred)' + (ssl.SSLError, OSError), + '(certificate required|EOF occurred|ConnectionResetError)' ): # receive CertificateRequest data = s.recv(1024) From 1af6fb08e7fb20dd98d6979edf105ff60fdd5820 Mon Sep 17 00:00:00 2001 From: yevgeny Date: Mon, 12 Feb 2024 03:34:30 +0900 Subject: [PATCH 5/7] gh-110467: update test_wrong_cert_tls13, test_pha_required_nocert assertRaisesRegex (modify ConnectionResetError -> closed by the remote host) --- Lib/test/test_ssl.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index 2571a491d8a1d9..b336ec7c6c5032 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -3097,7 +3097,7 @@ def test_wrong_cert_tls13(self): s.connect((HOST, server.port)) with self.assertRaisesRegex( (ssl.SSLError, OSError), - '(alert unknown ca|EOF occurred|ConnectionResetError)' + '(alert unknown ca|EOF occurred|closed by the remote host)' ): # TLS 1.3 perform client cert exchange after handshake s.write(b'data') @@ -4450,7 +4450,7 @@ def msg_cb(conn, direction, version, content_type, msg_type, data): # server aborts connection with an error. with self.assertRaisesRegex( (ssl.SSLError, OSError), - '(certificate required|EOF occurred|ConnectionResetError)' + '(certificate required|EOF occurred|closed by the remote host)' ): # receive CertificateRequest data = s.recv(1024) From 76a15521b998f52e1d92ff5d01ac557d351da8d9 Mon Sep 17 00:00:00 2001 From: yevgeny Date: Mon, 12 Feb 2024 04:32:53 +0900 Subject: [PATCH 6/7] add NEWS.d --- .../next/Library/2024-02-11-19-11-54.gh-issue-110467.lIaa2u.rst | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 Misc/NEWS.d/next/Library/2024-02-11-19-11-54.gh-issue-110467.lIaa2u.rst diff --git a/Misc/NEWS.d/next/Library/2024-02-11-19-11-54.gh-issue-110467.lIaa2u.rst b/Misc/NEWS.d/next/Library/2024-02-11-19-11-54.gh-issue-110467.lIaa2u.rst new file mode 100644 index 00000000000000..58e2fb81676d4a --- /dev/null +++ b/Misc/NEWS.d/next/Library/2024-02-11-19-11-54.gh-issue-110467.lIaa2u.rst @@ -0,0 +1,2 @@ +Fix :c:func:`PySSL_SetError` : Modify retval handling logic for handling +SSL_ERROR_SYSCALL. From 87f2a63dea0e31fb1ed4e994fee66569d928ff8b Mon Sep 17 00:00:00 2001 From: "blurb-it[bot]" <43283697+blurb-it[bot]@users.noreply.github.com> Date: Sun, 18 Feb 2024 09:48:12 +0000 Subject: [PATCH 7/7] =?UTF-8?q?=F0=9F=93=9C=F0=9F=A4=96=20Added=20by=20blu?= =?UTF-8?q?rb=5Fit.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../next/Library/2024-02-18-09-48-11.gh-issue-115627.HGchj0.rst | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 Misc/NEWS.d/next/Library/2024-02-18-09-48-11.gh-issue-115627.HGchj0.rst diff --git a/Misc/NEWS.d/next/Library/2024-02-18-09-48-11.gh-issue-115627.HGchj0.rst b/Misc/NEWS.d/next/Library/2024-02-18-09-48-11.gh-issue-115627.HGchj0.rst new file mode 100644 index 00000000000000..86d98db0469de2 --- /dev/null +++ b/Misc/NEWS.d/next/Library/2024-02-18-09-48-11.gh-issue-115627.HGchj0.rst @@ -0,0 +1,2 @@ +Fix :c:func:`PySSL_SetError` : Modify retval handling logic for handling +SSL_ERROR_SYSCALL.