Skip to content

gh-115627: Fix PySSL_SetError handling SSL_ERROR_SYSCALL #115628

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 10 commits into from
Mar 26, 2024
+35 −43
Merged

gh-115627: Fix PySSL_SetError handling SSL_ERROR_SYSCALL #115628

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
0ceea40
gh-115627: Fix PySSL_SetError handling SSL_ERROR_SYSCALL
keepworking Feb 18, 2024
84df935
📜🤖 Added by blurb_it.
blurb-it[bot] Feb 18, 2024
a254edc
Fix PySSL_SetError function argument (remove int ret)
keepworking Feb 19, 2024
a33ec18
Fix PySSL_SetError function for handling socket variable (able to han…
keepworking Feb 19, 2024
3bd7890
Fix NEWS.d (make it user visible)
keepworking Feb 19, 2024
5d5dfa8
Fix test_ssl.py print server log only verbose mode
keepworking Feb 19, 2024
cea4b13
Fix PySSL_SetError function do not reference socketobject for handlin…
keepworking Feb 19, 2024
d97a8d1
Update Misc/NEWS.d/next/Library/2024-02-18-09-50-31.gh-issue-115627.H…
keepworking Feb 19, 2024
567fbcb
Apply suggestions from code review
keepworking Mar 22, 2024
1a30466
Modify assertRaisesRegex for ThreadedEchoServer (append Connection re…
keepworking Mar 22, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 15 additions & 13 deletions Lib/test/test_ssl.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2429,16 +2429,18 @@ def run(self):
self.write(msg.lower())
except OSError as e:
# handles SSLError and socket errors
if isinstance(e, ConnectionError):
# OpenSSL 1.1.1 sometimes raises
# ConnectionResetError when connection is not
# shut down gracefully.
if self.server.chatty and support.verbose:
print(f" Connection reset by peer: {self.addr}")

self.close()
self.running = False
return
if self.server.chatty and support.verbose:
if isinstance(e, ConnectionError):
# OpenSSL 1.1.1 sometimes raises
# ConnectionResetError when connection is not
# shut down gracefully.
print(
f" Connection reset by peer: {self.addr}"
)
else:
handle_error("Test server failure:\n")
handle_error("Test server failure:\n")
try:
self.write(b"ERROR\n")
except OSError:
Expand Down Expand Up @@ -3166,8 +3168,8 @@ def test_wrong_cert_tls13(self):
suppress_ragged_eofs=False) as s:
s.connect((HOST, server.port))
with self.assertRaisesRegex(
ssl.SSLError,
'alert unknown ca|EOF occurred|TLSV1_ALERT_UNKNOWN_CA'
OSError,
'alert unknown ca|EOF occurred|TLSV1_ALERT_UNKNOWN_CA|closed by the remote host|Connection reset by peer'
):
# TLS 1.3 perform client cert exchange after handshake
s.write(b'data')
Expand Down Expand Up @@ -4532,8 +4534,8 @@ def msg_cb(conn, direction, version, content_type, msg_type, data):
# test sometimes fails with EOF error. Test passes as long as
# server aborts connection with an error.
with self.assertRaisesRegex(
ssl.SSLError,
'(certificate required|EOF occurred)'
OSError,
'certificate required|EOF occurred|closed by the remote host|Connection reset by peer'
):
# receive CertificateRequest
data = s.recv(1024)
Expand Down
2 changes: 2 additions & 0 deletions Misc/NEWS.d/next/Library/2024-02-18-09-50-31.gh-issue-115627.HGchj0.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
Fix the :mod:`ssl` module error handling of connection terminate by peer.
It now throws an OSError with the appropriate error code instead of an EOFError.
48 changes: 18 additions & 30 deletions Modules/_ssl.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -599,7 +599,7 @@ PySSL_ChainExceptions(PySSLSocket *sslsock) {
}

static PyObject *
PySSL_SetError(PySSLSocket *sslsock, int ret, const char *filename, int lineno)
PySSL_SetError(PySSLSocket *sslsock, const char *filename, int lineno)
{
PyObject *type;
char *errstr = NULL;
Expand All @@ -612,7 +612,6 @@ PySSL_SetError(PySSLSocket *sslsock, int ret, const char *filename, int lineno)
_sslmodulestate *state = get_state_sock(sslsock);
type = state->PySSLErrorObject;

assert(ret <= 0);
e = ERR_peek_last_error();

if (sslsock->ssl != NULL) {
Expand Down Expand Up @@ -645,32 +644,21 @@ PySSL_SetError(PySSLSocket *sslsock, int ret, const char *filename, int lineno)
case SSL_ERROR_SYSCALL:
{
if (e == 0) {
PySocketSockObject *s = GET_SOCKET(sslsock);
if (ret == 0 || (((PyObject *)s) == Py_None)) {
/* underlying BIO reported an I/O error */
ERR_clear_error();
#ifdef MS_WINDOWS
if (err.ws) {
return PyErr_SetFromWindowsErr(err.ws);
}
#endif
if (err.c) {
errno = err.c;
return PyErr_SetFromErrno(PyExc_OSError);
}
else {
p = PY_SSL_ERROR_EOF;
type = state->PySSLEOFErrorObject;
errstr = "EOF occurred in violation of protocol";
} else if (s && ret == -1) {
/* underlying BIO reported an I/O error */
ERR_clear_error();
#ifdef MS_WINDOWS
if (err.ws) {
return PyErr_SetFromWindowsErr(err.ws);
}
#endif
if (err.c) {
errno = err.c;
return PyErr_SetFromErrno(PyExc_OSError);
}
else {
p = PY_SSL_ERROR_EOF;
type = state->PySSLEOFErrorObject;
errstr = "EOF occurred in violation of protocol";
}
} else { /* possible? */
p = PY_SSL_ERROR_SYSCALL;
type = state->PySSLSyscallErrorObject;
errstr = "Some I/O error occurred";
}
} else {
if (ERR_GET_LIB(e) == ERR_LIB_SSL &&
Expand Down Expand Up @@ -1030,7 +1018,7 @@ _ssl__SSLSocket_do_handshake_impl(PySSLSocket *self)
err.ssl == SSL_ERROR_WANT_WRITE);
Py_XDECREF(sock);
if (ret < 1)
return PySSL_SetError(self, ret, __FILE__, __LINE__);
return PySSL_SetError(self, __FILE__, __LINE__);
if (PySSL_ChainExceptions(self) < 0)
return NULL;
Py_RETURN_NONE;
Expand Down Expand Up @@ -2437,7 +2425,7 @@ _ssl__SSLSocket_write_impl(PySSLSocket *self, Py_buffer *b)

Py_XDECREF(sock);
if (retval == 0)
return PySSL_SetError(self, retval, __FILE__, __LINE__);
return PySSL_SetError(self, __FILE__, __LINE__);
if (PySSL_ChainExceptions(self) < 0)
return NULL;
return PyLong_FromSize_t(count);
Expand Down Expand Up @@ -2467,7 +2455,7 @@ _ssl__SSLSocket_pending_impl(PySSLSocket *self)
self->err = err;

if (count < 0)
return PySSL_SetError(self, count, __FILE__, __LINE__);
return PySSL_SetError(self, __FILE__, __LINE__);
else
return PyLong_FromLong(count);
}
Expand Down Expand Up @@ -2590,7 +2578,7 @@ _ssl__SSLSocket_read_impl(PySSLSocket *self, Py_ssize_t len,
err.ssl == SSL_ERROR_WANT_WRITE);

if (retval == 0) {
PySSL_SetError(self, retval, __FILE__, __LINE__);
PySSL_SetError(self, __FILE__, __LINE__);
goto error;
}
if (self->exc != NULL)
Expand Down Expand Up @@ -2716,7 +2704,7 @@ _ssl__SSLSocket_shutdown_impl(PySSLSocket *self)
}
if (ret < 0) {
Py_XDECREF(sock);
PySSL_SetError(self, ret, __FILE__, __LINE__);
PySSL_SetError(self, __FILE__, __LINE__);
return NULL;
}
if (self->exc != NULL)
Expand Down