This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: failed incoming SSL connection stays open forever
Type: resource usage Stage: resolved
Components: Versions: Python 2.7, Python 2.6
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: Peter.Saveliev, pitrou, python-dev
Priority: normal Keywords:

Created on 2013-05-06 14:27 by Peter.Saveliev, last changed 2022-04-11 14:57 by admin. This issue is now closed.

Files
File name Uploaded Description Edit
ssl_handshake_testcase.py Peter.Saveliev, 2013-05-06 14:27 simple SSL server testcase
Messages (4)
msg188544 - (view) Author: Peter Saveliev (Peter.Saveliev) Date: 2013-05-06 14:27 
Important: only Python2 versions are affected. Python3 works OK.
Possibly related issue: http://bugs.python.org/issue12378 (differs: see the line above)


Having a server with SSLSocket waiting for connections, the incoming connection, failed on automatic do_handshake(), stays open forever — accept() raises the SSLError and does not return client connection socket.

Steps to reproduce
==================

server side:

1. create a SOCK_STREAM socket
2. wrap it with wrap_socket()
3. listen()
4. accept()

client side:

1. telnet to this port
2. enter any random text

How reproducible
================

In all 146%

Expected results
================

1. Incoming connection is closed and client disconnected

Actual results
==============

1. On the server side, due to exception, the reference to the incoming connection gets lost.
2. The client stays connected as long as the server operates.
msg188559 - (view) Author: Peter Saveliev (Peter.Saveliev) Date: 2013-05-06 15:30 
Possible solution would be something like that in SSLSocket.do_handshake():

    try:
        self._sslobj.do_handshake()
    except SSLError as e:  # or even any Exception?
        self._sock.close()
        raise e
msg188582 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2013-05-06 20:14 
Thanks for reporting. For maximum backwards compatibility, the safer fix is to close the socket only in SSLSocket.accept().
Unfortunately I can't think of a way to write a unittest for it, so I'll just commit the fix.
msg188584 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2013-05-06 20:19 
New changeset 85e5a93e534e by Antoine Pitrou in branch '2.7':
Issue #17918: When using SSLSocket.accept(), if the SSL handshake failed on the new socket, the socket would linger indefinitely.
http://hg.python.org/cpython/rev/85e5a93e534e
History
Date User Action Args
2022-04-11 14:57:45adminsetgithub: 62118
2013-05-06 20:20:30pitrousetstatus: open -> closed
resolution: fixed
stage: resolved
2013-05-06 20:19:57python-devsetnosy: + python-dev
messages: + msg188584
2013-05-06 20:14:38pitrousetnosy: + pitrou
messages: + msg188582
2013-05-06 15:30:01Peter.Savelievsetmessages: + msg188559
2013-05-06 14:27:32Peter.Savelievcreate