Message 186437 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	Hiroaki.Kawai
Recipients	Hiroaki.Kawai, neologix, pitrou
Date	2013-04-09.16:03:53
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<CABD3dapvnM+bmDFiN3WuN8D1g-6EkB82GXBMYwAVX61o=pM8OQ@mail.gmail.com>
In-reply-to	<815471122.38534237.1365522275563.JavaMail.root@zimbra10-e2.priv.proxad.net>

Content
I think creating an ssl socket from existing socket from an instance generated by library routine, and replace that socket with ssl socket is very common usage. Injecting wrap_socket is very easy. But injecting unwrap call is not easy. In python 2.6, I got a plain socket.error of "connection reset" (not SSLError) in client side in such situation without unwrap in server side. The same code does not raise exception in python 2.7, which I don't know why... Any way, reading the data in server side will solve the problem, thanks. 2013/4/10 Antoine Pitrou <report@bugs.python.org> > > Antoine Pitrou added the comment: > > > The error looks like : SSLError(8, '_ssl.c:1363: EOF occurred in > > violation > > of protocol') > > But why we see "in violation of protocol" here? > > Because the SSL layer wasn't shutdown cleanly: the TCP connection was > closed while the SSL layer was still active. You have three solutions > around this: > > - you can call unwrap() for a clean SSL shutdown (the server has to call > unwrap() too). > > - you can use suppress_ragged_eofs=True with wrap_socket() > > - you can simply avoid reading past the server's data, which will > solve the problem altogether > > ---------- > > _______________________________________ > Python tracker <report@bugs.python.org> > <http://bugs.python.org/issue17672> > _______________________________________ >

I think creating an ssl socket from existing socket from an instance
generated by library routine, and replace that socket with ssl socket is
very common usage. Injecting wrap_socket is very easy. But injecting unwrap
call is not easy.

In python 2.6, I got a plain socket.error of "connection reset" (not
SSLError) in client side in such situation without unwrap in server side.
The same code does not raise exception in python 2.7, which I don't know
why...

Any way, reading the data in server side will solve the problem, thanks.

2013/4/10 Antoine Pitrou <report@bugs.python.org>

>
> Antoine Pitrou added the comment:
>
> > The error looks like : SSLError(8, '_ssl.c:1363: EOF occurred in
> > violation
> > of protocol')
> > But why we see "in violation of protocol" here?
>
> Because the SSL layer wasn't shutdown cleanly: the TCP connection was
> closed while the SSL layer was still active. You have three solutions
> around this:
>
> - you can call unwrap() for a clean SSL shutdown (the server has to call
> unwrap() too).
>
> - you can use suppress_ragged_eofs=True with wrap_socket()
>
> - you can simply avoid reading past the server's data, which will
> solve the problem altogether
>
> ----------
>
> _______________________________________
> Python tracker <report@bugs.python.org>
> <http://bugs.python.org/issue17672>
> _______________________________________
>

History
Date	User	Action	Args
2013-04-09 16:03:53	Hiroaki.Kawai	set	recipients: + Hiroaki.Kawai, pitrou, neologix
2013-04-09 16:03:53	Hiroaki.Kawai	link	issue17672 messages
2013-04-09 16:03:53	Hiroaki.Kawai	create