# HG changeset patch
# Parent  9a9817458bc80a370f0631f776a7f0cc329d20f0
Issue #23804: Fix SSL zero-length recv() calls to not block and raise EOF

diff -r 9a9817458bc8 Lib/test/test_ssl.py
--- a/Lib/test/test_ssl.py	Sun Jun 26 20:00:51 2016 -0700
+++ b/Lib/test/test_ssl.py	Mon Jun 27 04:28:02 2016 +0000
@@ -2788,20 +2788,13 @@
                         # consume data
                         s.read()
 
+                # read(-1, buffer) is supported, even though read(-1) is not
                 data = b"data"
-
-                # read(-1, buffer) is supported, even though read(-1) is not
                 s.send(data)
                 buffer = bytearray(len(data))
                 self.assertEqual(s.read(-1, buffer), len(data))
                 self.assertEqual(buffer, data)
 
-                # recv/read(0) should return no data
-                s.send(data)
-                self.assertEqual(s.recv(0), b"")
-                self.assertEqual(s.read(0), b"")
-                self.assertEqual(s.read(), data)
-
                 # Make sure sendmsg et al are disallowed to avoid
                 # inadvertent disclosure of data and/or corruption
                 # of the encrypted data stream
@@ -2817,6 +2810,26 @@
 
                 s.close()
 
+        def test_recv_zero(self):
+            server = ThreadedEchoServer(CERTFILE)
+            server.__enter__()
+            self.addCleanup(server.__exit__, None, None)
+            s = socket.create_connection((HOST, server.port))
+            self.addCleanup(s.close)
+            s = ssl.wrap_socket(s, suppress_ragged_eofs=False)
+            self.addCleanup(s.close)
+
+            # recv/read(0) should return no data
+            s.send(b"data")
+            self.assertEqual(s.recv(0), b"")
+            self.assertEqual(s.read(0), b"")
+            self.assertEqual(s.read(), b"data")
+
+            # Should not block if the other end sends no data
+            s.setblocking(False)
+            self.assertEqual(s.recv(0), b"")
+            s.recv_into(bytearray())
+
         def test_nonblocking_send(self):
             server = ThreadedEchoServer(CERTFILE,
                                         certreqs=ssl.CERT_NONE,
diff -r 9a9817458bc8 Misc/NEWS
--- a/Misc/NEWS	Sun Jun 26 20:00:51 2016 -0700
+++ b/Misc/NEWS	Mon Jun 27 04:28:02 2016 +0000
@@ -10,6 +10,9 @@
 Library
 -------
 
+- Issue #23804: Fix SSL zero-length recv() calls to not block and not raise
+  an error about unclean EOF.
+
 - Issue #22115: Added methods trace_add, trace_remove and trace_info in the
   tkinter.Variable class.  They replace old methods trace_variable, trace,
   trace_vdelete and trace_vinfo that use obsolete Tcl commands and might
diff -r 9a9817458bc8 Modules/_ssl.c
--- a/Modules/_ssl.c	Sun Jun 26 20:00:51 2016 -0700
+++ b/Modules/_ssl.c	Mon Jun 27 04:28:02 2016 +0000
@@ -1913,6 +1913,10 @@
         dest = PyBytes_FromStringAndSize(NULL, len);
         if (dest == NULL)
             goto error;
+        if (len == 0) {
+            Py_XDECREF(sock);
+            return dest;
+        }
         mem = PyBytes_AS_STRING(dest);
     }
     else {
@@ -1924,6 +1928,10 @@
                                 "maximum length can't fit in a C 'int'");
                 goto error;
             }
+            if (len == 0) {
+                count = 0;
+                goto done;
+            }
         }
     }