This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: Python SSL module does not clear error queue before IO operations using SSL_get_error
Type: Stage:
Components: SSL Versions: Python 3.9, Python 3.8, Python 3.7, Python 3.6, Python 3.5
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: christian.heimes Nosy List: Andrew Collins, christian.heimes
Priority: normal Keywords:

Created on 2019-07-29 21:17 by Andrew Collins, last changed 2022-04-11 14:59 by admin.

Messages (1)
msg348684 - (view) Author: Andrew Collins (Andrew Collins) Date: 2019-07-29 21:17 
Per the OpenSSL documentation:

"The current thread's error queue must be empty before the TLS/SSL I/O operation is attempted, or SSL_get_error() will not work reliably."

https://www.openssl.org/docs/man1.1.1/man3/SSL_get_error.html

Modules/_ssl.c does clear errors on socket creation, and upon handling an error itself, but does not clear before IO operations that are checked with SSL_get_error.

When using OpenSSL outside of Modules/_ssl.c in the same process context (for example, using libssh through python bindings), this can results in random ssl errors being picked up by Modules/_ssl.c.
History
Date User Action Args
2022-04-11 14:59:18adminsetgithub: 81891
2019-07-29 21:17:25Andrew Collinscreate