classification
Title: SSL handshake fails after TCP connection in getpeername()
Type: behavior Stage:
Components: Library (Lib) Versions: Python 3.1, Python 3.2
process
Status: closed Resolution: out of date
Dependencies: Superseder:
Assigned To: janssen Nosy List: ddvoinikov, giampaolo.rodola, janssen, pitrou, twhitema, vstinner
Priority: normal Keywords:

Created on 2008-10-22 11:37 by ddvoinikov, last changed 2010-05-08 14:05 by pitrou. This issue is now closed.

Messages (12)
msg75077 - (view) Author: Dmitry Dvoinikov (ddvoinikov) Date: 2008-10-22 11:37
If I connect a TCP socket s using regular s.connect(), then wrap it
using ssl.wrap_socket(s) and call do_handshake on the resulting SSL
socket, handshake fails in ssl.py:320 with 

AttributeError: 'NoneType' object has no attribute 'do_handshake'

The problem is that when TCP socket is being wrapped in ssl.py:116, it
is not recognized as connected by a call to getpeername(), the exception
thrown in ssl.py:116 and silenced is this:

[Errno 10057] A request to send or receive data was disallowed because
the socket is not connected and (when sending on a datagram socket using
a sendto call) no address was supplied

This is awkward, because synchronous s.connect() has just returned
successfully. Even more weird, if I insert s.getpeername() between TCP
connect() and SSL do_handshake() the latter works fine.

Here is a working sample:

-------------------------------

from socket import socket, AF_INET, SOCK_STREAM
from ssl import wrap_socket, PROTOCOL_TLSv1, CERT_NONE

def test_handshake(address, WORKAROUND):

    s = socket(AF_INET, SOCK_STREAM)
    s.settimeout(3.0)
    s.connect(address)

    if WORKAROUND:
        s.getpeername()

    ssl = wrap_socket(s, server_side = False,
                      ssl_version = PROTOCOL_TLSv1,
                      cert_reqs = CERT_NONE,
                      do_handshake_on_connect = False)
    ssl.do_handshake()

address = ("www.amazon.com", 443)

test_handshake(address, True) # with workaround
print("worked so far")
test_handshake(address, False)
print("but not here it didn't")

-------------------------------

I'm using Python 3.0rc1 under Windows.
msg75674 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2008-11-10 00:25
I'm unable to reproduce the bug on Python 3.0 svn trunk. Can you retry
with Python 3.0rc2 please?
msg75675 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2008-11-10 00:36
(I tried your code on Linux and no exception is raised)
msg75681 - (view) Author: Dmitry Dvoinikov (ddvoinikov) Date: 2008-11-10 04:59
Same thing on Python 3.0rc2:

C:\TEMP>python test.py
worked so far
Traceback (most recent call last):
  File "1.py", line 23, in <module>
    test_handshake(address, False)
  File "1.py", line 17, in test_handshake
    ssl.do_handshake()
  File "C:\Python30\lib\ssl.py", line 327, in do_handshake
    self._sslobj.do_handshake()
AttributeError: 'NoneType' object has no attribute 'do_handshake'
msg75682 - (view) Author: Dmitry Dvoinikov (ddvoinikov) Date: 2008-11-10 05:00
1.py == test.py obviously :)
msg104189 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2010-04-26 00:30
What happens if you remove the call to settimeout()?
Also, it would be nice if you could try with the latest py3k checkout. There's a couple of fixes for do_handshake there (including timeout issues).
msg104196 - (view) Author: Dmitry Dvoinikov (ddvoinikov) Date: 2010-04-26 04:52
The problem does not reproduce in 3.1.1 nor in 3.1.2
(either x86 or x64).

Antoine Pitrou пишет:
> Antoine Pitrou <pitrou@free.fr> added the comment:
> 
> What happens if you remove the call to settimeout()?
> Also, it would be nice if you could try with the latest py3k checkout. There's a couple of fixes for do_handshake there (including timeout issues).
> 
> ----------
> nosy: +pitrou
> priority:  -> normal
> versions: +Python 3.1, Python 3.2 -Python 3.0
> 
> _______________________________________
> Python tracker <report@bugs.python.org>
> <http://bugs.python.org/issue4171>
> _______________________________________
>
msg104206 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2010-04-26 09:56
Ok, so I think we can close the issue then. Thank you!
msg105228 - (view) Author: Dmitry Dvoinikov (ddvoinikov) Date: 2010-05-07 20:58
Well, I'm sorry to bring this up again, but the problem persists
with Python 3.1.2 (x86, Windows XP). The difference with the
test script behaviour is that now it doesn't break every time.
Perhaps this is the reason I said the problem was gone.
In fact, now that I run the aforementioned script I may get

worked so far
but not here it didn't

and some other time I may get

worked so far
Traceback (most recent call last):
  File "test.py", line 23, in <module>
    test_handshake(address, False)
  File "test.py", line 17, in test_handshake
    ssl.do_handshake()
  File "C:\Python31\lib\ssl.py", line 327, in do_handshake
    self._sslobj.do_handshake()
AttributeError: 'NoneType' object has no attribute 'do_handshake'

and the outcome is unpredictable. It may work many times in a row
and it may break many times in a row.

If this is of any relevance, I've had pywin32-2.14 installed since.
msg105231 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2010-05-07 21:24
Are you able to compile a fresh checkout of either the py3k or release3.1-maint branch? A bunch of fixes have been committed recently, some of which may (or even should) address your issue.
msg105266 - (view) Author: Dmitry Dvoinikov (ddvoinikov) Date: 2010-05-08 06:21
Checked out and built revision 80956 of py3k against OpenSSL 0.9.8n. Here is the banner:

Python 3.2a0 (py3k:80956, May  8 2010, 11:31:45) [MSC v.1500 32 bit (Intel)] on win32

Now, the breaking script appears not to be breaking any more, even though I tried it in a loop, a 1000 attempts to execute were all successful. 

It seems to be fine now, thank you for your help.
msg105289 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2010-05-08 14:05
Thank you!
History
Date User Action Args
2010-05-08 14:05:08pitrousetstatus: open -> closed

messages: + msg105289
2010-05-08 06:21:17ddvoinikovsetmessages: + msg105266
2010-05-07 21:24:37pitrousetmessages: + msg105231
2010-05-07 20:58:23ddvoinikovsetstatus: closed -> open

messages: + msg105228
2010-04-26 09:56:41pitrousetstatus: open -> closed
resolution: out of date
messages: + msg104206
2010-04-26 04:52:52ddvoinikovsetmessages: + msg104196
2010-04-26 00:30:24pitrousetpriority: normal
versions: + Python 3.1, Python 3.2, - Python 3.0
nosy: + pitrou

messages: + msg104189
2008-11-10 05:00:35ddvoinikovsetmessages: + msg75682
2008-11-10 04:59:17ddvoinikovsetmessages: + msg75681
2008-11-10 00:36:33vstinnersetmessages: + msg75675
2008-11-10 00:25:55vstinnersetnosy: + vstinner
messages: + msg75674
2008-11-09 21:07:16twhitemasetnosy: + twhitema
2008-10-24 19:53:50janssensetassignee: janssen
2008-10-23 19:31:32giampaolo.rodolasetnosy: + janssen, giampaolo.rodola
2008-10-22 11:37:22ddvoinikovcreate