Issue 46322: Invalid file path of SSLKEYLOGFILE throw FileNotFoundError

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

This issue has been migrated to GitHub: https://github.com/python/cpython/issues/90480

classification

Title:	Invalid file path of SSLKEYLOGFILE throw FileNotFoundError
Type:	behavior	Stage:	resolved
Components:	SSL	Versions:	Python 3.11, Python 3.10, Python 3.9

process

Status:	closed	Resolution:
Dependencies:		Superseder:
Assigned To:	christian.heimes	Nosy List:	christian.heimes, ghaaf
Priority:	normal	Keywords:

Created on 2022-01-09 23:53 by ghaaf, last changed 2022-04-11 14:59 by admin. This issue is now closed.

Messages (2)
msg410177 - (view)	Author: SinaGhaaf (ghaaf) *	Date: 2022-01-09 23:53
An existence check of 'keylogfile' is missed at https://github.com/python/cpython/blob/main/Lib/ssl.py#L779, if the file path does not exist, it tries to set 'context.keylog_filename' to an invalid file, and the result would be 'FileNotFoundError'. The following check fixed the issue: if keylogfile and not sys.flags.ignore_environment and os.path.isfile(keylogfile): ``` Traceback (most recent call last): File "test_https.py", line 19, in <module> from test.conftest import ServerConfig File "C:\Check\urllib3-patch-1\src\test\conftest.py", line 12, in <module> from tornado import ioloop, web File "C:\Python38\lib\site-packages\tornado\web.py", line 87, in <module> from tornado.httpserver import HTTPServer File "C:\Python38\lib\site-packages\tornado\httpserver.py", line 32, in <module> from tornado.http1connection import HTTP1ServerConnection, HTTP1ConnectionParameters File "C:\Python38\lib\site-packages\tornado\http1connection.py", line 34, in <module> from tornado import iostream File "C:\Python38\lib\site-packages\tornado\iostream.py", line 40, in <module> from tornado.netutil import ssl_wrap_socket, _client_ssl_defaults, _server_ssl_defaults File "C:\Python38\lib\site-packages\tornado\netutil.py", line 34, in <module> _client_ssl_defaults = ssl.create_default_context(ssl.Purpose.SERVER_AUTH) File "C:\Python38\lib\ssl.py", line 755, in create_default_context context.keylog_filename = keylogfile FileNotFoundError: [Errno 2] No such file or directory: 'D:\\invalid_path\\invalid_file.txt' ```
msg410195 - (view)	Author: Christian Heimes (christian.heimes) *	Date: 2022-01-10 10:03
The code works as intended and design. The keylog file is created in append-only mode when the file does not exist yet. A missing, inaccessible, or read-only directory or an invalid path raise an exception by design. Errors should not pass silently. The error informs the user of a misconfiguration. Would accept a documentation update and a better error message for missing parent directory. Your proposed workaround is not acceptable. Python would no longer create a new keylog file and user would no longer get a hint that their configuration is wrong.

History
Date	User	Action	Args
2022-04-11 14:59:54	admin	set	github: 90480
2022-01-10 11:35:37	ghaaf	set	status: open -> closed stage: resolved
2022-01-10 10:03:51	christian.heimes	set	messages: + msg410195 versions: + Python 3.9, Python 3.10, Python 3.11, - Python 3.8
2022-01-09 23:53:22	ghaaf	create