SSLContext.wrap_socket() throws OSError with errno == 0 #75305
Comments
|
With a particularly atrocious network connection, I often get the following exception: File "/usr/lib/python3/dist-packages/dugong/init.py", line 503, in connect I don't think an error with errno == 0 should ever be raised by Python. |
nikratio
mannequin
added
topic-SSL
type-bug
|
It might help if you explained what “atrocities” are happening on your network. Is there a proxy or man-in-the-middle (or the remote peer) that shuts down TCP connections? If so, perhaps this is similar to bpo-10808. From my memory, in that case an OS “recv” or “read” call returns zero to indicate a connection was shut down. Python and/or Open SSL correctly treats this as an error, but then assumes “errno” is valid. Perhaps Python should be raising SSLEOFError in this situation. Maybe also check the “suppress_ragged_eofs” setting, but I think that only affects later stages, after the handshake succeeds. |
|
Regarding "atrocious connection": I wish I knew, but I have no control of the connection. All I can tell is that there are frequent disconnects, occasional latency spikes, my remote ip address seems to change frequently (while the apparent local one stays as-is, so presumably some NAT in between), temporary bandwidth drops, etc. |
|
We have an easy reproduction of this "[Errno 0] Error" on the server side in tornadoweb/tornado#2504 (comment) It is triggered by a connection from I'm going to add "errno 0" to the list of errors that Tornado should swallow silently here, so if you're trying to reproduce this in the future use Tornado 5.1.1. |
|
This flakiness just caused a PR merge to be blocked by AppVeyor for me: ====================================================================== Traceback (most recent call last):
File "C:\projects\cpython\lib\test\test_nntplib.py", line 242, in wrapped
meth(self)
File "C:\projects\cpython\lib\test\test_nntplib.py", line 264, in test_with_statement
with self.NNTP_CLASS(self.NNTP_HOST, timeout=TIMEOUT, usenetrc=False) as server:
File "C:\projects\cpython\lib\nntplib.py", line 1077, in __init__
self.sock = _encrypt_on(self.sock, ssl_context, host)
File "C:\projects\cpython\lib\nntplib.py", line 292, in _encrypt_on
return context.wrap_socket(sock, server_hostname=hostname)
File "C:\projects\cpython\lib\ssl.py", line 405, in wrap_socket
return self.sslsocket_class._create(
File "C:\projects\cpython\lib\ssl.py", line 853, in _create
self.do_handshake()
File "C:\projects\cpython\lib\ssl.py", line 1117, in do_handshake
self._sslobj.do_handshake()
OSError: [Errno 0] Errorhttps://ci.appveyor.com/project/python/cpython/builds/21299396 I lucked out by kicking it with a no-op change to re-trigger an appveyor run where it passed. |
|
In the CherryPy project it is also observed on Windows with Python 3,7.2. |
|
I volunteer to test the theory that the connection is closed mid-flight. |
|
Rejoice: https://github.com/dimaqq/bpo-31122 |
|
I've traced it down to here: Lines 791 to 798 in be501ca
I'm a bit suspicious about I'm thinking to just change that to SSLEOFError, but I wonder if something else might break? |
|
#18772 posted |
|
If someone can review #18772 then pretty-please review 🙏 |
|
I know Christian is very busy, so what can I do to have this patch reviewed?
|
|
Would anyone be able to review this? People keep reporting this bug in my project. |
|
Thanks! fyi for confirmation incase anyone doubted: >>> issubclass(ssl.SSLEOFError, OSError)
TrueSo from a code point of view, anything already catching the error still catches the error. 100% bugfix. |
|
While this is present in 3.7 (and earlier?), 3.7 is EOL - security fix only stage. the 3.8 and 3.9 PRs should automerge after CI finishes. please reopen the issue or ping me on those PRs if they somehow fail to do so. |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: