Message337125
Interesting code in test_ssl.py:
except (ConnectionResetError, BrokenPipeError) as e:
# We treat ConnectionResetError as though it were an
# SSLError - OpenSSL on Ubuntu abruptly closes the
# connection when asked to use an unsupported protocol.
#
# BrokenPipeError is raised in TLS 1.3 mode, when OpenSSL
# tries to send session tickets after handshake.
# https://github.com/openssl/openssl/issues/6342
self.server.conn_errors.append(str(e))
if self.server.chatty:
handle_error("\n server: bad connection attempt from " + repr(self.addr) + ":\n")
self.running = False
self.close()
return False
and
except ConnectionResetError:
# XXX: OpenSSL 1.1.1 sometimes raises ConnectionResetError
# when connection is not shut down gracefully.
if self.server.chatty and support.verbose:
sys.stdout.write(
" Connection reset by peer: {}\n".format(
self.addr)
)
self.close()
self.running = False
Interesting commit:
commit 529525fb5a8fd9b96ab4021311a598c77588b918
Author: Christian Heimes <christian@python.org>
Date: Wed May 23 22:24:45 2018 +0200
bpo-33618: Enable TLS 1.3 in tests (GH-7079)
TLS 1.3 behaves slightly different than TLS 1.2. Session tickets and TLS
client cert auth are now handled after the initialy handshake. Tests now
either send/recv data to trigger session and client certs. Or tests
ignore ConnectionResetError / BrokenPipeError on the server side to
handle clients that force-close the socket fd.
To test TLS 1.3, OpenSSL 1.1.1-pre7-dev (git master + OpenSSL PR
https://github.com/openssl/openssl/pull/6340) is required.
Signed-off-by: Christian Heimes <christian@python.org> |
|
Date |
User |
Action |
Args |
2019-03-04 15:00:05 | vstinner | set | recipients:
+ vstinner, asvetlov, yselivanov, koobs, matrixise, cstratak, pablogsal, xtreak, op368 |
2019-03-04 15:00:05 | vstinner | set | messageid: <1551711605.36.0.943226786473.issue35998@roundup.psfhosted.org> |
2019-03-04 15:00:05 | vstinner | link | issue35998 messages |
2019-03-04 15:00:05 | vstinner | create | |
|