Author vstinner
Recipients asvetlov, cstratak, koobs, matrixise, op368, pablogsal, vstinner, xtreak, yselivanov
Date 2019-03-04.15:00:05
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1551711605.36.0.943226786473.issue35998@roundup.psfhosted.org>
In-reply-to
Content
Interesting code in test_ssl.py:

            except (ConnectionResetError, BrokenPipeError) as e:
                # We treat ConnectionResetError as though it were an
                # SSLError - OpenSSL on Ubuntu abruptly closes the
                # connection when asked to use an unsupported protocol.
                #
                # BrokenPipeError is raised in TLS 1.3 mode, when OpenSSL
                # tries to send session tickets after handshake.
                # https://github.com/openssl/openssl/issues/6342
                self.server.conn_errors.append(str(e))
                if self.server.chatty:
                    handle_error("\n server:  bad connection attempt from " + repr(self.addr) + ":\n")
                self.running = False
                self.close()
                return False

and

                except ConnectionResetError:
                    # XXX: OpenSSL 1.1.1 sometimes raises ConnectionResetError
                    # when connection is not shut down gracefully.
                    if self.server.chatty and support.verbose:
                        sys.stdout.write(
                            " Connection reset by peer: {}\n".format(
                                self.addr)
                        )
                    self.close()
                    self.running = False


Interesting commit:

commit 529525fb5a8fd9b96ab4021311a598c77588b918
Author: Christian Heimes <christian@python.org>
Date:   Wed May 23 22:24:45 2018 +0200

    bpo-33618: Enable TLS 1.3 in tests (GH-7079)
    
    TLS 1.3 behaves slightly different than TLS 1.2. Session tickets and TLS
    client cert auth are now handled after the initialy handshake. Tests now
    either send/recv data to trigger session and client certs. Or tests
    ignore ConnectionResetError / BrokenPipeError on the server side to
    handle clients that force-close the socket fd.
    
    To test TLS 1.3, OpenSSL 1.1.1-pre7-dev (git master + OpenSSL PR
    https://github.com/openssl/openssl/pull/6340) is required.
    
    Signed-off-by: Christian Heimes <christian@python.org>
History
Date User Action Args
2019-03-04 15:00:05vstinnersetrecipients: + vstinner, asvetlov, yselivanov, koobs, matrixise, cstratak, pablogsal, xtreak, op368
2019-03-04 15:00:05vstinnersetmessageid: <1551711605.36.0.943226786473.issue35998@roundup.psfhosted.org>
2019-03-04 15:00:05vstinnerlinkissue35998 messages
2019-03-04 15:00:05vstinnercreate