This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author christian.heimes
Recipients christian.heimes, ned.deily, sivel
Date 2019-05-11.15:37:14
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1557589034.99.0.729700354285.issue36866@roundup.psfhosted.org>
In-reply-to
Content 
Starting with 3.7, all OpenSSL and certificate-related exceptions are derived from SSLError. SSLError is a subclass of OSError. For backwards compatibility, SSLCertVerificationError is both a subclass of SSLError and ValueError.

>>> ssl.CertificateError
<class 'ssl.SSLCertVerificationError'>
>>> ssl.CertificateError.__mro__
(<class 'ssl.SSLCertVerificationError'>, <class 'ssl.SSLError'>, <class 'OSError'>, <class 'ValueError'>, <class 'Exception'>, <class 'BaseException'>, <class 'object'>)

The new behavior is more consistent than the previous. Now all SSL handshake errors are wrapped in URLError. In 3.6 and earlier unsupported TLS version, cipher suite mismatch, and similar were wrapped in URLError. Certificate related issues like untrusted cert, expired cert, hostname verification failure was not wrapped in URLError. You had to check error.reason for SSL-related errors any way.

I like to argue that the ssl module in 3.7 handles exceptions more consistently and is an improvement. The URLError behavior change is an unfortunate but reasonable side effect.

Ned, what do you think?
History
Date User Action Args
2019-05-11 15:37:15christian.heimessetrecipients: + christian.heimes, ned.deily, sivel
2019-05-11 15:37:14christian.heimessetmessageid: <1557589034.99.0.729700354285.issue36866@roundup.psfhosted.org>
2019-05-11 15:37:14christian.heimeslinkissue36866 messages
2019-05-11 15:37:14christian.heimescreate