Issue31711
Created on 2017-10-06 09:43 by joernheissler, last changed 2022-04-11 14:58 by admin. This issue is now closed.
| Files | ||||
|---|---|---|---|---|
| File name | Uploaded | Description | Edit | |
| client.py | joernheissler, 2017-10-06 09:42 | |||
| Pull Requests | |||
|---|---|---|---|
| URL | Status | Linked | Edit |
| PR 7559 | closed | python-dev, 2018-06-09 14:03 | |
| PR 17671 | closed | choyos, 2019-12-23 17:55 | |
| Messages (8) | |||
|---|---|---|---|
| msg303810 - (view) | Author: Jörn Heissler (joernheissler) * | Date: 2017-10-06 09:42 | |
Traceback (most recent call last):
File "client.py", line 10, in <module>
conn.send(b'')
File "/usr/lib/python3.6/ssl.py", line 941, in send
return self._sslobj.write(data)
File "/usr/lib/python3.6/ssl.py", line 642, in write
return self._sslobj.write(data)
ssl.SSLEOFError: EOF occurred in violation of protocol (_ssl.c:2074)
This error is not what I expected. I expected a noop instead.
My guess is, that python calls SSL_write (3.6 branch, _ssl.c:2038) with that empty buffer.
The manpage states: "When calling SSL_write() with num=0 bytes to be sent the behaviour is undefined."
This undefined behaviour should either be documented in python, or defined to either raise an exception (ValueError?) or defined as a noop. I'd prefer the latter.
|
|||
| msg312898 - (view) | Author: Christian Heimes (christian.heimes) *  |
Date: 2018-02-26 09:06 | |
It's a bit too late to change the behavior of send(). Let's document the issue instead. |
|||
| msg312903 - (view) | Author: Nathaniel Smith (njs) * |
Date: 2018-02-26 09:42 | |
If openssl says the behavior is undefined, then don't we have to first make it defined before we can document it? And if we're going to detect this case and guarantee some behavior, making it a no-op like it is on regular sockets seems the way to go... |
|||
| msg312908 - (view) | Author: Christian Heimes (christian.heimes) * |
Date: 2018-02-26 09:57 | |
The message "EOF occurred in violation of protocol" is set by Python. Python maps SSL_ERROR_SYSCALL with SSL error code == 0 and len == 0 to that error message. https://github.com/python/cpython/blob/master/Modules/_ssl.c#L682-L689 https://github.com/python/cpython/blob/master/Modules/_ssl.c#L2263 I don't know why the code was implemented that way. |
|||
| msg312956 - (view) | Author: Nathaniel Smith (njs) * |
Date: 2018-02-26 20:54 | |
My point is that SSL_write(3ssl) says "WARNING: When calling SSL_write() with num=0 bytes to be sent the behaviour is undefined." Apparently on the particular openssl you're looking at, it gives SSL_ERROR_SYSCALL with error code == 0 and len == 0, but the openssl devs claim this is some arbitrary thing that shouldn't be depended on. Just as a general principle it would be nice if performing ordinary operations on an SSLSocket from Python did not invoke undefined behavior :-) |
|||
| msg346525 - (view) | Author: Shivaram Lingamneni (slingamn) * | Date: 2019-06-25 13:13 | |
Are there any possible next steps on this? This issue is very counterintuitive and challenging to debug --- it commonly presents as a nondeterministic edge case, and it appears to be a failed system call but doesn't show up in strace. Thanks for your time. |
|||
| msg358830 - (view) | Author: Jörn Heissler (joernheissler) * | Date: 2019-12-23 18:47 | |
Manpage (openssl 1.1.1d) now states: You should not call SSL_write() with num=0, it will return an error. SSL_write_ex() can be called with num=0, but will not send application data to the peer. SSL_write_ex was added in 1.1.1 So it looks like openssl cleaned up another mistake by defining SSL_write_ex's behaviour to be a noop. |
|||
| msg391357 - (view) | Author: Christian Heimes (christian.heimes) * |
Date: 2021-04-19 04:01 | |
Thanks to PEP 644 the issue will be fixed in 3.10 by using SSL_read_ex and SSL_write_ex() functions. I couldn't use the functions earlier because Python had to support older OpenSSL versions and LibreSSL. See https://github.com/python/cpython/pull/25468 and bpo-42854 |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:58:53 | admin | set | github: 75892 |
| 2021-04-19 04:01:15 | christian.heimes | set | status: open -> closed versions: + Python 3.10, - Python 2.7, Python 3.6, Python 3.7, Python 3.8 superseder: OpenSSL 1.1.1: use SSL_write_ex() and SSL_read_ex() messages: + msg391357 resolution: fixed |
| 2019-12-23 18:47:33 | joernheissler | set | messages: + msg358830 |
| 2019-12-23 17:55:43 | choyos | set | pull_requests: + pull_request17144 |
| 2019-06-25 13:13:22 | slingamn | set | nosy:
+ slingamn messages: + msg346525 |
| 2018-06-09 14:03:22 | python-dev | set | keywords:
+ patch stage: needs patch -> patch review pull_requests: + pull_request7191 |
| 2018-02-26 20:54:16 | njs | set | messages: + msg312956 |
| 2018-02-26 09:57:24 | christian.heimes | set | messages: + msg312908 |
| 2018-02-26 09:42:33 | njs | set | messages: + msg312903 |
| 2018-02-26 09:06:41 | christian.heimes | set | assignee: christian.heimes -> docs@python components: + Documentation versions: + Python 2.7, Python 3.7, Python 3.8 nosy: + alex, janssen, dstufft, docs@python, njs messages:
+ msg312898 |
| 2017-10-06 09:43:00 | joernheissler | create | |