I am integrating pyOpenSSL to asyncio by reimplementing the SSLContext interface from the Python standard SSL module and all OpenSSL semantics it depends on. I choose this path to avoid overriding asyncio's standard event loops.
To receive SSL traffic I am copying the incoming ssl.MemoryBIO passed by asyncio to SSLContext.wrap_bio() by using Connection.write_bio(). To send SSL traffic I am copying pyOpenSSL's outgoing BIO witn Connection.read_bio() and writing it to asyncio's outgoing ssl.MemoryBIO. I always copy the whole content right before Connection.recv() and right after Connection.send(). The only issue I have now is that application data is lost (in my case HTTP data) when the server sends a TLS close_notify alert right after the application data. When testing with aiohttp HTTP library the connection is taken as closed before the HTTP response be read. When inspecting the error cause aiohttp got SSL.ZeroReturnError from pyOpenSSL which signals TLS shutdown was performed on the connection. On Wireshark I also confirmed the server sent close_notify right after the HTTP response body. This issue doesn't happen when the server doesn't send close_notify (the HTTP server doesn't close the connection after sending the response). I also implemented SSLContext.wrap_socket() to test with blocking sockets, this issue doesn't happen. I tested with urllib and the requests library, in both tests the HTTP response is fully read.
_______________________________________________ Cryptography-dev mailing list Cryptography-dev@python.org https://mail.python.org/mailman/listinfo/cryptography-dev
