Ok I found the issue. The standard SSL module won't propagate up the SSL_ERROR_ZERO_RETURN when the TLS connection is shutting down and the application tries to read data, instead an empty byte string is returned to signal EOF.
Em qui., 29 de set. de 2022 às 20:22, Heraldo Lucena <heraldo....@gmail.com> escreveu: > I am integrating pyOpenSSL to asyncio by reimplementing the SSLContext > interface from the Python standard SSL module and all OpenSSL semantics it > depends on. I choose this path to avoid overriding asyncio's standard event > loops. > > To receive SSL traffic I am copying the incoming ssl.MemoryBIO passed by > asyncio to SSLContext.wrap_bio() by using Connection.write_bio(). > To send SSL traffic I am copying pyOpenSSL's outgoing BIO witn > Connection.read_bio() and writing it to asyncio's outgoing ssl.MemoryBIO. > I always copy the whole content right before Connection.recv() and right > after Connection.send(). > > The only issue I have now is that application data is lost (in my case > HTTP data) when the server sends a TLS close_notify alert right after the > application data. When testing with aiohttp HTTP library the connection is > taken as closed before the HTTP response be read. When inspecting the error > cause aiohttp got SSL.ZeroReturnError from pyOpenSSL which signals TLS > shutdown was performed on the connection. On Wireshark I also confirmed the > server sent close_notify right after the HTTP response body. > > This issue doesn't happen when the server doesn't send close_notify (the > HTTP server doesn't close the connection after sending the response). > > I also implemented SSLContext.wrap_socket() to test with blocking sockets, > this issue doesn't happen. I tested with urllib and the requests library, > in both tests the HTTP response is fully read. >
_______________________________________________ Cryptography-dev mailing list Cryptography-dev@python.org https://mail.python.org/mailman/listinfo/cryptography-dev
