[jira] [Created] (THRIFT-4274) Python feature tests for SSL/TLS failing

Mon, 31 Jul 2017 03:37:29 -0700 

Håkon Hitland created THRIFT-4274:
-------------------------------------

             Summary: Python feature tests for SSL/TLS failing
                 Key: THRIFT-4274
                 URL: https://issues.apache.org/jira/browse/THRIFT-4274
             Project: Thrift
          Issue Type: Bug
          Components: Python - Library
         Environment: Arch Linux, Python 3.6.2, OpenSSL 1.1.0.f
            Reporter: Håkon Hitland
            Priority: Minor


{{make cross}} fails on the Python feature tests {{py-nosslv3}} and {{py-tls}}, 
as the test server exits with a stack trace like
{noformat}
Traceback (most recent call last):
  File "/thrift/test/py/TestServer.py", line 315, in <module>
    sys.exit(main(options))
  File "/thrift/test/py/TestServer.py", line 268, in main
    server.serve()
  File "/thrift/lib/py/build/lib.linux-x86_64-3.6/thrift/server/TServer.py", 
line 76, in serve
    client = self.serverTransport.accept()
  File 
"/thrift/lib/py/build/lib.linux-x86_64-3.6/thrift/transport/TSSLSocket.py", 
line 370, in accept
    client = self._wrap_socket(plain_client)
  File 
"/thrift/lib/py/build/lib.linux-x86_64-3.6/thrift/transport/TSSLSocket.py", 
line 184, in _wrap_socket
    server_hostname=self._server_hostname)
  File "/usr/lib/python3.6/ssl.py", line 401, in wrap_socket
    _context=self, _session=session)
  File "/usr/lib/python3.6/ssl.py", line 808, in __init__
    self.do_handshake()
  File "/usr/lib/python3.6/ssl.py", line 1061, in do_handshake
    self._sslobj.do_handshake()
  File "/usr/lib/python3.6/ssl.py", line 683, in do_handshake
    self._sslobj.do_handshake()
OSError: [Errno 0] Error
{noformat}

This seems to be caused by {{ensure_socket_open}} in 
{{test/crossrunner/run.py}}, which will make a connection and immediately close 
the socket without completing the handshake.
On the server side this causes an {{OSError}} to be thrown from 
{{SSLContext.wrap_socket()}}, which is not caught in 
{{TSSLServerSocket.accept()}}.

This works on older installations, so presumably either Python or OpenSSL has 
changed to cause an {{OSError}} instead of a {{SSLError}}.

Catching {{OSError}} in {{accept()}} and handling it the same as {{SSLError}} 
looks like a reasonable fix.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to