[issue33091] ssl.SSLError: Invalid error code (_ssl.c:2217)

Fri, 16 Mar 2018 14:22:13 -0700 

New submission from Alfred Krohmer <[email protected]>:

OpenSSL version: 1.1.0.g-1
OS: Arch Linux

I'm creating an SSL socket like this:

    s = socket.create_connection((self.host, 443), 60)
    c = ssl.create_default_context()
    c.set_alpn_protocols(['spdy/2'])
    self.ss = c.wrap_socket(s, server_hostname=self.host)

I'm then reading from the socket in one thread and writing to it in another 
thread.

I'm experiencing strange behaviour.

Sometimes I randomly get the error message in the title when invoking 
self.ss.recv(). After investigating the exception, I found that exc.errno = 10, 
which, according to the OpenSSL documentation means SSL_ERROR_WANT_ASYNC_JOB. 
This constant is never used in the _ssl.c file in cpython. This seems to me 
like an OpenSSL error that needs to be handled in the Python implementation but 
is not.

Also sometimes I have random write timeouts when invoking self.ss.send() (in 
those cases it seems unlikely to me that those are caused by the server).

Also I found here:

https://github.com/python/cpython/blob/v3.6.4/Modules/_ssl.c#L2184

that Python uses SSL_get_error in an non-mutex locked section. But the OpenSSL 
documentation of SSL_get_error states the following:

    In addition to ssl and ret, SSL_get_error() inspects the current thread's 
OpenSSL error queue. Thus, SSL_get_error() must be used in the same thread that 
performed the TLS/SSL I/O operation, and no other OpenSSL function calls should 
appear in between. The current thread's error queue must be empty before the 
TLS/SSL I/O operation is attempted, or SSL_get_error() will not work reliably.

According to that, shouldn't the _PySSL_UPDATE_ERRNO_IF macro be called *after* 
PySSL_END_ALLOW_THREADS?

----------
assignee: christian.heimes
components: SSL
messages: 313973
nosy: christian.heimes, devkid
priority: normal
severity: normal
status: open
title: ssl.SSLError: Invalid error code (_ssl.c:2217)
type: behavior
versions: Python 3.6

_______________________________________
Python tracker <[email protected]>
<https://bugs.python.org/issue33091>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Reply via email to