subject:"\[issue37535\] Client SSLSocket with select.select\(\) always returns readable with OpenSSL 1.1.1"

[issue37535] Client SSLSocket with select.select() always returns readable with OpenSSL 1.1.1

2019-12-10 Thread Wator Sead



Wator Sead  added the comment:

So, that means there are some additional optional operations after 
do_handshake(), the data is needed. Thanks for explanation!

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue37535] Client SSLSocket with select.select() always returns readable with OpenSSL 1.1.1

2019-12-09 Thread Christian Heimes



Christian Heimes  added the comment:

do_handshake() performs just the handshake. TLS protocol can send or receive 
additional protocol data after the handshake, e.g. alerts, rekeying or 
renegotiation. The example just happened to not trigger these in TLS 1.2. TLS 
makes non-blocking IO more complicated.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue37535] Client SSLSocket with select.select() always returns readable with OpenSSL 1.1.1

2019-12-09 Thread Wator Sead



Wator Sead  added the comment:

Thanks for explanation, I understand what the reason is. But why do_handshake() 
not clear of useless data buffer after it is completed? I think that must be 
easy to do.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue37535] Client SSLSocket with select.select() always returns readable with OpenSSL 1.1.1

2019-12-09 Thread Christian Heimes



Christian Heimes  added the comment:

The problem is caused by the way how TLS 1.3 works. Select considers a TLS 1.3 
socket as readable after the handshake, because there is still data on the 
line. The server is sending session tickets (usually two) after the handshake 
has been performed. If you set "context.num_tickets = 0" in server.py or 
"context.maximum_version = ssl.TLSVersion.TLSv1_2" in either server.py or 
client.py, your script works. Ticket #37120 has more information on that.

Session tickets are low-level TLS protocol elements. Methods like 
SSLSocket.pending() and SSLSocket.recv() only act on high-level application 
protocol data. That's why pending() returns 0 and recv() is blocking. There is 
no application data available.

You have to take another approach and follow the guidelines in 
https://docs.python.org/3/library/ssl.html#notes-on-non-blocking-sockets . You 
also have to set the SSLSocket into non-blocking mode and handle 
SSLWantWriteError or SSLWantReadError.

--
resolution:  -> wont fix
stage:  -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue37535] Client SSLSocket with select.select() always returns readable with OpenSSL 1.1.1

2019-12-09 Thread Wator Sead



Wator Sead  added the comment:

All new releases which include an OpenSSL version above 1.1.1 has the same 
issue. Can anybody fix it? Thanks a lot!

--
nosy: +seahoh
versions: +Python 3.5, Python 3.8, Python 3.9

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue37535] Client SSLSocket with select.select() always returns readable with OpenSSL 1.1.1

2019-07-09 Thread Dean



New submission from Dean :

Hi, I've come across an issue with OpenSSL 1.1.1, when a client socket wrapped 
using ssl.wrap_socket() is used in select.select() its always returning ready 
for reading even though there appears to be nothing to read.

To reproduce:
0. Extract files from attached zip
1. Run server.py
2. Run client.py

I expect client.py to print "Nothing to read" and then b'\x00\x01\x02\x03', 
which it does with Python 2.7.14, 3.6.8 and 3.7.3 and OpenSSL 1.0.1f and 
1.1.0g. 

With OpenSSL 1.1.1 it prints 'Pending: 0' and blocks on the sock.recv(1) call.

Thanks!

--
assignee: christian.heimes
components: SSL
files: ssl_select.zip
messages: 347595
nosy: christian.heimes, 
priority: normal
severity: normal
status: open
title: Client SSLSocket with select.select() always returns readable with 
OpenSSL 1.1.1
type: behavior
versions: Python 2.7, Python 3.6, Python 3.7
Added file: https://bugs.python.org/file48464/ssl_select.zip

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue37535] Client SSLSocket with select.select() always returns readable with OpenSSL 1.1.1

[issue37535] Client SSLSocket with select.select() always returns readable with OpenSSL 1.1.1

[issue37535] Client SSLSocket with select.select() always returns readable with OpenSSL 1.1.1

[issue37535] Client SSLSocket with select.select() always returns readable with OpenSSL 1.1.1

[issue37535] Client SSLSocket with select.select() always returns readable with OpenSSL 1.1.1

[issue37535] Client SSLSocket with select.select() always returns readable with OpenSSL 1.1.1

6 matches

Site Navigation

Mail list logo

Footer information