[
https://issues.apache.org/jira/browse/THRIFT-4274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16107128#comment-16107128
]
ASF GitHub Bot commented on THRIFT-4274:
GitHub user zhaakhi opened a pull request:
https://github.com/apache/thrift/pull/1321
THRIFT-4274: Catch OSError in TSSLServerSocket.accept()
wrap_socket can raise OSError instead of SSLError when receiving an
invalid connection attempt, which if not caught crashes TSimpleServer
and causes the feature tests to fail.
This only seems to happen on newer versions of either OpenSSL or Python, so
the Travis tests would not catch this.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/zhaakhi/thrift THRIFT-4274
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/thrift/pull/1321.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #1321
commit b4e9c8b5726c0f7fa9de314fb452073f3d36bc61
Author: Håkon Hitland
Date: 2017-07-31T10:39:52Z
THRIFT-4274: Catch OSError in TSSLServerSocket.accept()
wrap_socket can raise OSError instead of SSLError when receiving an
invalid connection attempt, which if not caught crashes TSimpleServer
and causes the feature tests to fail.
> Python feature tests for SSL/TLS failing
>
>
> Key: THRIFT-4274
> URL: https://issues.apache.org/jira/browse/THRIFT-4274
> Project: Thrift
> Issue Type: Bug
> Components: Python - Library
> Environment: Arch Linux, Python 3.6.2, OpenSSL 1.1.0.f
>Reporter: Håkon Hitland
>Priority: Minor
>
> {{make cross}} fails on the Python feature tests {{py-nosslv3}} and
> {{py-tls}}, as the test server exits with a stack trace like
> {noformat}
> Traceback (most recent call last):
> File "/thrift/test/py/TestServer.py", line 315, in
> sys.exit(main(options))
> File "/thrift/test/py/TestServer.py", line 268, in main
> server.serve()
> File "/thrift/lib/py/build/lib.linux-x86_64-3.6/thrift/server/TServer.py",
> line 76, in serve
> client = self.serverTransport.accept()
> File
> "/thrift/lib/py/build/lib.linux-x86_64-3.6/thrift/transport/TSSLSocket.py",
> line 370, in accept
> client = self._wrap_socket(plain_client)
> File
> "/thrift/lib/py/build/lib.linux-x86_64-3.6/thrift/transport/TSSLSocket.py",
> line 184, in _wrap_socket
> server_hostname=self._server_hostname)
> File "/usr/lib/python3.6/ssl.py", line 401, in wrap_socket
> _context=self, _session=session)
> File "/usr/lib/python3.6/ssl.py", line 808, in __init__
> self.do_handshake()
> File "/usr/lib/python3.6/ssl.py", line 1061, in do_handshake
> self._sslobj.do_handshake()
> File "/usr/lib/python3.6/ssl.py", line 683, in do_handshake
> self._sslobj.do_handshake()
> OSError: [Errno 0] Error
> {noformat}
> This seems to be caused by {{ensure_socket_open}} in
> {{test/crossrunner/run.py}}, which will make a connection and immediately
> close the socket without completing the handshake.
> On the server side this causes an {{OSError}} to be thrown from
> {{SSLContext.wrap_socket()}}, which is not caught in
> {{TSSLServerSocket.accept()}}.
> This works on older installations, so presumably either Python or OpenSSL has
> changed to cause an {{OSError}} instead of a {{SSLError}}.
> Catching {{OSError}} in {{accept()}} and handling it the same as {{SSLError}}
> looks like a reasonable fix.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
