Kristján Valur Jónsson added the comment:
fyi, I just observed this in the field in 2.7.3 using requests 2.5.3
I don't think requests has a workaround for 2.7 from reading the release logs.
--
nosy: +kristjan.jonsson
___
Python tracker
Roundup Robot added the comment:
New changeset e6b962fa44bb by Antoine Pitrou in branch 'default':
Issue #13721: SSLSocket.getpeercert() and SSLSocket.do_handshake() now raise an
OSError with ENOTCONN, instead of an AttributeError, when the SSLSocket is not
connected.
Antoine Pitrou added the comment:
Ok, this is fixed now. Thanks for the comments!
--
resolution: - fixed
stage: needs patch - committed/rejected
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13721
Antoine Pitrou added the comment:
Ok, so this is a slightly annoying issue, but which isn't critical since
there's a workaround (catch the AttributeError). Therefore I'm inclined not to
change the behaviour in a bugfix release, for fear of regressions for people
who are used to the
Ben Darnell added the comment:
That proposal sounds good to me. I agree that any change here should target
3.4, not backports to older versions.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13721
Ben Darnell added the comment:
We found a related issue with Tornado:
https://github.com/facebook/tornado/pull/750
We call wrap_socket with do_handshake_on_connect=False and then call
do_handshake when the socket is ready. If the getpeername call in wrap_socket
fails with ENOTCONN because
Mads Kiilerich m...@kiilerich.com added the comment:
I won't claim to know more about socket error codes than what the Linux man
pages says. According to them only send() can fail with ECONNRESET, even though
POSIX Programmer's Manual man pages mentions many others. getpeername() is
however
Antoine Pitrou pit...@free.fr added the comment:
The only way to reliably implement the documented wrap_socket API
might thus be to maintain a flag in PySocketSockObject.
Agreed. With the annoyance that the flag must be exposed to Python code,
since ssl's wrap_socket is written in Python. It
Mads Kiilerich m...@kiilerich.com added the comment:
I'm a bit wary of API bloat here.
Yes, but explicit is better than magic ...
Thanks. So fixing how getpeercert behaves and either raise a dedicated
error or return None would improve things here, right?
Well ... that would at least make
Antoine Pitrou pit...@free.fr added the comment:
A return value of None would still not indicate if we had a working
connection without certificate or a failed connection. That would be
annoying.
Ah, right. Then raising e.g. a ValueError would be better.
--
Mads Kiilerich m...@kiilerich.com added the comment:
I would find ValueError surprising here. socket.error or SSLError would be less
surprising ... even though it technically isn't completely true. But isn't it
more like a kind of RuntimeError to call getpeercert after the socket has been
New submission from Mads Kiilerich m...@kiilerich.com:
According to http://docs.python.org/release/2.7.2/library/ssl wrap_socket can
be used either on connected sockets or on un-connected sockets which then can
be .connect'ed.
In the latter case SSLSocket.connect() will (AFAIK) always raise a
Antoine Pitrou pit...@free.fr added the comment:
Alternatively all SSLSocket methods should take care not to dereference
self._sslobj and they should respond properly - preferably with a
socket/ssl exception.
In getpeercert()'s case, I think None would be the right thing to return (as
Mads Kiilerich m...@kiilerich.com added the comment:
I think it would be confusing if getpeercert returned None both for valid
connections without certificates and also for invalid connections. I would
almost prefer the current behaviour (AttributeError) if just it was documented
and there
Antoine Pitrou pit...@free.fr added the comment:
I hope the proper fix will ensure that an exception always is raised
if the ssl handshake fails - and that a successful wrap_socket means
that the ssl negotiation did succeed with the given constraints. It
might however only be feasible to fix
15 matches
Mail list logo
