New submission from Andrew Collins <bsderand...@gmail.com>:
Per the OpenSSL documentation: "The current thread's error queue must be empty before the TLS/SSL I/O operation is attempted, or SSL_get_error() will not work reliably." https://www.openssl.org/docs/man1.1.1/man3/SSL_get_error.html Modules/_ssl.c does clear errors on socket creation, and upon handling an error itself, but does not clear before IO operations that are checked with SSL_get_error. When using OpenSSL outside of Modules/_ssl.c in the same process context (for example, using libssh through python bindings), this can results in random ssl errors being picked up by Modules/_ssl.c. ---------- assignee: christian.heimes components: SSL messages: 348684 nosy: Andrew Collins, christian.heimes priority: normal severity: normal status: open title: Python SSL module does not clear error queue before IO operations using SSL_get_error versions: Python 3.5, Python 3.6, Python 3.7, Python 3.8, Python 3.9 _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue37710> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
