subject:"\[issue30437\] SSL_shutdown can return meaningless SSL_ERROR

[issue30437] SSL_shutdown can return meaningless SSL_ERROR_SYSCALL

2017-09-06 Thread Nathaniel Smith


Nathaniel Smith added the comment:

My reading of the man page is that if SSL_shutdown returns 0, this means that 
it succeeded at doing the first phase of shutdown. If there are errors then 
they should be ignored, because it actually succeeded.

If you want to then complete the second phase of shutdown, of course, you have 
to call it again, but that's no different than any other use of SSL_shutdown.

If two calls to SSL_shutdown both return zero, then that's definitely a bug in 
OpenSSL. A return value of zero means that previously the SSL_SENT_SHUTDOWN 
flag was not set, and now it is set, so that can only happen once per 
connection. But that's orthogonal to the SSL_ERROR_SYSCALL issue.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue30437] SSL_shutdown can return meaningless SSL_ERROR_SYSCALL

2017-09-06 Thread Christian Heimes


Christian Heimes added the comment:

If I understand the man page of SSL_shutdown correctly, than SSL_shutdown() 
must be called a second time when the first time returned 0. But it does not 
say how an application shall behave if the second call to SSL_shutdown() also 
returns 0.

OpenSSL does not contain an example for bidirectional shutdown. s_client.c only 
does unidirectional shutdown.

cURL just ignores the result:

/*
 * This function is called when an SSL connection is closed.
 */
void Curl_ossl_close(struct connectdata *conn, int sockindex)
{
  struct ssl_connect_data *connssl = >ssl[sockindex];

  if(connssl->handle) {
(void)SSL_shutdown(connssl->handle);
SSL_set_connect_state(connssl->handle);

SSL_free (connssl->handle);
connssl->handle = NULL;
  }
  if(connssl->ctx) {
SSL_CTX_free (connssl->ctx);
connssl->ctx = NULL;
  }
}

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue30437] SSL_shutdown can return meaningless SSL_ERROR_SYSCALL

2017-05-23 Thread Nathaniel Smith


Nathaniel Smith added the comment:

Debian testing, x86-64, with:

Python 3.5.3rc1 (default, Jan  3 2017, 04:40:57) 
[GCC 6.3.0 20161229] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import ssl
>>> ssl.OPENSSL_VERSION
'OpenSSL 1.1.0e  16 Feb 2017'

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue30437] SSL_shutdown can return meaningless SSL_ERROR_SYSCALL

2017-05-23 Thread Christian Heimes


Christian Heimes added the comment:

Which OS and OpenSSL version are you on?

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue30437] SSL_shutdown can return meaningless SSL_ERROR_SYSCALL

2017-05-23 Thread Martin Panter


Martin Panter added the comment:

Maybe Issue 10808?

--
nosy: +martin.panter

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue30437] SSL_shutdown can return meaningless SSL_ERROR_SYSCALL

2017-05-22 Thread Nathaniel Smith


New submission from Nathaniel Smith:

The SSL_shutdown man page says that if it returns 0, and an SSL_ERROR_SYSCALL 
is set, then SSL_ERROR_SYSCALL should be ignored - or at least I think that's 
what it's trying to say. See the RETURN VALUES section. I think this means we 
should only raise this error if the return value is <0? Though I suppose we 
need to clear out the error queue in any case.

I ended up changing the code that was triggering this for other reasons and now 
I'm not hitting it, so it's not exactly urgent for me, but FYI... I was getting 
SSLSyscallError exceptions from code using memory BIOs and where everything was 
fine. The test case had one task continually sending data into an 
SSLObject-based stream while the other end called SSLObject.unwrap() and then 
ended up continually getting SSLWantRead and reading more data -- after a few 
cycles of reading it got SSLSyscalError instead.

--
assignee: christian.heimes
components: SSL
messages: 294216
nosy: alex, christian.heimes, dstufft, janssen, njs
priority: normal
severity: normal
status: open
title: SSL_shutdown can return meaningless SSL_ERROR_SYSCALL
versions: Python 2.7, Python 3.6, Python 3.7

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue30437] SSL_shutdown can return meaningless SSL_ERROR_SYSCALL

[issue30437] SSL_shutdown can return meaningless SSL_ERROR_SYSCALL

[issue30437] SSL_shutdown can return meaningless SSL_ERROR_SYSCALL

[issue30437] SSL_shutdown can return meaningless SSL_ERROR_SYSCALL

[issue30437] SSL_shutdown can return meaningless SSL_ERROR_SYSCALL

[issue30437] SSL_shutdown can return meaningless SSL_ERROR_SYSCALL

6 matches

Site Navigation

Mail list logo

Footer information