[Cryptography-dev] Integrating pyOpenSSL to asyncio

[Heraldo Lucena]

I am integrating pyOpenSSL to asyncio by reimplementing the SSLContext
interface from the Python standard SSL module and all OpenSSL semantics it
depends on. I choose this path to avoid overriding asyncio's standard event
loops.

To receive SSL traffic I am copying the incoming ssl.MemoryBIO passed by
asyncio to SSLContext.wrap_bio() by using Connection.write_bio().
To send SSL traffic I am copying pyOpenSSL's outgoing BIO witn
Connection.read_bio() and writing it to asyncio's outgoing ssl.MemoryBIO.
I always copy the whole content right before Connection.recv() and right
after Connection.send().

The only issue I have now is that application data is lost (in my case HTTP
data) when the server sends a TLS close_notify alert right after the
application data. When testing with aiohttp HTTP library the connection is
taken as closed before the HTTP response be read. When inspecting the error
cause aiohttp got SSL.ZeroReturnError from pyOpenSSL which signals TLS
shutdown was performed on the connection. On Wireshark I also confirmed the
server sent close_notify right after the HTTP response body.

This issue doesn't happen when the server doesn't send close_notify (the
HTTP server doesn't close the connection after sending the response).

I also implemented SSLContext.wrap_socket() to test with blocking sockets,
this issue doesn't happen. I tested with urllib and the requests library,
in both tests the HTTP response is fully read.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.python.org/pipermail/cryptography-dev/attachments/20220929/36574c6c/attachment.html>