[New-bugs-announce] [issue46313] SSLObject does not raise SSLEOFError on OpenSSL 3

Alex Grönholm report at bugs.python.org
Sun Jan 9 08:40:17 EST 2022

New submission from Alex Grönholm <alex.gronholm at nextday.fi>:

PR #25309 (https://github.com/python/cpython/pull/25309) changed OpenSSL behavior so that it ignores unexpected EOFs by default. This was detected by the test suites of both trio and AnyIO when running on OpenSSL 3.

We worked around the problem by explicitly unsetting the SSL_OP_IGNORE_UNEXPECTED_EOF flag and then checking if the "strerror" attribute of SSLError contains the text "UNEXPECTED_EOF_WHILE_READING".

The remedy in the standard library would be twofold:
1. Revert the change of enabling SSL_OP_IGNORE_UNEXPECTED_EOF by default
2. Handle the condition properly so that SSLEOFError is raised instead of the generic SSLError

As SSLSockets ignore SSLEOFError by default, this fix should work fine for those too.

assignee: christian.heimes
components: SSL
messages: 410146
nosy: alex.gronholm, christian.heimes, lukasz.langa
priority: normal
severity: normal
status: open
title: SSLObject does not raise SSLEOFError on OpenSSL 3
type: security
versions: Python 3.10, Python 3.11, Python 3.8, Python 3.9

Python tracker <report at bugs.python.org>

More information about the New-bugs-announce mailing list