[New-bugs-announce] [issue46313] SSLObject does not raise SSLEOFError on OpenSSL 3
Alex Grönholm
report at bugs.python.org
Sun Jan 9 08:40:17 EST 2022
New submission from Alex Grönholm <alex.gronholm at nextday.fi>:
PR #25309 (https://github.com/python/cpython/pull/25309) changed OpenSSL behavior so that it ignores unexpected EOFs by default. This was detected by the test suites of both trio and AnyIO when running on OpenSSL 3.
We worked around the problem by explicitly unsetting the SSL_OP_IGNORE_UNEXPECTED_EOF flag and then checking if the "strerror" attribute of SSLError contains the text "UNEXPECTED_EOF_WHILE_READING".
The remedy in the standard library would be twofold:
1. Revert the change of enabling SSL_OP_IGNORE_UNEXPECTED_EOF by default
2. Handle the condition properly so that SSLEOFError is raised instead of the generic SSLError
As SSLSockets ignore SSLEOFError by default, this fix should work fine for those too.
----------
assignee: christian.heimes
components: SSL
messages: 410146
nosy: alex.gronholm, christian.heimes, lukasz.langa
priority: normal
severity: normal
status: open
title: SSLObject does not raise SSLEOFError on OpenSSL 3
type: security
versions: Python 3.10, Python 3.11, Python 3.8, Python 3.9
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue46313>
_______________________________________
More information about the New-bugs-announce
mailing list