[Patches] [ python-Patches-499940 ] Work around for buggy https servers

noreply@sourceforge.net noreply@sourceforge.net
Wed, 09 Jan 2002 02:28:11 -0800 

Patches item #499940, was opened at 2002-01-05 12:26
You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=305470&aid=499940&group_id=5470

Category: Modules
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Michel Van den Bergh (vdbergh)
Assigned to: Nobody/Anonymous (nobody)
Summary: Work around for buggy https servers

Initial Comment:
Python 2.2. Tested on RH 7.1.

This a workaround for, 

http://sourceforge.net/tracker/?group_id=5470&atid=105470&func=detail&aid=494762

The problem is that some https servers close an ssl
connection without properly resetting it first. In the
above bug description it is suggested that this
only occurs for IIS but apparently some  (modified)
Apache servers also suffer from it (see
telemeter.telenet.be).

One of the suggested workarounds is to modify
httplib.py so as to ignore the combination of
err[0]==SSL_ERROR_SYSCALL and 
err[1]=="EOF occurred in violation of protocol".
However I think one should never compare error strings
since in principle they may depend on language etc...

So I decided to modify _socket.c slightly so that
it becomes possible to return error codes which
are not in in ssl.h. You will see that I did this
in a portable way, which is independent of the
explicit error numbers in ssl.h.

When an ssl-connection is closed without reset I now
return the error code SSL_ERROR_EOF. Then I ignore
this (apparently benign) error in httplib.py.

In addition I fixed what I think was an error in
PySSL_SetError(SSL *ssl, int ret) in socketmodule.c.

Originally there was:

	case SSL_ERROR_SSL:
	{
		unsigned long e = ERR_get_error();
		if (e == 0) {
			/* an EOF was observed that violates the protocol */
			errstr = "EOF occurred in violation of protocol";

etc... 
but if I understand the documentation for
SSL_get_error then the test should be: e==0 && ret==0.
A similar error occurs a few lines later.

----------------------------------------------------------------------

>Comment By: Michel Van den Bergh (vdbergh)
Date: 2002-01-09 02:28

Message:
Logged In: YES 
user_id=10252

Due to some problems with sourceforge and incompetence on my
part I seem to have submitted several times. See patch
500311.

----------------------------------------------------------------------

You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=305470&aid=499940&group_id=5470