[Python-bugs-list] [ python-Bugs-631683 ] https via httplib trips over IIS defect

noreply@sourceforge.net noreply@sourceforge.net
Wed, 13 Nov 2002 09:49:14 -0800


Bugs item #631683, was opened at 2002-10-31 18:01
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=631683&group_id=5470

Category: Python Library
Group: Python 2.2
Status: Open
Resolution: None
Priority: 5
Submitted By: Dan Wilder (detroit_dan)
Assigned to: Nobody/Anonymous (nobody)
Summary: https via httplib trips over IIS defect

Initial Comment:
When attempting to make a connection via https to an 
IIS server, for example ssl.pgs.wcom.net deployed by
VITAL, the VISAnet on line authorization host, the
following
exception is encountered:

  File "./vitalmsg.py", line 130, in ssl_connect^M
    status, reason, header= hs.getreply()^M
  File "/usr/lib/python2.2/httplib.py", line 752, in
getreply^M
    response = self._conn.getresponse()^M
  File "/usr/lib/python2.2/httplib.py", line 593, in
getresponse^M
    response = self.response_class(self.sock)^M
  File "/usr/lib/python2.2/httplib.py", line 99, in
__init__^M
    self.fp = sock.makefile('rb', 0)^M
  File "/usr/lib/python2.2/httplib.py", line 628, in
makefile^M
    buf = self.__ssl.read()^M
socket.sslerror: (5, 'EOF occurred in violation of
protocol')^M

As nearly as I can determine, a protocol error has
indeed been encountered.  However it is unlikely indeed
that
Microsoft can be induced to correct this, nor that a
correction
is likely to be deployed by all who use IIS.

For reference, the headers returned by the server to a
successful request using the attached patch are:

Server: Microsoft-IIS/4.0
Date: Tue, 29 Oct 2002 21:57:59 GMT
Content-Type: x-data/xact-response

The attached patch allows python-2.2.2 to work
with this server.





----------------------------------------------------------------------

>Comment By: Jeremy Hylton (jhylton)
Date: 2002-11-13 17:49

Message:
Logged In: YES 
user_id=31392

This patch has two changes that seem to be completely
unrelated.  It looks like the httplib.py patch works around
the IIS problem and the socket stuff is gratuitous.

I don't understand if it's safe to add this workaround for
IIS.  What an EOF occurs that is a violation of the protocol
and means that the client can't recover?  It seems this
patch could prevent legitimate errors from being corrected.


----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=631683&group_id=5470