[issue39951] Ignore specific errors when closing ssl connections
Dima Tisnek
report at bugs.python.org
Thu Mar 12 23:40:01 EDT 2020
New submission from Dima Tisnek <dimaqq at gmail.com>:
When a connection wrapped in ssl is closed, sometimes the ssl library reports an error, which I believe should be ignored.
The error code is `291` and the name of the error is either SSL_R_KRB5_S_INIT (KRB5_S_INIT) or SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY depending on openssl header file.
It's only one code, somehow `ssl.h` (depending on version?) has different symbolic name for the error.
TBH, I consider `KRB5_S_INIT` a misnomer, there's no Kerberos here.
The explanation for openssl reporting this error is here:
https://github.com/openssl/openssl/blob/6d53ad6b5cf726d92860e973d7bc8c1930762086/ssl/record/rec_layer_s3.c#L1657-L1668
> The peer is continuing to send application data, but we have
> already sent close_notify. If this was expected we should have
> been called via SSL_read() and this would have been handled
> above.
This situation is easily achieved, because of network delays. Just because we sent "close notify", doesn't mean the other end has received it, and even if it did, there could still be return data in flight.
Reproducer is here: https://gist.github.com/dimaqq/087c66dd7b4a85a669a00221dc3792ea
----------
components: Extension Modules, Library (Lib)
messages: 364071
nosy: Dima.Tisnek
priority: normal
severity: normal
status: open
title: Ignore specific errors when closing ssl connections
versions: Python 3.8, Python 3.9
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue39951>
_______________________________________
More information about the Python-bugs-list
mailing list