Skip to content

bpo-33734: asyncio/ssl: Fix AttributeError, increase default handshake timeout #7321

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 10 commits into from
Jun 4, 2018
Merged

bpo-33734: asyncio/ssl: Fix AttributeError, increase default handshake timeout #7321

merged 10 commits into from
Jun 4, 2018

Conversation

1st1
Copy link
Member

@1st1 1st1 commented Jun 1, 2018
edited by bedevere-bot
Loading

@1st1 1st1 requested a review from asvetlov as a code owner June 1, 2018 14:56
@1st1 1st1 mentioned this pull request Jun 1, 2018
Closed
ned-deily
ned-deily reviewed Jun 1, 2018
View reviewed changes
Copy link
Member

@ned-deily ned-deily left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps the NEWS entry could be a little more explicit about what problem is being solved, otherwise LGTM for 3.7.

@1st1
Copy link
Member Author

1st1 commented Jun 1, 2018

@ned-deily @asvetlov I've just pushed an update. Long story short, I started to write functional tests for SSL to test this PR and discovered that SSL errors do not propagate correctly. For example, the following code somehow works in the master branch:

reader, writer = await asyncio.open_connection(
    *addr,
    ssl=client_sslctx,
    server_hostname='',
    loop=self.loop,
    ssl_handshake_timeout=1.0)

# we will get to this line without an error even if
# SSL handshake failed and the connection is
# in a semi-closed state.  o_O
print('HERE')

The latest commit fixes these bugs and adds more SSL tests.

My plan is to backport these changes to uvloop and release a new version today. Since uvloop is quite popular and people report its bugs (as @hynek's report today demonstrated) I expect that if there are any issues with my fixes we'll know about them in a few days.

IMHO this should go into 3.7.0 and it's a shame that our SSL layer is so fragile at this point. I have a developer looking into rewriting SSL properly for Python 3.8: MagicStack/uvloop#158, so hopefully it's not for long.

Please take another look at the PR.

@ned-deily
Copy link
Member

Since it seems it is a bug fix (and a serious one at that), there shouldn't be any question about 3.7. Anything merged up to the 3.7.0rc1 cutoff will be in 3.7.0 final.

@1st1
Copy link
Member Author

1st1 commented Jun 1, 2018

Since it seems it is a bug fix (and a serious one at that), there shouldn't be any question about 3.7.

Yeah, it's just that I'm not 100% sure about asyncio/sslproto.py. Hopefully it will be OK, after all we've lived with it for a while now.

asvetlov
asvetlov approved these changes Jun 3, 2018
View reviewed changes
Copy link
Contributor

@asvetlov asvetlov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@1st1 1st1 merged commit 9602643 into python:master Jun 4, 2018
@bedevere-bot
Copy link

@1st1: Please replace # with GH- in the commit message next time. Thanks!

@miss-islington
Copy link
Contributor

Thanks @1st1 for the PR 🌮🎉.. I'm working now to backport this PR to: 3.7.
🐍🍒⛏🤖

@1st1 1st1 deleted the sslbugs branch June 4, 2018 15:32
miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Jun 4, 2018
@1st1 @miss-islington
bpo-33734: asyncio/ssl: a bunch of bugfixes (pythonGH-7321)
63a7ee8 
* Fix AttributeError (not all SSL exceptions have 'errno' attribute)

* Increase default handshake timeout from 10 to 60 seconds
* Make sure start_tls can be cancelled correctly
* Make sure any error in SSLProtocol gets propagated (instead of just being logged)
(cherry picked from commit 9602643)

Co-authored-by: Yury Selivanov <yury@magic.io>
@bedevere-bot
Copy link

GH-7396 is a backport of this pull request to the 3.7 branch.

1st1 added a commit that referenced this pull request Jun 4, 2018
@miss-islington @1st1
bpo-33734: asyncio/ssl: a bunch of bugfixes (GH-7321) (GH-7396)
87936d0 
* Fix AttributeError (not all SSL exceptions have 'errno' attribute)

* Increase default handshake timeout from 10 to 60 seconds
* Make sure start_tls can be cancelled correctly
* Make sure any error in SSLProtocol gets propagated (instead of just being logged)
(cherry picked from commit 9602643)

Co-authored-by: Yury Selivanov <yury@magic.io>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ned-deily ned-deily ned-deily left review comments

@asvetlov asvetlov asvetlov approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@1st1 @ned-deily @bedevere-bot @miss-islington @asvetlov @the-knights-who-say-ni