Christian Heimes <li...@cheimes.de> added the comment:
Starting with 3.7, all OpenSSL and certificate-related exceptions are derived from SSLError. SSLError is a subclass of OSError. For backwards compatibility, SSLCertVerificationError is both a subclass of SSLError and ValueError. >>> ssl.CertificateError <class 'ssl.SSLCertVerificationError'> >>> ssl.CertificateError.__mro__ (<class 'ssl.SSLCertVerificationError'>, <class 'ssl.SSLError'>, <class 'OSError'>, <class 'ValueError'>, <class 'Exception'>, <class 'BaseException'>, <class 'object'>) The new behavior is more consistent than the previous. Now all SSL handshake errors are wrapped in URLError. In 3.6 and earlier unsupported TLS version, cipher suite mismatch, and similar were wrapped in URLError. Certificate related issues like untrusted cert, expired cert, hostname verification failure was not wrapped in URLError. You had to check error.reason for SSL-related errors any way. I like to argue that the ssl module in 3.7 handles exceptions more consistently and is an improvement. The URLError behavior change is an unfortunate but reasonable side effect. Ned, what do you think? ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue36866> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
