[issue39951] Ignore specific errors when closing ssl connections

2022-03-12 Thread Andrew Svetlov
Change by Andrew Svetlov : -- resolution: -> fixed stage: backport needed -> resolved status: open -> closed ___ Python tracker ___ ___

[issue39951] Ignore specific errors when closing ssl connections

2022-03-09 Thread Christian Heimes
Christian Heimes added the comment: The bug should be fixed in 3.9 and 3.10 maintenance branches, too. -- assignee: christian.heimes -> stage: -> backport needed versions: +Python 3.10, Python 3.9 ___ Python tracker

[issue39951] Ignore specific errors when closing ssl connections

2022-03-09 Thread Kumar Aditya
Kumar Aditya added the comment: @asvetlov This has been fixed on main branch with bpo-44011. This can be closed now. -- nosy: +kumaraditya303 versions: +Python 3.11 -Python 3.10, Python 3.8, Python 3.9 ___ Python tracker

[issue39951] Ignore specific errors when closing ssl connections

2021-02-05 Thread Christian Heimes
Christian Heimes added the comment: TLS 1.2 has one-way close notify. For example typical HTTP clients like curl send a close_notify and then shut down the TCP connection. HTTP servers may not reply with close_notify or may not wait for the client to confirm the server-side close notify. Py

[issue39951] Ignore specific errors when closing ssl connections

2021-02-05 Thread Dima Tisnek
Dima Tisnek added the comment: Thank you, Christian, for removing 3.7 target, I was not up to date on Python support schedule. Regarding protocol violation, let me explain what I've dug up so far... I am not an expert, please feel free to correct me. TLS up to 1.2 Closing a connection (send

[issue39951] Ignore specific errors when closing ssl connections

2021-02-05 Thread Christian Heimes
Christian Heimes added the comment: 3.7 is in security fix-only mode. APPLICATION_DATA_AFTER_CLOSE_NOTIFY is a protocol violation in any TLS version. It's not related to TLS 1.3. The error occurs when one side wants to close the connection, but the other sides keeps sending user data. It's b

[issue39951] Ignore specific errors when closing ssl connections

2021-02-04 Thread Dima Tisnek
Dima Tisnek added the comment: Added 3.10 target. -- versions: +Python 3.10 ___ Python tracker ___ ___ Python-bugs-list mailing lis

[issue39951] Ignore specific errors when closing ssl connections

2021-02-04 Thread Dima Tisnek
Dima Tisnek added the comment: @fantix alas, no: ~/cpython (asvetlov--new-ssl|✚1) [1] > ./python.exe ~/repro-39951.py Traceback (most recent call last): File "/Users/dima.tisnek/repro-39951.py", line 33, in asyncio.run(test()) File "/Users/dima.tisnek/cpython/Lib/asyncio/runners.py", l

[issue39951] Ignore specific errors when closing ssl connections

2021-02-04 Thread Fantix King
Fantix King added the comment: This should/will be fixed by GH-17975 I think - like suggested in the OpenSSL comments, the proposed change will always try to run SSL_read() before SSL_shutdown(), even after the close_notify is sent. -- nosy: +fantix _

[issue39951] Ignore specific errors when closing ssl connections

2020-10-29 Thread Dima Tisnek
Dima Tisnek added the comment: https://bugs.python.org/issue39953 has landed and the errors are now more sensible: (that patch was not backported to 3.7, because it's not a security issue). Python 3.7.8 [SSL: KRB5_S_INIT] application data after close notify Python 3.8.5 [SSL: APPLICATION_DATA_

[issue39951] Ignore specific errors when closing ssl connections

2020-04-11 Thread SilentGhost
Change by SilentGhost : -- nosy: +christian.heimes ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://ma

[issue39951] Ignore specific errors when closing ssl connections

2020-03-29 Thread Dima Tisnek
Dima Tisnek added the comment: Sorry I was too fast to close this. 39953 is about error codes. This bug is about having an error at all. I believe that the code in question should pass without error, even in the presence of network delays. -- resolution: duplicate -> status: close

[issue39951] Ignore specific errors when closing ssl connections

2020-03-29 Thread Dima Tisnek
Dima Tisnek added the comment: Let's close this in favour of https://bugs.python.org/issue39953 which has a pending pull request https://github.com/python/cpython/pull/19082 -- resolution: -> duplicate stage: -> resolved status: open -> closed __

[issue39951] Ignore specific errors when closing ssl connections

2020-03-12 Thread Dima Tisnek
Dima Tisnek added the comment: Reproducer: """ Reproducer for BPO-39951 We send some data over ssl and close the connection. The server responds after our openssl considers the connection closed-ish and raises an error. """ import asyncio import ssl host = "nghttp2.org" port = 443 ssl_contex

[issue39951] Ignore specific errors when closing ssl connections

2020-03-12 Thread Dima Tisnek
New submission from Dima Tisnek : When a connection wrapped in ssl is closed, sometimes the ssl library reports an error, which I believe should be ignored. The error code is `291` and the name of the error is either SSL_R_KRB5_S_INIT (KRB5_S_INIT) or SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY