Ubuntu
python3.10 package

python 3.10: SSLObject does not raise SSLEOFError on OpenSSL 3

  1. Jammy (22.04)
  2. Bug #1969810
Bug #1969810 reported by Simon Chopin
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
python3.10 (Ubuntu)
Triaged
High
Unassigned
Jammy
Triaged
High
Unassigned

Bug Description

From https://github.com/python/cpython/issues/90471 :

--------

PR bpo-25309 (#25309) changed OpenSSL behavior so that it ignores unexpected EOFs by default. This was detected by the test suites of both trio and AnyIO when running on OpenSSL 3.

We worked around the problem by explicitly unsetting the SSL_OP_IGNORE_UNEXPECTED_EOF flag and then checking if the "strerror" attribute of SSLError contains the text "UNEXPECTED_EOF_WHILE_READING".

The remedy in the standard library would be twofold:

    Revert the change of enabling SSL_OP_IGNORE_UNEXPECTED_EOF by default
    Handle the condition properly so that SSLEOFError is raised instead of the generic SSLError

As SSLSockets ignore SSLEOFError by default, this fix should work fine for those too.

--------

There isn't any upstream PR associated with this AFAICT.

Simon Chopin (schopin)
tags: added: rls-jj-incoming
Matthieu Clemenceau (mclemenceau)
tags: added: fr-2314
Brian Murray (brian-murray)
tags: removed: rls-jj-incoming
Changed in python3.10 (Ubuntu Jammy):
importance: Undecided → High
Steve Beattie (sbeattie)
Changed in python3.10 (Ubuntu):
status: New → Confirmed
Changed in python3.10 (Ubuntu Jammy):
status: New → Confirmed
Matthieu Clemenceau (mclemenceau)
tags: removed: fr-2314
Benjamin Drung (bdrung)
Changed in python3.10 (Ubuntu):
status: Confirmed → Triaged
Changed in python3.10 (Ubuntu Jammy):
status: Confirmed → Triaged
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.