This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: Work around for buggy https servers
Type: Stage:
Components: Extension Modules Versions:
process
Status: closed Resolution: accepted
Dependencies: Superseder:
Assigned To: loewis Nosy List: jribbens, loewis, vdbergh, vomjom
Priority: normal Keywords: patch

Created on 2002-01-07 08:49 by vdbergh, last changed 2022-04-10 16:04 by admin. This issue is now closed.

Files
File name Uploaded Description Edit
patch.ssl vdbergh, 2002-01-07 22:12
py23ssl.txt loewis, 2002-03-11 06:34
Messages (8)
msg38654 - (view) Author: Michel Van den Bergh (vdbergh) Date: 2002-01-07 08:49 
Python 2.2. Tested on RH 7.1.

This a workaround for, 

http://sourceforge.net/tracker/?group_id=5470&atid=105470&func=detail&aid=494762

The problem is that some https servers close an ssl
connection without properly resetting it first. In the
above bug description it is suggested that this
only occurs for IIS but apparently some  (modified)
Apache servers also suffer from it (see
telemeter.telenet.be).

One of the suggested workarounds is to modify
httplib.py so as to ignore the combination of
err[0]==SSL_ERROR_SYSCALL and 
err[1]=="EOF occurred in violation of protocol".
However I think one should never compare error strings
since in principle they may depend on language etc...

So I decided to modify _socket.c slightly so that
it becomes possible to return error codes which
are not in in ssl.h.

When an ssl-connection is closed without reset I now
return the error code SSL_ERROR_EOF. Then I ignore
this (apparently benign) error in httplib.py.

In addition I fixed what I think was an error in
PySSL_SetError(SSL *ssl, int ret) in socketmodule.c.

Originally there was:

	case SSL_ERROR_SSL:
	{
		unsigned long e = ERR_get_error();
		if (e == 0) {
			/* an EOF was observed that violates the protocol */
			errstr = "EOF occurred in violation of protocol";

etc... 
but if I understand the documentation for
SSL_get_error then the test should be: e==0 && ret==0.
A similar error occurs a few lines later.
msg38655 - (view) Author: Michel Van den Bergh (vdbergh) Date: 2002-01-09 10:25 
Logged In: YES 
user_id=10252

Due to some problems with sourceforge and incompetence on my
part I submitted this several times.
Please see patch 500311.
msg38656 - (view) Author: Martin v. Löwis (loewis) * (Python committer) Date: 2002-03-11 06:34 
Logged In: YES 
user_id=21627

Unfortunately, your patch appears to be incorrect.
Performing the script in #494762, I get an empty string as
the result, whereas the content of the resource is 'HTTPS Test'

In case you want to experiment with the CVS version I'll
attach a patch for that.
msg38657 - (view) Author: Jon Ribbens (jribbens) * Date: 2002-04-16 17:00 
Logged In: YES 
user_id=76089

py23ssl.txt works fine for me when applied to latest CVS, 
and fixes the problem.
msg38658 - (view) Author: Martin v. Löwis (loewis) * (Python committer) Date: 2002-04-17 14:16 
Logged In: YES 
user_id=21627

jribbens: Even when running the test from 494762, i.e.

import os,urllib2
os.environ["http_proxy"]=''
f = urllib2.urlopen("https://wwws.task.com.br/i.htm")
print f.read()

This gives an empty response for me...
msg38659 - (view) Author: Jon Ribbens (jribbens) * Date: 2002-04-17 14:44 
Logged In: YES 
user_id=76089

Yes, that test works fine.

The patch looks correct to me by inspection also. Michel's 
comments about SSL_get_error are correct according to the 
OpenSSL documentation, i.e. the existing code is incorrect 
(this being a separate issue to whether or not "EOF 
occurred" should be ignored, which is a work-around for 
other peoples' bugs).
msg38660 - (view) Author: Jonathan Hseu (vomjom) Date: 2002-04-19 23:07 
Logged In: YES 
user_id=19719

I can confirm that this patch works correctly.  I was
experiencing this bug when I tried using httplib for https
connections for IIS servers.  I patched it, and now it works
perfectly :).

E-mail me at vomjom@vomjom.org if you have any questions.

Please use this patch.
msg38661 - (view) Author: Martin v. Löwis (loewis) * (Python committer) Date: 2002-04-20 07:52 
Logged In: YES 
user_id=21627

I just retried, and it now works for me as well. Committed as

httplib.py 1.50
_ssl.c 1.2
ACSK 1.170
httplib.py 1.42.10.5
socketmodule.c 1.200.6.4

Thanks guys!
History
Date User Action Args
2022-04-10 16:04:51adminsetgithub: 35875
2002-01-07 08:49:27vdberghcreate