8000 bpo-43921: Debug test_ssl failures on Windows by vstinner · Pull Request #26501 · python/cpython · GitHub
[go: up one dir, main page]
Skip to content

bpo-43921: Debug test_ssl failures on Windows #26501

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

bpo-43921: Debug test_ssl failures on Windows #26501

wants to merge 1 commit into from

Conversation

vstinner
Copy link
Member
@vstinner vstinner commented Jun 3, 2021
edited by bedevere-bot
Loading

DON'T MERGE THIS TEST PR.

https://bugs.python.org/issue43921

@vstinner
Copy link
Member Author
vstinner commented Jun 3, 2021

I failed to reproduce https://bugs.python.org/issue43921#msg391677 failure locally on my Windows 10 VM. I used the command:

python -m test test_ssl -m test_wrong_cert_tls13 -v -F -j4

I also ran the same command (./python -m test test_ssl -m test_wrong_cert_tls13 -v -F -j4) on Linux, just in case I can reproduce it on Linux.

On Windows and Linux, I see that the client manages to write 4 bytes and then get a SSL error on the first read() call.

@vstinner
Copy link
Member Author
vstinner commented Jun 3, 2021

Maybe the issue is that write() and read() results are not checked by the test.

@vstinner
Copy link
Member Author
vstinner commented Jun 3, 2021

Seen on Windows: the first read() returned an empty string, but the test still pass since the second write() raised an SSL exception.

test_wrong_cert_tls13 (test.test_ssl.ThreadedTests) ...  server:  new connection from ('127.0.0.1', 54508)
write1 4
recv1 0

SSLError is SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:2370)')

 server:  bad connection attempt from ('127.0.0.1', 54508):
Traceback (most recent call last):
   File "C:\vstinner\python\main\lib\test\test_ssl.py", line 2364, in wrap_conn
    self.sslconn = self.server.context.wrap_socket(
   File "C:\vstinner\python\main\lib\ssl.py", line 518, in wrap_socket
    return self.sslsocket_class._create(
   File "C:\vstinner\python\main\lib\ssl.py", line 1070, in _create
    self.do_handshake()
   File "C:\vstinner\python\main\lib\ssl.py", line 1339, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:983)
ok

@vstinner
Copy link
Member Author
vstinner commented Jun 3, 2021

If I remove the first read() to only keep the second one, I can more easily reproduce the issue on Windows. The second read() returned an empty string and the test failed because no SSL exception was raised:

write1 4
write2 26

 server:  bad connection attempt from ('127.0.0.1', 54565):
Traceback (most recent call last):
   File "C:\vstinner\python\main\lib\test\test_ssl.py", line 2364, in wrap_conn
    self.sslconn = self.server.context.wrap_socket(
   File "C:\vstinner\python\main\lib\ssl.py", line 518, in wrap_socket
    return self.sslsocket_class._create(
   File "C:\vstinner\python\main\lib\ssl.py", line 1070, in _create
    self.do_handshake()
   File "C:\vstinner\python\main\lib\ssl.py", line 1339, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:983)
recv2 0
FAIL

The question is now why read() doesn't return an empty string on Linux, but it does on Windows.

@vstinner
Copy link
Member Author
vstinner commented Jun 3, 2021

read() error

  • (A) when SSL_read_ex() fails with ssl error 1 (SSL_ERROR_SSL) and ERR_peek_last_error()=0x14094418, a SSLError(1, '[SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:2528)') exception is raised.
  • (B) when SSL_read_ex() fails with ssl error 5 (SSL_ERROR_SYSCALL) and Windows error 10054 (WSAECONNRESET), an SSLEOFError exception is raised. But SSLSocket.read() catchs this exception and returns it with an empty string, since the SSLSocket is created with suppress_ragged_eofs=True.

I saw (A) on Windows and Linux.

I only saw (B) on Windows.

write() error

  • (C) when SSL_write_ex() fails with ssl error 5 (SSL_ERROR_SYSCALL) and C errno 104 (ECONNRESET), SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:2373)') is raised
  • (D) when SSL_write_ex() fails with ssl error 5 (SSL_ERROR_SYSCALL) and Windows error 10054 (WSAECONNRESET): SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:2373)') is raised

I only saw (C) on Linux.

I only saw (D) on Windows.

I both cases, it's SSLEOFError.

@vstinner vstinner mentioned this pull request Jun 3, 2021
Merged
@vstinner
Copy link
Member Author
vstinner commented Jun 3, 2021

I created PR #26502 to fix the issue.

@vstinner vstinner closed this Jun 3, 2021
@vstinner vstinner deleted the debug_test_ssl branch June 3, 2021 12:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gpshead gpshead Awaiting requested review from gpshead gpshead will be requested when the pull request is marked ready for review gpshead is a code owner

@picnixz picnixz Awaiting requested review from picnixz picnixz will be requested when the pull request is marked ready for review picnixz is a code owner

Assignees
No one assigned
Labels
awaiting core review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@vstinner @the-knights-who-say-ni @bedevere-bot
0