File 0002-Ignore-OpenSSL-1.1+-Error-0-under-any-Pyth... of Package python-cheroot.17005

Overview Repositories Revisions Requests Users Attributes Meta

File 0002-Ignore-OpenSSL-1.1+-Error-0-under-any-Python-while-wrapping-a-socket.patch of Package python-cheroot.17005

diff -urN cheroot-5.4.0.orig/cheroot/_compat.py cheroot-5.4.0/cheroot/_compat.py
--- cheroot-5.4.0.orig/cheroot/_compat.py	2020-10-15 10:43:32.870121831 +0300
+++ cheroot-5.4.0/cheroot/_compat.py	2020-10-15 10:44:43.310826309 +0300
@@ -23,6 +23,13 @@
 
 import six
 
+try:
+    import ssl
+    IS_ABOVE_OPENSSL10 = ssl.OPENSSL_VERSION_INFO >= (1, 1)
+    del ssl
+except ImportError:
+    IS_ABOVE_OPENSSL10 = None
+
 if six.PY3:
     def ntob(n, encoding='ISO-8859-1'):
         """Return the given native string as a byte string in the given encoding."""
diff -urN cheroot-5.4.0.orig/cheroot/ssl/builtin.py cheroot-5.4.0/cheroot/ssl/builtin.py
--- cheroot-5.4.0.orig/cheroot/ssl/builtin.py	2020-10-15 10:43:32.870121831 +0300
+++ cheroot-5.4.0/cheroot/ssl/builtin.py	2020-10-15 10:48:55.741350976 +0300
@@ -20,12 +20,31 @@
     except ImportError:
         DEFAULT_BUFFER_SIZE = -1
 
-import sys
+import six
 
 from . import Adapter
 from .. import errors
+from .._compat import IS_ABOVE_OPENSSL10
 from ..makefile import MakeFile
 
+if six.PY3:
+    generic_socket_error = OSError
+else:
+    import socket
+    generic_socket_error = socket.error
+    del socket
+
+
+def _assert_ssl_exc_contains(exc, *msgs):
+    """Check whether SSL exception contains either of messages provided."""
+    if len(msgs) < 1:
+        raise TypeError(
+            '_assert_ssl_exc_contains() requires '
+            'at least one message to be passed.'
+        )
+    err_msg_lower = str(exc).lower()
+    return any(m.lower() in err_msg_lower for m in msgs)
+
 
 class BuiltinSSLAdapter(Adapter):
     """A wrapper for integrating Python's builtin ssl module with CherryPy."""
@@ -69,6 +88,7 @@
 
     def wrap(self, sock):
         """Wrap and return the given socket, plus WSGI environ entries."""
+        EMPTY_RESULT = None, {}
         try:
             if self.context is not None:
                 s = self.context.wrap_socket(sock, do_handshake_on_connect=True,
@@ -85,7 +105,7 @@
                 # This is almost certainly due to the cherrypy engine
                 # 'pinging' the socket to assert it's connectable;
                 # the 'ping' isn't SSL.
-                return None, {}
+                return EMPTY_RESULT
             elif e.errno == ssl.SSL_ERROR_SSL:
                 if 'http request' in e.args[1]:
                     # The client is speaking HTTP to an HTTPS server.
@@ -99,12 +119,27 @@
                 for error_text in _block_errors:
                     if error_text in e.args[1].lower():
                         # Accepted error, let's pass
-                        return None, {}
+                        return EMPTY_RESULT
             elif 'handshake operation timed out' in e.args[0]:
                 # This error is thrown by builtin SSL after a timeout
                 # when client is speaking HTTP to an HTTPS server.
                 # The connection can safely be dropped.
-                return None, {}
+                return EMPTY_RESULT
+            raise
+        except generic_socket_error as exc:
+            """It is unclear why exactly this happens.
+
+            It's reproducible only with openssl>1.0 and stdlib ``ssl`` wrapper.
+            In CherryPy it's triggered by Checker plugin, which connects
+            to the app listening to the socket port in TLS mode via plain
+            HTTP during startup (from the same process).
+
+
+            Ref: https://github.com/cherrypy/cherrypy/issues/1618
+            """
+            is_error0 = exc.args == (0, 'Error')
+            if is_error0 and IS_ABOVE_OPENSSL10:
+                return EMPTY_RESULT
             raise
         return s, self.get_environ(s)

Places

File 0002-Ignore-OpenSSL-1.1+-Error-0-under-any-Python-while-wrapping-a-socket.patch of Package python-cheroot.17005

Places