[New-bugs-announce] [issue37710] Python SSL module does not clear error queue before IO operations using SSL_get_error
Andrew Collins
report at bugs.python.org
Mon Jul 29 17:17:25 EDT 2019
New submission from Andrew Collins <bsderandrew at gmail.com>:
Per the OpenSSL documentation:
"The current thread's error queue must be empty before the TLS/SSL I/O operation is attempted, or SSL_get_error() will not work reliably."
https://www.openssl.org/docs/man1.1.1/man3/SSL_get_error.html
Modules/_ssl.c does clear errors on socket creation, and upon handling an error itself, but does not clear before IO operations that are checked with SSL_get_error.
When using OpenSSL outside of Modules/_ssl.c in the same process context (for example, using libssh through python bindings), this can results in random ssl errors being picked up by Modules/_ssl.c.
----------
assignee: christian.heimes
components: SSL
messages: 348684
nosy: Andrew Collins, christian.heimes
priority: normal
severity: normal
status: open
title: Python SSL module does not clear error queue before IO operations using SSL_get_error
versions: Python 3.5, Python 3.6, Python 3.7, Python 3.8, Python 3.9
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue37710>
_______________________________________
More information about the New-bugs-announce
mailing list