Uploaded image for project: 'Thrift'
  1. Thrift
  2. THRIFT-4274

Python feature tests for SSL/TLS failing

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.11.0
    • Component/s: Python - Library
    • Labels:
      None
    • Environment:

      Arch Linux, Python 3.6.2, OpenSSL 1.1.0.f

    • Patch Info:
      Patch Available

      Description

      make cross fails on the Python feature tests py-nosslv3 and py-tls, as the test server exits with a stack trace like

      Traceback (most recent call last):
        File "/thrift/test/py/TestServer.py", line 315, in <module>
          sys.exit(main(options))
        File "/thrift/test/py/TestServer.py", line 268, in main
          server.serve()
        File "/thrift/lib/py/build/lib.linux-x86_64-3.6/thrift/server/TServer.py", line 76, in serve
          client = self.serverTransport.accept()
        File "/thrift/lib/py/build/lib.linux-x86_64-3.6/thrift/transport/TSSLSocket.py", line 370, in accept
          client = self._wrap_socket(plain_client)
        File "/thrift/lib/py/build/lib.linux-x86_64-3.6/thrift/transport/TSSLSocket.py", line 184, in _wrap_socket
          server_hostname=self._server_hostname)
        File "/usr/lib/python3.6/ssl.py", line 401, in wrap_socket
          _context=self, _session=session)
        File "/usr/lib/python3.6/ssl.py", line 808, in __init__
          self.do_handshake()
        File "/usr/lib/python3.6/ssl.py", line 1061, in do_handshake
          self._sslobj.do_handshake()
        File "/usr/lib/python3.6/ssl.py", line 683, in do_handshake
          self._sslobj.do_handshake()
      OSError: [Errno 0] Error
      

      This seems to be caused by ensure_socket_open in test/crossrunner/run.py, which will make a connection and immediately close the socket without completing the handshake.
      On the server side this causes an OSError to be thrown from SSLContext.wrap_socket(), which is not caught in TSSLServerSocket.accept().

      This works on older installations, so presumably either Python or OpenSSL has changed to cause an OSError instead of a SSLError.

      Catching OSError in accept() and handling it the same as SSLError looks like a reasonable fix.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jking3 James E. King III
                Reporter:
                hakon HÃ¥kon Hitland
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: