Opened 13 years ago

Closed 12 years ago

#3700 release blocker: regression closed fixed (fixed)

SSL context factory no longer reports errors at creation time

Reported by: Glyph Owned by:
Priority: highest Milestone:
Component: core Keywords:
Cc: Branch: branches/early-ssl-context-error-reporting-3700
branch-diff, diff-cov, branch-cov, buildbot
Author: exarkun

Description

In Twisted 8.2, it was possible to detect bad arguments to DefaultOpenSSLContextFactory and twisted.application.strports.parse by catching OpenSSL.SSL.Error.

Now, due to the fact that cacheContext() is no longer called, these exceptions are no longer raised and you can't tell you've got a dud context until getContext() gets called.

You can see SSL related failures on the Divmod Twisted-trunk buildbot caused by this.

This regression was introduced in r25769, as a result of the changes for #3330.

Even if we revert that revision, this behavior should be documented.

Here's a test program that demonstrates the problem:

from twisted.internet.ssl import DefaultOpenSSLContextFactory
DefaultOpenSSLContextFactory("no-private-key.pem", "no-cert.pem")

Under Twisted 8.2 this will raise an exception, under current trunk it will not.

Change History (7)

comment:1 Changed 12 years ago by Jean-Paul Calderone

Author: exarkun
Branch: branches/early-ssl-context-error-reporting-3700

(In [26521]) Branching to 'early-ssl-context-error-reporting-3700'

comment:2 Changed 12 years ago by Jean-Paul Calderone

Keywords: review added
Owner: Jean-Paul Calderone deleted

Previous behavior restored, with unit tests.

comment:3 Changed 12 years ago by Glyph

Owner: set to Glyph
Status: newassigned

comment:4 Changed 12 years ago by Glyph

Keywords: review removed
Owner: changed from Glyph to Jean-Paul Calderone
Status: assignednew

Nice clean fix. Please add documentation for the _contextFactory attribute/parameter to DefaultOpenSSLContextFactory and land.

comment:5 Changed 12 years ago by Jean-Paul Calderone

(In [26524]) Give DefaultOpenSSLContextFactory a class docstring and document _contextFactory in it

refs #3700

comment:6 Changed 12 years ago by Jean-Paul Calderone

Resolution: fixed
Status: newclosed

(In [26525]) Merge early-ssl-context-error-reporting-3700

Author: exarkun Reviewer: glyph Fixes: #3700

Reinstate the early failure mode for invalid parameters passed to DefaultOpenSSLContextFactory and add tests for this behavior so it is preserved in the future.

comment:7 Changed 11 years ago by <automation>

Owner: Jean-Paul Calderone deleted
Note: See TracTickets for help on using tickets.