Changes between and of Version 1Version 2Ticket #6782


Ignore:
Timestamp:
10/09/2013 05:03:50 PM (7 years ago)
Author:
Jean-Paul Calderone
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #6782 – Description

    v1 v2  
    11Quoting from the manpage for SSL_do_handshake:
    22
    3 {{{
    4  If the underlying BIO is non-blocking, SSL_do_handshake() will also return when the underlying BIO could not satisfy the needs of SSL_do_handshake() to
    5        continue the handshake. In this case a call to SSL_get_error() with the return value of SSL_do_handshake() will yield SSL_ERROR_WANT_READ or
    6        SSL_ERROR_WANT_WRITE. The calling process then must repeat the call after taking appropriate action to satisfy the needs of SSL_do_handshake().
    7 }}}
     3    If the underlying BIO is non-blocking, SSL_do_handshake() will
     4    also return when the underlying BIO could not satisfy the needs
     5    of SSL_do_handshake() to continue the handshake. In this case a
     6    call to SSL_get_error() with the return value of
     7    SSL_do_handshake() will yield SSL_ERROR_WANT_READ or
     8    SSL_ERROR_WANT_WRITE. The calling process then must repeat the
     9    call after taking appropriate action to satisfy the needs of
     10    SSL_do_handshake().
    811
    9 The code in twisted.protocols.tls is completely wrong, and I suspect that it only works at all because OpenSSL is buggy.  If we fix it, then it becomes possible to fix #6204 (because we'll actually know when the handshake is done) and we can actually report handshake errors correctly (although getting them logged in, say, a web server will require forwarding them to the underlying protocol).
     12The code in `twisted.protocols.tls` is completely wrong, and I suspect that it only works at all because OpenSSL is buggy.  If we fix it, then it becomes possible to fix #6204 (because we'll actually know when the handshake is done) and we can actually report handshake errors correctly (although getting them logged in, say, a web server will require forwarding them to the underlying protocol).
    1013
    1114Here's a partial fix.  It appears to work.  I don't know how to write test cases for it without resorting to some kind of end-to-end test.
    1215
    13 _flushReceiveBIO is still wrong, but it's no worse than before.  (It should handle WantWriteError.)  Simiarly, _write is busted (and this may be a real-world problem if programs write more than 2^15^ bytes in one go after the handshake is done).
     16`_flushReceiveBIO` is still wrong, but it's no worse than before.  (It should handle `WantWriteError`.)  Simiarly, `_write` is busted (and this may be a real-world problem if programs write more than 2^15^ bytes in one go after the handshake is done).
    1417
    15 If something like this is applied, it's probably worth calling pauseProducing at startup and then resuming when the handshake is done.
     18If something like this is applied, it's probably worth calling `pauseProducing` at startup and then resuming when the handshake is done.