File 0002-Ignore-OpenSSL-1.1+-Error-0-under-any-Python-while-wrapping-a-socket.patch of Package python-cheroot.17005
diff -urN cheroot-5.4.0.orig/cheroot/_compat.py cheroot-5.4.0/cheroot/_compat.py
--- cheroot-5.4.0.orig/cheroot/_compat.py 2020-10-15 10:43:32.870121831 +0300
+++ cheroot-5.4.0/cheroot/_compat.py 2020-10-15 10:44:43.310826309 +0300
@@ -23,6 +23,13 @@
import six
+try:
+ import ssl
+ IS_ABOVE_OPENSSL10 = ssl.OPENSSL_VERSION_INFO >= (1, 1)
+ del ssl
+except ImportError:
+ IS_ABOVE_OPENSSL10 = None
+
if six.PY3:
def ntob(n, encoding='ISO-8859-1'):
"""Return the given native string as a byte string in the given encoding."""
diff -urN cheroot-5.4.0.orig/cheroot/ssl/builtin.py cheroot-5.4.0/cheroot/ssl/builtin.py
--- cheroot-5.4.0.orig/cheroot/ssl/builtin.py 2020-10-15 10:43:32.870121831 +0300
+++ cheroot-5.4.0/cheroot/ssl/builtin.py 2020-10-15 10:48:55.741350976 +0300
@@ -20,12 +20,31 @@
except ImportError:
DEFAULT_BUFFER_SIZE = -1
-import sys
+import six
from . import Adapter
from .. import errors
+from .._compat import IS_ABOVE_OPENSSL10
from ..makefile import MakeFile
+if six.PY3:
+ generic_socket_error = OSError
+else:
+ import socket
+ generic_socket_error = socket.error
+ del socket
+
+
+def _assert_ssl_exc_contains(exc, *msgs):
+ """Check whether SSL exception contains either of messages provided."""
+ if len(msgs) < 1:
+ raise TypeError(
+ '_assert_ssl_exc_contains() requires '
+ 'at least one message to be passed.'
+ )
+ err_msg_lower = str(exc).lower()
+ return any(m.lower() in err_msg_lower for m in msgs)
+
class BuiltinSSLAdapter(Adapter):
"""A wrapper for integrating Python's builtin ssl module with CherryPy."""
@@ -69,6 +88,7 @@
def wrap(self, sock):
"""Wrap and return the given socket, plus WSGI environ entries."""
+ EMPTY_RESULT = None, {}
try:
if self.context is not None:
s = self.context.wrap_socket(sock, do_handshake_on_connect=True,
@@ -85,7 +105,7 @@
# This is almost certainly due to the cherrypy engine
# 'pinging' the socket to assert it's connectable;
# the 'ping' isn't SSL.
- return None, {}
+ return EMPTY_RESULT
elif e.errno == ssl.SSL_ERROR_SSL:
if 'http request' in e.args[1]:
# The client is speaking HTTP to an HTTPS server.
@@ -99,12 +119,27 @@
for error_text in _block_errors:
if error_text in e.args[1].lower():
# Accepted error, let's pass
- return None, {}
+ return EMPTY_RESULT
elif 'handshake operation timed out' in e.args[0]:
# This error is thrown by builtin SSL after a timeout
# when client is speaking HTTP to an HTTPS server.
# The connection can safely be dropped.
- return None, {}
+ return EMPTY_RESULT
+ raise
+ except generic_socket_error as exc:
+ """It is unclear why exactly this happens.
+
+ It's reproducible only with openssl>1.0 and stdlib ``ssl`` wrapper.
+ In CherryPy it's triggered by Checker plugin, which connects
+ to the app listening to the socket port in TLS mode via plain
+ HTTP during startup (from the same process).
+
+
+ Ref: https://github.com/cherrypy/cherrypy/issues/1618
+ """
+ is_error0 = exc.args == (0, 'Error')
+ if is_error0 and IS_ABOVE_OPENSSL10:
+ return EMPTY_RESULT
raise
return s, self.get_environ(s)