Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pyOpenSSL doesn’t cope with error routines returning None #3

Closed
hynek opened this issue Jan 10, 2014 · 4 comments
Closed

pyOpenSSL doesn’t cope with error routines returning None #3

hynek opened this issue Jan 10, 2014 · 4 comments
Labels
bug

Comments

@hynek
Copy link
Contributor

hynek commented Jan 10, 2014

I wanted to play around with pyOpenSSL’s alpha release and our new TLS features in Twisted and ran into a problem: If I build cryptography with homebrew’s OpenSSL (1.0.1e), I get the following traceback:

Traceback (most recent call last):
  File "treq_ciphers.py", line 4, in <module>
    import treq
  File "/Users/hynek/.virtualenvs/6a9b7aac7004383e/lib/python2.7/site-packages/treq/__init__.py", line 3, in <module>
    from treq.api import head, get, post, put, patch, delete, request
  File "/Users/hynek/.virtualenvs/6a9b7aac7004383e/lib/python2.7/site-packages/treq/api.py", line 1, in <module>
    from treq.client import HTTPClient
  File "/Users/hynek/.virtualenvs/6a9b7aac7004383e/lib/python2.7/site-packages/treq/client.py", line 9, in <module>
    from twisted.web.client import (
  File "/Users/hynek/Projects/Twisted/twisted/web/client.py", line 31, in <module>
    from twisted.web import http
  File "/Users/hynek/Projects/Twisted/twisted/web/http.py", line 93, in <module>
    from twisted.internet import interfaces, reactor, protocol, address
  File "/Users/hynek/Projects/Twisted/twisted/internet/reactor.py", line 38, in <module>
    from twisted.internet import default
  File "/Users/hynek/Projects/Twisted/twisted/internet/default.py", line 56, in <module>
    install = _getInstallFunction(platform)
  File "/Users/hynek/Projects/Twisted/twisted/internet/default.py", line 50, in _getInstallFunction
    from twisted.internet.selectreactor import install
  File "/Users/hynek/Projects/Twisted/twisted/internet/selectreactor.py", line 18, in <module>
    from twisted.internet import posixbase
  File "/Users/hynek/Projects/Twisted/twisted/internet/posixbase.py", line 24, in <module>
    from twisted.internet import error, udp, tcp
  File "/Users/hynek/Projects/Twisted/twisted/internet/tcp.py", line 29, in <module>
    from twisted.internet._newtls import (
  File "/Users/hynek/Projects/Twisted/twisted/internet/_newtls.py", line 21, in <module>
    from twisted.protocols.tls import TLSMemoryBIOFactory, TLSMemoryBIOProtocol
  File "/Users/hynek/Projects/Twisted/twisted/protocols/tls.py", line 44, in <module>
    Connection(Context(TLSv1_METHOD), None)
  File "/Users/hynek/.virtualenvs/6a9b7aac7004383e/lib/python2.7/site-packages/OpenSSL/SSL.py", line 269, in __init__
    _raise_current_error()
  File "/Users/hynek/.virtualenvs/6a9b7aac7004383e/lib/python2.7/site-packages/OpenSSL/_util.py", line 14, in exception_from_error_queue
    ffi.string(lib.ERR_func_error_string(error)),
  File "/Users/hynek/.virtualenvs/6a9b7aac7004383e/lib/python2.7/site-packages/cffi/api.py", line 251, in string
    return self._backend.string(cdata, maxlen)
RuntimeError: cannot use string() on <cdata 'char *' NULL>
  • It does not happen with OS X’s shipped OpenSSL (0.9.8y)
  • It does not happen on Ubuntu 12.04 LTS.
  • It does not happen with PyOpenSSL 0.13.1
  • I tried older Twisted versions too and it happens all the way back to 12.3.0.
@hynek
Copy link
Contributor Author

hynek commented Jan 10, 2014

I have investigated; the check is okay but lib.ERR_*_error_string(error) can return None nevertheless. No idea why that happens but it does and should taken into account.

@hynek hynek mentioned this issue Jan 10, 2014
Merged
@hynek
Copy link
Contributor Author

hynek commented Jan 10, 2014

One more bit:

We’re coping with three problems, so I changed the title of this bug to limit it to two. :)

  1. lib.ERR_*_error_string(error) can return None and we don’t handle that,
  2. in order to get error strings, you need to call ERR_load_SSL_strings first (and free them afterwards I reckon).
    cryptography does not expose this yet, I’ll try to get it into it ASAP: Expose ERR_load_SSL_strings cryptography#452.

My main problem which made me stumble into the above, is that (after fixing above problems), I get:

OpenSSL.SSL.Error: [('SSL routines', 'SSL_CTX_new', 'library has no ciphers')]

if cryptography is installed normally, but it works if installed with pip install -e. This will go into separate issue once I know more.

@hynek hynek mentioned this issue Jan 16, 2014
Closed
@exarkun exarkun mentioned this issue Jan 18, 2014
Merged
@exarkun
Copy link
Member

exarkun commented Feb 2, 2014

pyOpenSSL still doesn't try to handle None being returned by this API but with the correct initialization now being done I no longer know how to trigger that case. :)

Perhaps this is still hypothetically a problem but not a major one in practice?

Please let me know if you can still reproduce this. If so, I'll try to make it a priority for 0.14. If not, I will probably let it slip to 0.15.

@hynek
Copy link
Contributor Author

hynek commented Feb 2, 2014

I’m not sure if it can happen barring the lack of loading of error strings. But I kind of doubt it.

@hynek hynek closed this as completed Feb 2, 2014
This was referenced Jun 25, 2014
Closed
Closed
@tiran tiran mentioned this issue May 28, 2015
Closed
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 19, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hynek @exarkun