failed incoming SSL connection stays open forever

[PeterSaveliev]

BPO	17918
Nosy	@pitrou
Files	ssl_handshake_testcase.py: simple SSL server testcase

^{Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.}

Show more details

GitHub fields:

assignee = None
closed_at = <Date 2013-05-06.20:20:30.902>
created_at = <Date 2013-05-06.14:27:32.887>
labels = ['performance']
title = 'failed incoming SSL connection stays open forever'
updated_at = <Date 2013-05-06.20:20:30.901>
user = 'https://bugs.python.org/PeterSaveliev'

bugs.python.org fields:

activity = <Date 2013-05-06.20:20:30.901>
actor = 'pitrou'
assignee = 'none'
closed = True
closed_date = <Date 2013-05-06.20:20:30.902>
closer = 'pitrou'
components = []
creation = <Date 2013-05-06.14:27:32.887>
creator = 'Peter.Saveliev'
dependencies = []
files = ['30150']
hgrepos = []
issue_num = 17918
keywords = []
message_count = 4.0
messages = ['188544', '188559', '188582', '188584']
nosy_count = 3.0
nosy_names = ['pitrou', 'python-dev', 'Peter.Saveliev']
pr_nums = []
priority = 'normal'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'resource usage'
url = 'https://bugs.python.org/issue17918'
versions = ['Python 2.6', 'Python 2.7']

[PeterSaveliev]

Important: only Python2 versions are affected. Python3 works OK.
Possibly related issue: http://bugs.python.org/issue12378 (differs: see the line above)

Having a server with SSLSocket waiting for connections, the incoming connection, failed on automatic do_handshake(), stays open forever — accept() raises the SSLError and does not return client connection socket.

Steps to reproduce
==================

server side:

1. create a SOCK_STREAM socket
2. wrap it with wrap_socket()
3. listen()
4. accept()

client side:

1. telnet to this port
2. enter any random text

How reproducible
================

In all 146%

Expected results
================

1. Incoming connection is closed and client disconnected

Actual results
==============

1. On the server side, due to exception, the reference to the incoming connection gets lost.
2. The client stays connected as long as the server operates.

[PeterSaveliev]

Possible solution would be something like that in SSLSocket.do_handshake():

try:
    self._sslobj.do_handshake()
except SSLError as e:  # or even any Exception?
    self._sock.close()
    raise e

[pitrou]

Thanks for reporting. For maximum backwards compatibility, the safer fix is to close the socket only in SSLSocket.accept().
Unfortunately I can't think of a way to write a unittest for it, so I'll just commit the fix.

[python-dev]

New changeset 85e5a93e534e by Antoine Pitrou in branch '2.7':
Issue bpo-17918: When using SSLSocket.accept(), if the SSL handshake failed on the new socket, the socket would linger indefinitely.
http://hg.python.org/cpython/rev/85e5a93e534e