You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
SecureTransport does not handle SSL custom-verification failure correctly. Instead of sending an alert and terminating the socket, the client socket leaks thus hanging the server socket.
Expected behavior
When custom-verification is enabled, SecureTransport should terminate the connection.
Actual behavior
While SecureTransport fails custom validation, an SSLError is raised but the socket itself is not terminated:
hodbn
changed the title
SecureTransport does not close unverified connections currectly
SecureTransport does not close unverified connections correctly
Sep 21, 2020
SecureTransport does not handle SSL custom-verification failure correctly. Instead of sending an alert and terminating the socket, the client socket leaks thus hanging the server socket.
Expected behavior
When custom-verification is enabled,
SecureTransport
should terminate the connection.Actual behavior
While
SecureTransport
fails custom validation, anSSLError
is raised but the socket itself is not terminated:urllib3/src/urllib3/contrib/securetransport.py
Lines 446 to 449 in d79e82a
this leads to a
conn.close()
:urllib3/src/urllib3/connectionpool.py
Lines 754 to 760 in d79e82a
but
conn.sock
is stillNone
, it will only be assigned the socket after (and only if) the socket is wrapped successfully:urllib3/src/urllib3/connection.py
Line 389 in d79e82a
Reproduction
This snippet hangs the server eventually instead of failing
NUM_CONNECTIONS
times cleanly.The text was updated successfully, but these errors were encountered: