cpython (original) (raw)

@ned-deily @asvetlov I've just pushed an update. Long story short, I started to write functional tests for SSL to test this PR and discovered that SSL errors do not propagate correctly. For example, the following code somehow works in the master branch:

reader, writer = await asyncio.open_connection( *addr, ssl=client_sslctx, server_hostname='', loop=self.loop, ssl_handshake_timeout=1.0)

we will get to this line without an error even if

SSL handshake failed and the connection is

in a semi-closed state. o_O

print('HERE')

The latest commit fixes these bugs and adds more SSL tests.

My plan is to backport these changes to uvloop and release a new version today. Since uvloop is quite popular and people report its bugs (as @hynek's report today demonstrated) I expect that if there are any issues with my fixes we'll know about them in a few days.

IMHO this should go into 3.7.0 and it's a shame that our SSL layer is so fragile at this point. I have a developer looking into rewriting SSL properly for Python 3.8: MagicStack/uvloop#158, so hopefully it's not for long.

Please take another look at the PR.