gh-127257: ssl: Raise OSError for ERR_LIB_SYS#127361
Merged
Uh oh!
There was an error while loading. Please reload this page.
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
From the ERR_raise manpage: ERR_LIB_SYS This "library code" indicates that a system error is being reported. In this case, the reason code given to `ERR_raise()` and `ERR_raise_data()` *must* be `errno(3)`.
MemberAuthor
encukou commented Nov 28, 2024
!buildbot Arch.Linux |
bedevere-bot commented Nov 28, 2024
🤖 New build scheduled with the buildbot fleet by @encukou for commit 0098897 🤖 The command will test the builders whose names match following regular expression: The builders matched are:
|
Contributor
petermarko commented Nov 28, 2024
This fixes #125936 for me. |
halstead pushed a commit to yoctoproject/poky that referenced this pull request Nov 29, 2024
python/cpython#127331python/cpython#127361 (From OE-Core rev: e271e9cbf896f1fb97d56c426e4217a6d2105ea4) Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Richard Purdie <[email protected]>
halstead pushed a commit to openembedded/openembedded-core that referenced this pull request Nov 29, 2024
python/cpython#127331python/cpython#127361 Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Richard Purdie <[email protected]>
halstead pushed a commit to yoctoproject/poky that referenced this pull request Nov 29, 2024
python/cpython#127331python/cpython#127361 (From OE-Core rev: e5f3a1793e34fb4cd1e53ca60b67f9a9f084b7a6) Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Richard Purdie <[email protected]>
halstead pushed a commit to openembedded/openembedded-core that referenced this pull request Nov 29, 2024
python/cpython#127331python/cpython#127361 Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Richard Purdie <[email protected]>
MemberAuthor
encukou commented Dec 4, 2024
ssl experts (@jackjansen, @tiran, @dstufft, @alex): Do you want to check the change? |
MemberAuthor
encukou commented Dec 9, 2024
If there are no objections, I'll merge tomorrow to unblock the buildbots. |
vstinner approved these changes Dec 9, 2024
Member
vstinner left a comment
vstinner left a comment There was a problem hiding this comment.
The change looks good to me. I don't know how to test it in a reliable way. Let's see how it goes with EPIPE and OpenSSL 3.4.
encukou merged commit f4b31ed into python:main 4 checks passed
Uh oh!
There was an error while loading. Please reload this page.
Thanks @encukou for the PR 🌮🎉.. I'm working now to backport this PR to: 3.13. |
miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Dec 11, 2024
From the ERR_raise manpage: ERR_LIB_SYS This "library code" indicates that a system error is being reported. In this case, the reason code given to `ERR_raise()` and `ERR_raise_data()` *must* be `errno(3)`. This PR only handles ERR_LIB_SYS for the high-lever error types SSL_ERROR_SYSCALL and SSL_ERROR_SSL, i.e., not the ones where OpenSSL indicates it has some more information about the issue. (cherry picked from commit f4b31ed) Co-authored-by: Petr Viktorin <[email protected]>
GH-127812 is a backport of this pull request to the 3.13 branch. |
encukou added a commit that referenced this pull request Dec 12, 2024
…127812) gh-127257: ssl: Raise OSError for ERR_LIB_SYS (GH-127361) From the ERR_raise manpage: ERR_LIB_SYS This "library code" indicates that a system error is being reported. In this case, the reason code given to `ERR_raise()` and `ERR_raise_data()` *must* be `errno(3)`. This PR only handles ERR_LIB_SYS for the high-lever error types SSL_ERROR_SYSCALL and SSL_ERROR_SSL, i.e., not the ones where OpenSSL indicates it has some more information about the issue. (cherry picked from commit f4b31ed) Co-authored-by: Petr Viktorin <[email protected]>
Thanks @encukou for the PR 🌮🎉.. I'm working now to backport this PR to: 3.12. |
Thanks @encukou for the PR 🌮🎉.. I'm working now to backport this PR to: 3.12. |
miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Dec 13, 2024
From the ERR_raise manpage: ERR_LIB_SYS This "library code" indicates that a system error is being reported. In this case, the reason code given to `ERR_raise()` and `ERR_raise_data()` *must* be `errno(3)`. This PR only handles ERR_LIB_SYS for the high-lever error types SSL_ERROR_SYSCALL and SSL_ERROR_SSL, i.e., not the ones where OpenSSL indicates it has some more information about the issue. (cherry picked from commit f4b31ed) Co-authored-by: Petr Viktorin <[email protected]>
GH-127905 is a backport of this pull request to the 3.12 branch. |
encukou added a commit that referenced this pull request Dec 16, 2024
…127905) gh-127257: ssl: Raise OSError for ERR_LIB_SYS (GH-127361) From the ERR_raise manpage: ERR_LIB_SYS This "library code" indicates that a system error is being reported. In this case, the reason code given to `ERR_raise()` and `ERR_raise_data()` *must* be `errno(3)`. This PR only handles ERR_LIB_SYS for the high-lever error types SSL_ERROR_SYSCALL and SSL_ERROR_SSL, i.e., not the ones where OpenSSL indicates it has some more information about the issue. (cherry picked from commit f4b31ed) Co-authored-by: Petr Viktorin <[email protected]>
leimaohui pushed a commit to ubinux/yocto-ubinux that referenced this pull request Dec 25, 2024
python/cpython#127331python/cpython#127361 (From OE-Core rev: e5f3a1793e34fb4cd1e53ca60b67f9a9f084b7a6) Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Richard Purdie <[email protected]>
leimaohui pushed a commit to ubinux/yocto-ubinux that referenced this pull request Dec 25, 2024
python/cpython#127331python/cpython#127361 (From OE-Core rev: e5f3a1793e34fb4cd1e53ca60b67f9a9f084b7a6) Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Richard Purdie <[email protected]>
srinivasreddy pushed a commit to srinivasreddy/cpython that referenced this pull request Jan 8, 2025
From the ERR_raise manpage: ERR_LIB_SYS This "library code" indicates that a system error is being reported. In this case, the reason code given to `ERR_raise()` and `ERR_raise_data()` *must* be `errno(3)`. This PR only handles ERR_LIB_SYS for the high-lever error types SSL_ERROR_SYSCALL and SSL_ERROR_SSL, i.e., not the ones where OpenSSL indicates it has some more information about the issue.
cjwatson added a commit to cjwatson/urllib3 that referenced this pull request Jan 9, 2025
OpenSSL 3.4.0 returns `ERR_LIB_SYS` in some more situations than it used to. In the case exercised by `SingleTLSLayerTestCase.test_close_after_handshake`, python/cpython#127361 (also backported to the 3.12 and 3.13 branches) turns this into `BrokenPipeError`. It seems reasonable to treat this in the same way as `ConnectionAbortedError` and `ConnectionResetError`.
illia-v pushed a commit to urllib3/urllib3 that referenced this pull request Feb 2, 2025
OpenSSL 3.4.0 returns `ERR_LIB_SYS` in some more situations than it used to. In the case exercised by `SingleTLSLayerTestCase.test_close_after_handshake`, python/cpython#127361 (also backported to the 3.12 and 3.13 branches) turns this into `BrokenPipeError`. It seems reasonable to treat this in the same way as `ConnectionAbortedError` and `ConnectionResetError`.
13 tasks
Contributor
stratakis commented Apr 1, 2025
We started seeing this on 3.11 and 3.10 in Fedora Rawhide which moved to OpenSSL 3.5 beta (due to unrelated to this issue ssl test failures). Would this be considered a security fix to backport for the security releases as more and more distros start moving to the latest OpenSSL? |
vstinner pushed a commit to vstinner/cpython that referenced this pull request Apr 1, 2025
…127361) (pythonGH-127905) pythongh-127257: ssl: Raise OSError for ERR_LIB_SYS (pythonGH-127361) From the ERR_raise manpage: ERR_LIB_SYS This "library code" indicates that a system error is being reported. In this case, the reason code given to `ERR_raise()` and `ERR_raise_data()` *must* be `errno(3)`. This PR only handles ERR_LIB_SYS for the high-lever error types SSL_ERROR_SYSCALL and SSL_ERROR_SSL, i.e., not the ones where OpenSSL indicates it has some more information about the issue. (cherry picked from commit f4b31ed) Co-authored-by: Petr Viktorin <[email protected]> (cherry picked from commit 7f707fa)
Member
vstinner commented Apr 1, 2025
IMO we can make an exception for this change and backport it to 3.11 and 3.10. I prepared backports: |
ambv pushed a commit that referenced this pull request Apr 3, 2025
…127905) (GH-131970) gh-127257: ssl: Raise OSError for ERR_LIB_SYS (GH-127361) From the ERR_raise manpage: ERR_LIB_SYS This "library code" indicates that a system error is being reported. In this case, the reason code given to `ERR_raise()` and `ERR_raise_data()` *must* be `errno(3)`. This PR only handles ERR_LIB_SYS for the high-lever error types SSL_ERROR_SYSCALL and SSL_ERROR_SSL, i.e., not the ones where OpenSSL indicates it has some more information about the issue. (cherry picked from commit f4b31ed) (cherry picked from commit 7f707fa) Co-authored-by: Petr Viktorin <[email protected]>
ambv pushed a commit that referenced this pull request Apr 3, 2025
…127905) (GH-131971) gh-127257: ssl: Raise OSError for ERR_LIB_SYS (GH-127361) From the ERR_raise manpage: ERR_LIB_SYS This "library code" indicates that a system error is being reported. In this case, the reason code given to `ERR_raise()` and `ERR_raise_data()` *must* be `errno(3)`. This PR only handles ERR_LIB_SYS for the high-lever error types SSL_ERROR_SYSCALL and SSL_ERROR_SSL, i.e., not the ones where OpenSSL indicates it has some more information about the issue. (cherry picked from commit f4b31ed) (cherry picked from commit 7f707fa) Co-authored-by: Petr Viktorin <[email protected]>
stratakis pushed a commit to stratakis/cpython that referenced this pull request Apr 16, 2025
…pythonGH-127905) (pythonGH-131971) pythongh-127257: ssl: Raise OSError for ERR_LIB_SYS (pythonGH-127361) From the ERR_raise manpage: ERR_LIB_SYS This "library code" indicates that a system error is being reported. In this case, the reason code given to `ERR_raise()` and `ERR_raise_data()` *must* be `errno(3)`. This PR only handles ERR_LIB_SYS for the high-lever error types SSL_ERROR_SYSCALL and SSL_ERROR_SSL, i.e., not the ones where OpenSSL indicates it has some more information about the issue. (cherry picked from commit f4b31ed) (cherry picked from commit 7f707fa) Co-authored-by: Petr Viktorin <[email protected]>
stratakis pushed a commit to stratakis/cpython that referenced this pull request Apr 16, 2025
The patch resolves the flakiness of test_ftplib Backported from upstream 3.10+: python#127361 Co-authored-by: Petr Viktorin <[email protected]>
hrnciar pushed a commit to fedora-python/cpython that referenced this pull request Apr 23, 2025
The patch resolves the flakiness of test_ftplib Backported from upstream 3.10+: python#127361 Co-authored-by: Petr Viktorin <[email protected]>
hroncok pushed a commit to fedora-python/cpython that referenced this pull request Jul 4, 2025
The patch resolves the flakiness of test_ftplib Backported from upstream 3.10+: python#127361 Co-authored-by: Petr Viktorin <[email protected]>
frenzymadness pushed a commit to fedora-python/cpython that referenced this pull request Aug 12, 2025
The patch resolves the flakiness of test_ftplib Backported from upstream 3.10+: python#127361 Co-authored-by: Petr Viktorin <[email protected]>
Sign up for freeto join this conversation on GitHub. Already have an account? Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
One way OpenSSL can report a failed syscall is SSL_ERROR_SYSCALL. We have that one covered.
But, another way is ERR_LIB_SYS. Apparently, it's being used more now, and causing issues on OpenSSL 3.4.0 on Arch buildbots.
From the ERR_raise manpage:
This PR only handles
ERR_LIB_SYSfor the high-lever error typesSSL_ERROR_SYSCALLandSSL_ERROR_SSL, i.e., not the ones whereOpenSSL indicates it has some more information about the issue.
I believe it's correct to raise OSError rather that SSLError
in these cases. That makes this a backwards-incompatible change
(but one we still might want to backport as a bugfix).
The error on Arch with OpenSSL 3.4.0 is broken pipe (EPIPE) when a client reads after the server shuts down. On my Arch, raising OSError makes
test_poplippass.