Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. ItΒ collects links to all the places you might be looking at while hunting down a tough bug.
And, if youβre still stuck at the end, weβre happy to hop on a call to see how we can help out.
Improve support for TLS 1.3 post-handshake auth
See original GitHub issueβ Iβm submitting a β¦
- π bug report
- π£ feature request
- β question about the decisions made in the repository
π Describe the bug. What is the current behavior?
Failed TLS auth causes an exception happening after the TLS handshake if the client uses post_handshake_auth TLS extension. This happens when the server tries to read bytes with HTTP payload from the TCP connection (when starting to parse HTTP request). This code should also be protected by try/except wrapper.
β What is the motivation / use case for changing the behavior?
Make it work.
π‘ To Reproduce
N/A
π‘ Expected behavior
No traceback.
π Details
π Environment
- Cheroot version: master
- CherryPy version: master
- Python version: 3.7
- OS: N/A
- Browser: N/A
π Additional context
https://github.com/cherrypy/cherrypy/issues/1509#issuecomment-504750442
2019-06-23 11:45:27,812::WARNING::[_cplogging:216] [23/Jun/2019:11:45:27] ENGINE socket.error 1
Traceback (most recent call last):
File "C:\Users\Saf\Documents\GitHub\tests\py3\lib\site-packages\cheroot\server.py", line 1263, in communicate
req.parse_request()
File "C:\Users\Saf\Documents\GitHub\tests\py3\lib\site-packages\cheroot\server.py", line 719, in parse_request
success = self.read_request_line()
File "C:\Users\Saf\Documents\GitHub\tests\py3\lib\site-packages\cheroot\server.py", line 760, in read_request_line
request_line = self.rfile.readline()
File "C:\Users\Saf\Documents\GitHub\tests\py3\lib\site-packages\cheroot\server.py", line 302, in readline
data = self.rfile.readline(256)
File "C:\Users\Saf\AppData\Local\Programs\Python\Python37\Lib\_pyio.py", line 513, in readline
b = self.read(nreadahead())
File "C:\Users\Saf\AppData\Local\Programs\Python\Python37\Lib\_pyio.py", line 492, in nreadahead
readahead = self.peek(1)
File "C:\Users\Saf\AppData\Local\Programs\Python\Python37\Lib\_pyio.py", line 1076, in peek
return self._peek_unlocked(size)
File "C:\Users\Saf\AppData\Local\Programs\Python\Python37\Lib\_pyio.py", line 1083, in _peek_unlocked
current = self.raw.read(to_read)
File "C:\Users\Saf\AppData\Local\Programs\Python\Python37\Lib\socket.py", line 589, in readinto
return self._sock.recv_into(b)
File "C:\Users\Saf\AppData\Local\Programs\Python\Python37\Lib\ssl.py", line 1052, in recv_into
return self.read(nbytes, buffer)
File "C:\Users\Saf\AppData\Local\Programs\Python\Python37\Lib\ssl.py", line 911, in read
return self._sslobj.read(len, buffer)
ssl.SSLError: [SSL: SSLV3_ALERT_BAD_CERTIFICATE] sslv3 alert bad certificate (_ssl.c:2488)
cc @Safihre
Issue Analytics
- State:
- Created 4 years ago
- Comments:5 (4 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@thezoggy weβre unable to debug third-party software. The reproducer would need to be Cheroot-based and have no dependencies on unrelated libraries. Itβs best to submit it as a pytest-based test in this repository, simulating the said case consistently.
its easy to reproduce this in sabnzbd with latest cherrypy/cheroot, if you try to go to the instance in firefox on android, https://wanip:port it will throw the traceback with a self-signed cert.
would be nice to just suppress this traceback