[jira] [Commented] (THRIFT-792) TSocket hides underlying exceptions when open() fails

Fri, 17 Oct 2025 14:01:26 -0700 


    [ 
https://issues.apache.org/jira/browse/THRIFT-792?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18030756#comment-18030756
 ] 

Michael Smith commented on THRIFT-792:
--------------------------------------

This is still a problem. It becomes more so with 
https://github.com/apache/thrift/commit/7ec41775f2f244741c7c1ef1236a96d71648c498,
 where TSSLSocket.open() defers to OpenSSL to check hostnames. The SSL error 
message
{code}
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate 
verify failed: IP address mismatch, certificate is not valid for '::1'. 
(_ssl.c:1131)
{code}
is swallowed, and where previously we would get an error like
{code}
[Exception] Error connecting TTransportException ("hostname '::1' doesn't match 
either of 'alsoBad', '*.impala.test'",)
{code}
we now get
{code}
[Exception] Error connecting TTransportException Could not connect to any of 
[('::1', 21050, 0, 0)]
{code}

> TSocket hides underlying exceptions when open() fails 
> ------------------------------------------------------
>
>                 Key: THRIFT-792
>                 URL: https://issues.apache.org/jira/browse/THRIFT-792
>             Project: Thrift
>          Issue Type: Bug
>          Components: Python - Library
>    Affects Versions: 0.2
>         Environment: Linux & Python 2.6
>            Reporter: tholzer
>            Priority: Minor
>              Labels: TSocket, connect, error, exception, open, socket
>
> When opening a socket via Thrift, the exception message simply says:
> "Could not connect to localhost:9160"
> The underlying OS error is lost. This is a classic example of the 
> anti-pattern called "exception masquerading". The exception handler loses 
> essential information related to the source of the error. This makes 
> troubleshooting difficult.
> The problem lies inside TSocket.py, the original socket.error is simply 
> discarded:
> {noformat} 
> try:
>   ... connect() ...
> except socket.error, e:
>       ...
>       message = 'Could not connect to %s:%d' % (self.host, self.port)
>       raise TTransportException(TTransportException.NOT_OPEN, message)
> {noformat} 
> To reproduce
> {noformat}thrift.transport.TSocket.TSocket().open(){noformat} 
> Excpected behaviour:
> The TTransportException should carry as much information as possible relating 
> to the original error, e.g.:
> Could not connect to (localhost:9090): (<class 'socket.error'>, error(111, 
> 'Connection refused'))
> The TTransportException should carry the real exception it was trying to hide 
> as a member variable so that the caller can take appropriate action in case 
> of transient failures (e.g. EINTR).



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to