[issue27629] Cannot create ssl.SSLSocket without existing socket

[Christian Heimes]

Christian Heimes added the comment:

I have created #27629 to allow customization of SSLObject and SSLSocket. I'm 
closing this as "won't fix" because I rather want people to move away from 
ssl.wrap_socket() and manual instantiation of SSLSocket.

--
resolution:  -> wont fix
stage: patch review -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27629] Cannot create ssl.SSLSocket without existing socket

[Christian Heimes]

Christian Heimes added the comment:

How about I make the actual SSLSocket and SSLObject class customizable so you 
can override what is returned by wrap_socket() and wrap_bio()?

class MySSLSocket(ssl.SSLSocket):
pass

ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
ctx.sslsocket_class = MySSLSocket
sock = ctx.wrap_socket(socket.socket(), server_side=True)
assert isinstance(sock, MySSLSocket)

--
versions: +Python 3.7 -Python 3.5, Python 3.6

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27629] Cannot create ssl.SSLSocket without existing socket

[nemunaire]

Changes by nemunaire :


Removed file: 
http://bugs.python.org/file43927/fix_sslsocket_init_without_socket_3_3-3_6.patch

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27629] Cannot create ssl.SSLSocket without existing socket

[nemunaire]

nemunaire added the comment:

The documentation already recommends to use SSLContext.wrap_socket(), but it 
didn't cover all use cases. Eg. I use multiple inheritance to handle both 
socket and SSLSocket inside a factory pattern, in order to override some 
methods defined in both classes. If I use SSLContext.wrap_socket(), it erases 
my overrides.

As the patch add some tests on this feature, this is no more dead code; however 
I let you decide the future of this issue: I've updated my patch with your 
remarks if you want to include it (it applies from Python 3.3 to current Python 
3.6).

--
Added file: 
http://bugs.python.org/file45778/fix_sslsocket_init_without_socket_3_3-3_6.patch

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27629] Cannot create ssl.SSLSocket without existing socket

[Christian Heimes]

Changes by Christian Heimes :


--
assignee:  -> christian.heimes
components: +SSL

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27629] Cannot create ssl.SSLSocket without existing socket

[Christian Heimes]

Christian Heimes added the comment:

I'm considering to not fix this bug and rather remove the dead code. This 
feature was never documented and has been broken since 3.3, maybe earlier. It's 
also hard to use it correctly because you need to pass the correct socket 
family and type.

For 3.6 I'm planning to deprecate SSLSocket.__init__() in favor of 
SSLContext.wrap_socket() anyway. Please use 
https://docs.python.org/3/library/socket.html#socket.socket with fileno 
argument. It auto-detects the correct socket type and family.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27629] Cannot create ssl.SSLSocket without existing socket

[Christian Heimes]

Christian Heimes added the comment:

The patch is incomplete. Please also check that type == SOCK_STREAM. The code 
can be simplified with a bitmask test:

if sock is not None:
type = sock.type
if type & socket.SOCK_STREAM != socket.SOCK_STREAM:
raise NotImplementedError

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27629] Cannot create ssl.SSLSocket without existing socket

[nemunaire]

Changes by nemunaire :


Removed file: 
http://bugs.python.org/file43900/fix_sslsocket_init_without_socket_3.3-3_6.patch

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27629] Cannot create ssl.SSLSocket without existing socket

[nemunaire]

nemunaire added the comment:

Here is a new patch with tests on constructor.

The patch on the feature is quite different: instead of testing for None 
socket, I choose to delay the != SOCK_STREAM check in the later condition, when 
we know we treat a socket.

Tests include different constructor forms: with a given socket, with a fileno 
(didn't work either, before this patch) and without socket nor file descriptor 
(as in my original test).

I don't have sufficient background to judge if tests will work on all platform 
(eg. fileno and windows, ...).

Here is the interesting diff of the tests on SSL (before/after applying the 
patch on the feature):

32c32
< test_constructor (__main__.BasicSocketTests) ... ERROR
---
> test_constructor (__main__.BasicSocketTests) ... ok
519,528d518
< ERROR: test_constructor (__main__.BasicSocketTests)
< --
< Traceback (most recent call last):
<   File "test_ssl.py", line 149, in test_constructor
< ss = ssl.SSLSocket()
<   File "/usr/lib/python3.4/ssl.py", line 545, in __init__
< if sock.getsockopt(SOL_SOCKET, SO_TYPE) != SOCK_STREAM:
< AttributeError: 'NoneType' object has no attribute 'getsockopt'
< 
< ==

--
Added file: 
http://bugs.python.org/file43927/fix_sslsocket_init_without_socket_3_3-3_6.patch

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27629] Cannot create ssl.SSLSocket without existing socket

[STINNER Victor]

STINNER Victor added the comment:

The change introducing the != SOCK_STREAM check (change a00842b783cf) was made 
in 2013. It looks like the case was not tested since at least 3 years...

> This will need a test in Lib/test/test_ssl.py to check for this particular 
> case.

Yes, this new test is mandatory to make sure that the feature is not broken 
again (check for regression).

The workaround is to pass an existing socket...

--
nosy: +haypo

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27629] Cannot create ssl.SSLSocket without existing socket

[Emanuel Barry]

Emanuel Barry added the comment:

Thank you for the report and the patch! :) This will need a test in 
Lib/test/test_ssl.py to check for this particular case.

I've removed 3.3 and 3.4 from the Versions field, since these versions no 
longer get regular bugfixes (only security bugfixes may go in these). As a 
result, only 3.5 and 3.6 will get the fix.

--
nosy: +alex, christian.heimes, dstufft, ebarry, giampaolo.rodola, janssen, 
pitrou
stage:  -> patch review
versions:  -Python 3.3, Python 3.4

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27629] Cannot create ssl.SSLSocket without existing socket

[nemunaire]

Changes by nemunaire :


--
title: Cannot create raw ssl.SSLSocket -> Cannot create ssl.SSLSocket without 
existing socket

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com