Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

should catch ssl.CertificateError and reraise ClientConnectionError #1116

Closed
jwilk opened this issue Aug 24, 2016 · 2 comments
Closed

should catch ssl.CertificateError and reraise ClientConnectionError #1116

jwilk opened this issue Aug 24, 2016 · 2 comments
Labels
invalid This doesn't seem right outdated wontfix

Comments

@jwilk
Copy link
Contributor

jwilk commented Aug 24, 2016

Long story short

I'd like to catch all client errors, including certificate errors, but except aiohttp.errors.ClientError is not sufficient.

Expected behaviour

All kinds of certificate error should cause an instance of (a subclass of) aiohttp.errors.ClientConnectionError to be raised.

Actual behaviour

When there's mismatch between the hostname and the certificate's CN/SAN, ssl.CertificateError is raised.
(And, for some reason, its traceback is printed on stderr, even when I catch it. 😬)

Steps to reproduce

Run the following code:

import asyncio
import aiohttp

async def main(url):
    async with aiohttp.ClientSession() as session:
        try:
            async with session.get(url):
                await response.read()
        except aiohttp.errors.ClientError as exc:
            pass
        except Exception as exc:
            print('Unexpected {!r}'.format(exc))

url = 'https://wrong.host.badssl.com'
loop = asyncio.get_event_loop()
loop.run_until_complete(main(url))
loop.close()

You will get:

Exception in callback None
handle: <Handle cancelled>
Traceback (most recent call last):
  File "/usr/lib/python3.5/asyncio/events.py", line 125, in _run
    self._callback(*self._args)
  File "/usr/lib/python3.5/asyncio/selector_events.py", line 677, in _read_ready
    self._protocol.data_received(data)
  File "/usr/lib/python3.5/asyncio/sslproto.py", line 493, in data_received
    ssldata, appdata = self._sslpipe.feed_ssldata(data)
  File "/usr/lib/python3.5/asyncio/sslproto.py", line 201, in feed_ssldata
    self._sslobj.do_handshake()
  File "/usr/lib/python3.5/ssl.py", line 638, in do_handshake
    match_hostname(self.getpeercert(), self.server_hostname)
  File "/usr/lib/python3.5/ssl.py", line 297, in match_hostname
    % (hostname, ', '.join(map(repr, dnsnames))))
ssl.CertificateError: hostname 'wrong.host.badssl.com' doesn't match either of '*.badssl.com', 'badssl.com'
Unexpected CertificateError("hostname 'wrong.host.badssl.com' doesn't match either of '*.badssl.com', 'badssl.com'",)

Your environment

aiohttp from git master (d8848dd), Python 3.5.2, Linux.
@asvetlov asvetlov added the invalid This doesn't seem right label Aug 26, 2016
@asvetlov
Copy link
Member

No, it shouldn't
aiohttp has too complex exception hierarchy, I'd like to relax it instead of adding a new class.
In extreme we will end with duplicating add python standard exceptions which is bad.

Regarding to printing traceback -- it's an asyncio bug, see python/asyncio#404

@oherrala oherrala mentioned this issue Jan 8, 2017
Open
@lock
Copy link

lock bot commented Oct 29, 2019

This thread has been automatically locked since there has not been
any recent activity after it was closed. Please open a new issue for
related bugs.

If you feel like there's important points made in this discussion,
please include those exceprts into that new issue.

@lock lock bot added the outdated label Oct 29, 2019
@lock lock bot locked as resolved and limited conversation to collaborators Oct 29, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
invalid This doesn't seem right outdated wontfix
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jwilk @asvetlov