From dda75258c848772ab4f4d76599dbe3beecce5095 Mon Sep 17 00:00:00 2001 From: julianz- Date: Fri, 18 Aug 2023 12:25:50 -0700 Subject: [PATCH 1/8] Updated SSL.py to fix problem caused by SSL_WANT_READ or SSL_WANT_WRITE errors. When SSL_WANT_READ or SSL_WANT_WRITE are encountered, it's typical to retry the call but this must be repeated with the exact same arguments. Without this change, openSSL requires that the address of the buffer passed is the same. However, buffers in python can change location in some circumstances which cause the retry to fail. By add the setting SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER, the requirement for the same buffer address is forgiven and the retry has a better chance of success. See https://github.com/cherrypy/cheroot/issues/245 for discussion. --- src/OpenSSL/SSL.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py index a0d0b6acb..e9ace4e35 100644 --- a/src/OpenSSL/SSL.py +++ b/src/OpenSSL/SSL.py @@ -850,7 +850,7 @@ def __init__(self, method): self._cookie_generate_helper = None self._cookie_verify_helper = None - self.set_mode(_lib.SSL_MODE_ENABLE_PARTIAL_WRITE) + self.set_mode(_lib.SSL_MODE_ENABLE_PARTIAL_WRITE | _lib.SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER) if version is not None: self.set_min_proto_version(version) self.set_max_proto_version(version) From d42a1e3d0ad7ba40114a1a895864ed77fc78f1ab Mon Sep 17 00:00:00 2001 From: julianz- Date: Fri, 18 Aug 2023 15:50:06 -0700 Subject: [PATCH 2/8] Need new version of cryptography that recognizes SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER In order to fix issue described here https://github.com/cherrypy/cheroot/issues/245, we need to use this constant that was removed from https://github.com/pyca/cryptography but now restored --- setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py index 3f27e12dd..4e66ad6f5 100644 --- a/setup.py +++ b/setup.py @@ -96,7 +96,7 @@ def find_meta(meta): packages=find_packages(where="src"), package_dir={"": "src"}, install_requires=[ - "cryptography>=41.0.0,<42", + "cryptography>=41.0.3,<42", ], extras_require={ "test": ["flaky", "pretend", "pytest>=3.0.1"], From d9c8ac86f9a9fd05b9e73c95548a7396f7ff2450 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Sat, 19 Aug 2023 02:53:14 +0000 Subject: [PATCH 3/8] fixed format for flake8/black --- src/OpenSSL/SSL.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py index e9ace4e35..013c86dde 100644 --- a/src/OpenSSL/SSL.py +++ b/src/OpenSSL/SSL.py @@ -850,7 +850,10 @@ def __init__(self, method): self._cookie_generate_helper = None self._cookie_verify_helper = None - self.set_mode(_lib.SSL_MODE_ENABLE_PARTIAL_WRITE | _lib.SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER) + self.set_mode( + _lib.SSL_MODE_ENABLE_PARTIAL_WRITE + | _lib.SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER + ) if version is not None: self.set_min_proto_version(version) self.set_max_proto_version(version) From 87223486c486ab3b77033cd42e73e575e5984f2f Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Sat, 19 Aug 2023 04:11:27 +0000 Subject: [PATCH 4/8] E721 errors raised by flake8 --- tests/test_crypto.py | 8 ++++---- tests/test_ssl.py | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/test_crypto.py b/tests/test_crypto.py index cb2140c3d..cad644c3b 100644 --- a/tests/test_crypto.py +++ b/tests/test_crypto.py @@ -1738,7 +1738,7 @@ def test_construction(self): certificate = X509() assert isinstance(certificate, X509) assert type(certificate).__name__ == "X509" - assert type(certificate) == X509 + assert type(certificate) is X509 def test_set_version_wrong_args(self): """ @@ -3146,7 +3146,7 @@ def test_construction(self): """ revoked = Revoked() assert isinstance(revoked, Revoked) - assert type(revoked) == Revoked + assert type(revoked) is Revoked assert revoked.get_serial() == b"00" assert revoked.get_rev_date() is None assert revoked.get_reason() is None @@ -3441,8 +3441,8 @@ def test_get_revoked(self): revs = crl.get_revoked() assert len(revs) == 2 - assert type(revs[0]) == Revoked - assert type(revs[1]) == Revoked + assert type(revs[0]) is Revoked + assert type(revs[1]) is Revoked assert revs[0].get_serial() == b"03AB" assert revs[1].get_serial() == b"0100" assert revs[0].get_rev_date() == now diff --git a/tests/test_ssl.py b/tests/test_ssl.py index 369f6a6d7..32e43d228 100644 --- a/tests/test_ssl.py +++ b/tests/test_ssl.py @@ -191,7 +191,7 @@ def join_bytes_or_unicode(prefix, suffix): The return type is the same as the type of ``prefix``. """ # If the types are the same, nothing special is necessary. - if type(prefix) == type(suffix): + if type(prefix) is type(suffix): return join(prefix, suffix) # Otherwise, coerce suffix to the type of prefix. From 9d854d7096cb5c1d809824ccc7a756c1ab6d3456 Mon Sep 17 00:00:00 2001 From: julianz- Date: Fri, 18 Aug 2023 23:34:28 -0700 Subject: [PATCH 5/8] Update tox.ini for cryptography version --- tox.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tox.ini b/tox.ini index 94d420723..9b7775224 100644 --- a/tox.ini +++ b/tox.ini @@ -18,7 +18,7 @@ extras = test deps = coverage>=4.2 - cryptographyMinimum: cryptography==38.0.0 + cryptographyMinimum: cryptography==40.0.3 randomorder: pytest-randomly setenv = # Do not allow the executing environment to pollute the test environment From d423315209e9785286d3ec7e4dabd735ef47a949 Mon Sep 17 00:00:00 2001 From: julianz- Date: Sat, 19 Aug 2023 00:36:04 -0700 Subject: [PATCH 6/8] Update tox.ini --- tox.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tox.ini b/tox.ini index 9b7775224..8fe87c86b 100644 --- a/tox.ini +++ b/tox.ini @@ -18,7 +18,7 @@ extras = test deps = coverage>=4.2 - cryptographyMinimum: cryptography==40.0.3 + cryptographyMinimum: cryptography==41.0.3 randomorder: pytest-randomly setenv = # Do not allow the executing environment to pollute the test environment From c2abfbe57392f5a7bb44e3aaf2c1786939e6281e Mon Sep 17 00:00:00 2001 From: julianz- Date: Tue, 23 Jan 2024 09:45:58 -0800 Subject: [PATCH 7/8] Update setup.py Need v42.0.0 or later of Cryptography as this restored the SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER constant which is required for possible fix per https://github.com/cherrypy/cheroot/issues/245 --- setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py index 4e66ad6f5..a9315d048 100644 --- a/setup.py +++ b/setup.py @@ -96,7 +96,7 @@ def find_meta(meta): packages=find_packages(where="src"), package_dir={"": "src"}, install_requires=[ - "cryptography>=41.0.3,<42", + "cryptography>=42.0.0", ], extras_require={ "test": ["flaky", "pretend", "pytest>=3.0.1"], From 9208a1107f24cebfdb0f65d8d606a1dc4a9dd947 Mon Sep 17 00:00:00 2001 From: julianz- Date: Thu, 25 Jan 2024 10:29:50 -0800 Subject: [PATCH 8/8] resolved conflicts --- setup.py | 2 +- tox.ini | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/setup.py b/setup.py index a9315d048..8eb814dc6 100644 --- a/setup.py +++ b/setup.py @@ -96,7 +96,7 @@ def find_meta(meta): packages=find_packages(where="src"), package_dir={"": "src"}, install_requires=[ - "cryptography>=42.0.0", + "cryptography>=41.0.5,<43", ], extras_require={ "test": ["flaky", "pretend", "pytest>=3.0.1"], diff --git a/tox.ini b/tox.ini index 8fe87c86b..05021ea31 100644 --- a/tox.ini +++ b/tox.ini @@ -18,7 +18,7 @@ extras = test deps = coverage>=4.2 - cryptographyMinimum: cryptography==41.0.3 + cryptographyMinimum: cryptography==41.0.5 randomorder: pytest-randomly setenv = # Do not allow the executing environment to pollute the test environment