Closed blink1073 closed 11 months ago
It's a bit verbose, but you should be able to get that value with os.strerror(e.args[0])
When the server is configured to require a client cert but the client does not present one, we would expect to see an error with "certificate required", "SSL handshake failed", "Connection reset by peer", or one of the equivalent errnos (like ECONNRESET) but we're actually seeing pyopenssl raise (32, 'EPIPE')
on macOS (in https://jira.mongodb.org/browse/PYTHON-3607). My understanding is that EPIPE indicates a bug in openssl/pyopenssl, what do you think?
Your comment appears unrelated to the original bug?
On Wed, Feb 22, 2023 at 3:19 PM Shane Harvey @.***> wrote:
When the server is configured to require a client cert but the client does not present one, we would expect to see an error with "certificate required", "SSL handshake failed", "Connection reset by peer", or one of the equivalent errnos (like ECONNRESET) but we're actually seeing pyopenssl raise (32, 'EPIPE') on macOS (in https://jira.mongodb.org/browse/PYTHON-3607). My understanding is that EPIPE indicates a bug in openssl/pyopenssl, what do you think?
— Reply to this email directly, view it on GitHub https://github.com/pyca/pyopenssl/issues/1188#issuecomment-1440744791, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAAGBDJ6IXYSEVLDU7NJP3WYZYDTANCNFSM6AAAAAAVDNW7YU . You are receiving this because you commented.Message ID: @.***>
-- All that is necessary for evil to succeed is for good people to do nothing.
Good point, opened https://github.com/pyca/pyopenssl/issues/1189.
The original issue seems to be solved (using os.strerror
to get the readable string description of the error code).
@mhils I think this one can be closed
Hi, thanks for this library! We noticed that in some cases
PyOpenSSL
returns error messages of the formOpenSSL.SSL.SysCallError: (54, 'ECONNRESET')
, whereas the equivalent condition when using the builtinssl
module would raise aConnectionError
with thestr()
form containingConnection reset by peer
. I believe this comes from the use of PyErr_SetFromErrno, versus the custom SysCallError. Given that PyOpenSSL is pure Python, I imagine some custom logic would be needed to achieve the same.