[3.11] gh-127257: ssl: Raise OSError for ERR_LIB_SYS (GH-127361) (GH-127905) (GH-131970)

vstinner · encukou · web-flow · commit 458871277323 · 2025-04-03T18:25:51.000+02:00
gh-127257: ssl: Raise OSError for ERR_LIB_SYS (GH-127361) From the ERR_raise manpage: ERR_LIB_SYS This "library code" indicates that a system error is being reported. In this case, the reason code given to `ERR_raise()` and `ERR_raise_data()` *must* be `errno(3)`. This PR only handles ERR_LIB_SYS for the high-lever error types SSL_ERROR_SYSCALL and SSL_ERROR_SSL, i.e., not the ones where OpenSSL indicates it has some more information about the issue. (cherry picked from commit f4b31ed) (cherry picked from commit 7f707fa) Co-authored-by: Petr Viktorin <encukou@gmail.com>
diff --git a/Misc/NEWS.d/next/Library/2024-11-28-14-14-46.gh-issue-127257.n6-jU9.rst b/Misc/NEWS.d/next/Library/2024-11-28-14-14-46.gh-issue-127257.n6-jU9.rst
@@ -0,0 +1,2 @@
+In :mod:`ssl`, system call failures that OpenSSL reports using
+``ERR_LIB_SYS`` are now raised as :exc:`OSError`.
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
@@ -654,6 +654,11 @@ PySSL_SetError(PySSLSocket *sslsock, int ret, const char *filename, int lineno)
                         ERR_GET_REASON(e) == SSL_R_CERTIFICATE_VERIFY_FAILED) {
                     type = state->PySSLCertVerificationErrorObject;
                 }
+                if (ERR_GET_LIB(e) == ERR_LIB_SYS) {
+                    // A system error is being reported; reason is set to errno
+                    errno = ERR_GET_REASON(e);
+                    return PyErr_SetFromErrno(PyExc_OSError);
+                }
                 p = PY_SSL_ERROR_SYSCALL;
             }
             break;
@@ -679,6 +684,11 @@ PySSL_SetError(PySSLSocket *sslsock, int ret, const char *filename, int lineno)
                 errstr = "EOF occurred in violation of protocol";
             }
 #endif
+            if (ERR_GET_LIB(e) == ERR_LIB_SYS) {
+                // A system error is being reported; reason is set to errno
+                errno = ERR_GET_REASON(e);
+                return PyErr_SetFromErrno(PyExc_OSError);
+            }
             break;
         }
         default:

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	+In :mod:`ssl`, system call failures that OpenSSL reports using
	`2`	+``ERR_LIB_SYS`` are now raised as :exc:`OSError`.
Original file line number	Diff line number	Diff line change
`@@ -654,6 +654,11 @@ PySSL_SetError(PySSLSocket sslsock, int ret, const char filename, int lineno)`
`654`	`654`	`ERR_GET_REASON(e) == SSL_R_CERTIFICATE_VERIFY_FAILED) {`
`655`	`655`	`type = state->PySSLCertVerificationErrorObject;`
`656`	`656`	`}`
	`657`	`+ if (ERR_GET_LIB(e) == ERR_LIB_SYS) {`
	`658`	`+ // A system error is being reported; reason is set to errno`
	`659`	`+ errno = ERR_GET_REASON(e);`
	`660`	`+ return PyErr_SetFromErrno(PyExc_OSError);`
	`661`	`+ }`
`657`	`662`	`p = PY_SSL_ERROR_SYSCALL;`
`658`	`663`	`}`
`659`	`664`	`break;`
`@@ -679,6 +684,11 @@ PySSL_SetError(PySSLSocket sslsock, int ret, const char filename, int lineno)`
`679`	`684`	`errstr = "EOF occurred in violation of protocol";`
`680`	`685`	`}`
`681`	`686`	`#endif`
	`687`	`+ if (ERR_GET_LIB(e) == ERR_LIB_SYS) {`
	`688`	`+ // A system error is being reported; reason is set to errno`
	`689`	`+ errno = ERR_GET_REASON(e);`
	`690`	`+ return PyErr_SetFromErrno(PyExc_OSError);`
	`691`	`+ }`
`682`	`692`	`break;`
`683`	`693`	`}`
`684`	`694`	`default:`