[ovs-dev] python: Catch OpenSSL errors during socket send

thomas.neuman at nutanix.com thomas.neuman at nutanix.com
Tue Oct 6 06:21:56 UTC 2020


The Python socket util is able to catch and parse standard socket errors
over the course of the connection lifecycle, but the OpenSSL library
raises an altogether different class of exception. As a result, if the
caller is attempting to use the util in establishing an SSL connection,
these errors go uncaught when they arise; instead of returning an errno
to the caller, the exception bubbles back up. Therefore this patch amends
this issue by checking for an OpenSSL.SSL.Error in addition to the
standard socket.error, when running with OpenSSL support.

Signed-off-by: Thomas Neuman <thomas.neuman at nutanix.com>
---
 python/ovs/socket_util.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/python/ovs/socket_util.py b/python/ovs/socket_util.py
index 8f9d318..22b036e 100644
--- a/python/ovs/socket_util.py
+++ b/python/ovs/socket_util.py
@@ -26,6 +26,15 @@ import ovs.vlog
 import six
 from six.moves import range
 
+try:
+    from OpenSSL import SSL
+    SSLError = SSL.Error
+except ImportError:
+    SSL = None
+    # Define an exception class to catch, even though it's never raised.
+    class SSLError(Exception):
+        pass
+
 if sys.platform == 'win32':
     import ovs.winutils as winutils
     import win32file
@@ -189,6 +198,9 @@ def check_connection_completion(sock):
                 return errno.EPROTO
             except socket.error as e:
                 return get_exception_errno(e)
+            except SSLError as e:
+                vlog.err("SSL error %s" % e)
+                return errno.EPROTO
         else:
             return 0
     else:


More information about the dev mailing list