[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] [torflow/master 05/92] ssl_request error handling improvements
Author: John M. Schanck <john@xxxxxxxxxxx>
Date: Sun, 20 Jun 2010 12:11:51 -0400
Subject: ssl_request error handling improvements
Commit: 84be7ef7aaa8dc773721b26180d464fdbe408971
-Stopped degrading all the way to SSLv2 since an actual SSLv2-only
server will raise an SSL.SysCallError if you connect to it with
the SSLv3 or TLSv1 methods.
-Removed socket.* error cases because they'll never occur.
-Made KeyboardInterrupt re-raise the original exception to preserve lineno.
-Separated SSL.Error from its subclasses since they have different
message formats.
---
NetworkScanners/ExitAuthority/soat.py | 27 +++++++++++++++------------
1 files changed, 15 insertions(+), 12 deletions(-)
diff --git a/NetworkScanners/ExitAuthority/soat.py b/NetworkScanners/ExitAuthority/soat.py
index 02ea369..fad22b0 100755
--- a/NetworkScanners/ExitAuthority/soat.py
+++ b/NetworkScanners/ExitAuthority/soat.py
@@ -1743,33 +1743,36 @@ class SSLTest(SearchBasedTest):
c.do_handshake()
# return the cert
return (0, c.get_peer_certificate(), None)
- except socket.timeout, e:
- plog('WARN','Socket timeout for '+address+": "+str(e))
- return (-6.0, None, e.__class__.__name__+str(e))
- except socket.error, e:
- plog('WARN','An error occured while opening an ssl connection to '+address+": "+str(e))
- return (-666.0, None, e.__class__.__name__+str(e))
except socks.Socks5Error, e:
plog('WARN', 'A SOCKS5 error '+str(e.value[0])+' occured for '+address+": "+str(e))
return (-float(e.value[0]), None, e.__class__.__name__+str(e))
- except KeyboardInterrupt:
- raise KeyboardInterrupt
except crypto.Error, e:
traceback.print_exc()
return (-23.0, None, e.__class__.__name__+str(e))
+ except (SSL.ZeroReturnError, SSL.WantReadError, SSL.WantWriteError, SSL.WantX509LookupError), e:
+ # XXX: None of these are really "errors" per se
+ traceback.print_exc()
+ return (-666.0, None, e.__class__.__name__+str(e))
+ except SSL.SysCallError, e:
+ # Errors on the underlying socket will be caught here.
+ if e[0] == -1: # unexpected eof
+ # Might be an SSLv2 server, but it's unlikely, let's just call it a CONNERROR
+ return (float(e[0]), None, e[1])
+ else:
+ traceback.print_exc()
+ return (-666.0, None, e.__class__.__name__+str(e))
except SSL.Error, e:
- for (lib, func, reason) in e[0]:
+ for (lib, func, reason) in e.message: # e.message is always list of 3-tuples
if reason in ('wrong version number','sslv3 alert illegal parameter'):
# Check if the server supports a different SSL version
if method == 'TLSv1_METHOD':
plog('DEBUG','Could not negotiate SSL handshake with %s, retrying with SSLv3_METHOD' % address)
return self.ssl_request(address, 'SSLv3_METHOD')
- elif method == 'SSLv3_METHOD':
- plog('DEBUG','Could not negotiate SSL handshake with %s, retrying with SSLv2_METHOD' % address)
- return self.ssl_request(address, 'SSLv2_METHOD')
plog('WARN', 'An unknown SSL error occured for '+address+': '+str(e))
traceback.print_exc()
return (-666.0, None, e.__class__.__name__+str(e))
+ except KeyboardInterrupt:
+ raise
except Exception, e:
plog('WARN', 'An unknown SSL error occured for '+address+': '+str(e))
traceback.print_exc()
--
1.7.1