[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] [torflow/master 05/92] ssl_request error handling improvements



Author: John M. Schanck <john@xxxxxxxxxxx>
Date: Sun, 20 Jun 2010 12:11:51 -0400
Subject: ssl_request error handling improvements
Commit: 84be7ef7aaa8dc773721b26180d464fdbe408971

-Stopped degrading all the way to SSLv2 since an actual SSLv2-only
 server will raise an SSL.SysCallError if you connect to it with
 the SSLv3 or TLSv1 methods.
-Removed socket.* error cases because they'll never occur.
-Made KeyboardInterrupt re-raise the original exception to preserve lineno.
-Separated SSL.Error from its subclasses since they have different
 message formats.
---
 NetworkScanners/ExitAuthority/soat.py |   27 +++++++++++++++------------
 1 files changed, 15 insertions(+), 12 deletions(-)

diff --git a/NetworkScanners/ExitAuthority/soat.py b/NetworkScanners/ExitAuthority/soat.py
index 02ea369..fad22b0 100755
--- a/NetworkScanners/ExitAuthority/soat.py
+++ b/NetworkScanners/ExitAuthority/soat.py
@@ -1743,33 +1743,36 @@ class SSLTest(SearchBasedTest):
       c.do_handshake()
       # return the cert
       return (0, c.get_peer_certificate(), None)
-    except socket.timeout, e:
-      plog('WARN','Socket timeout for '+address+": "+str(e))
-      return (-6.0, None,  e.__class__.__name__+str(e))
-    except socket.error, e:
-      plog('WARN','An error occured while opening an ssl connection to '+address+": "+str(e))
-      return (-666.0, None,  e.__class__.__name__+str(e))
     except socks.Socks5Error, e:
       plog('WARN', 'A SOCKS5 error '+str(e.value[0])+' occured for '+address+": "+str(e))
       return (-float(e.value[0]), None,  e.__class__.__name__+str(e))
-    except KeyboardInterrupt:
-      raise KeyboardInterrupt
     except crypto.Error, e:
       traceback.print_exc()
       return (-23.0, None, e.__class__.__name__+str(e))
+    except (SSL.ZeroReturnError, SSL.WantReadError, SSL.WantWriteError, SSL.WantX509LookupError), e:
+      # XXX: None of these are really "errors" per se
+      traceback.print_exc()
+      return (-666.0, None, e.__class__.__name__+str(e))
+    except SSL.SysCallError, e:
+      # Errors on the underlying socket will be caught here.
+      if e[0] == -1: # unexpected eof
+        # Might be an SSLv2 server, but it's unlikely, let's just call it a CONNERROR
+        return (float(e[0]), None, e[1])
+      else:
+        traceback.print_exc()
+        return (-666.0, None, e.__class__.__name__+str(e))
     except SSL.Error, e:
-      for (lib, func, reason) in e[0]:
+      for (lib, func, reason) in e.message: # e.message is always list of 3-tuples
         if reason in ('wrong version number','sslv3 alert illegal parameter'):
           # Check if the server supports a different SSL version
           if method == 'TLSv1_METHOD':
             plog('DEBUG','Could not negotiate SSL handshake with %s, retrying with SSLv3_METHOD' % address)
             return self.ssl_request(address, 'SSLv3_METHOD')
-          elif method == 'SSLv3_METHOD':
-            plog('DEBUG','Could not negotiate SSL handshake with %s, retrying with SSLv2_METHOD' % address)
-            return self.ssl_request(address, 'SSLv2_METHOD')
       plog('WARN', 'An unknown SSL error occured for '+address+': '+str(e))
       traceback.print_exc()
       return (-666.0, None,  e.__class__.__name__+str(e))
+    except KeyboardInterrupt:
+      raise
     except Exception, e:
       plog('WARN', 'An unknown SSL error occured for '+address+': '+str(e))
       traceback.print_exc()
-- 
1.7.1