urllib3: Differences between standard SSL and Pyopenssl (ZeroReturnError, SysCallError)

We use urllib3 via requests with pyopenssl so we can have SNI support in python 2.7.3.

Since we switched, we’ve noticed more errors from requests. Specifically:

  • ZeroReturnError
  • SysCallError: (104, ‘Connection reset by peer’)
  • SysCallError: (-1, ‘Unexpected EOF’)

It seems like these should all be caught somehow in contrib/pyopenssl.py so at the requests level, we don’t have to worry about pyopenssl being different than the standard ssl module.

Here’s a few of the ideas I’m considering:

  • in fileobject.read, everywhere we are catching WantReadError also catch ZeroReturnError and make sure that data is an empty string and continuing
  • In inject_into_urllib3, setting connection.BaseSSLError = OpenSSL.SSL.Error

Based on my limited understanding of pyopenssl (and python’s standard _ssl.c) I’m probably missing something in trying to unify these interfaces. If somebody with more familiarity with this stuff can point me in the right direction I can try to formalize this stuff into a pull request.

Here’s a gist of how I started investigating the ZeroReturnError specifically: https://gist.github.com/mthurman/9963741

About this issue

  • Original URL
  • State: closed
  • Created 10 years ago
  • Reactions: 1
  • Comments: 17 (14 by maintainers)

Most upvoted comments

@lukas-gitl Since it’s been 3 years since this was originally reported it may be useful to open up a new issue and then link to this issue if you’re experiencing this. 😃

+2
sethmlarson on Jan 30, 2017
Read more comments on GitHub
← urllib3: Behavior change: v2.x raises SSLEOFError with Python3.10 where v2.x does not with Python3.8
urllib3: DNS lookup error exception →