You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@thrift.apache.org by "Yuxuan Wang (Jira)" <ji...@apache.org> on 2022/06/08 22:08:00 UTC

[jira] [Commented] (THRIFT-5595) TSocket errors with SSLSocket

    [ https://issues.apache.org/jira/browse/THRIFT-5595?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17551805#comment-17551805 ] 

Yuxuan Wang commented on THRIFT-5595:
-------------------------------------

hmm it looks like python does have this restriction for SSLSocket but not for socket: [https://github.com/python/cpython/blob/feca9bbd1f6489f2b6d2783bfc22fdb96e45b69f/Lib/ssl.py#L1259-L1262]

and I don't understand why.

the easiest fix would be just catch that error on [https://github.com/apache/thrift/blob/4959a92385e2a6d7a4b8419784f85e5762c714cf/lib/py/src/transport/TSocket.py#L93] to just give up on this check with SSLSocket, if we cannot figure out a way to do the same connectivity check with SSLSocket.

feel free to create a PR for that.

> TSocket errors with SSLSocket
> -----------------------------
>
>                 Key: THRIFT-5595
>                 URL: https://issues.apache.org/jira/browse/THRIFT-5595
>             Project: Thrift
>          Issue Type: Bug
>          Components: Python - Library
>    Affects Versions: 0.14.0
>            Reporter: Michael Smith
>            Priority: Major
>
> Starting with 0.14.0 - probably [this|https://github.com/apache/thrift/commit/01d53f483a7531ad4899b522060e8913dca309fb] commit - when we call isOpen on an open TSSLSocket we get an error:
> {code}
>   File "/home/michael/Impala/shell/build/py2_venv/local/lib/python2.7/site-packages/impala_shell/impala_client.py", line 226, in _close_transport
>     if self.transport and self.transport.isOpen():
>   File "/home/michael/Impala/shell/build/py2_venv/local/lib/python2.7/site-packages/impala_shell/thrift/transport/TTransport.py", line 150, in isOpen
>     return self.__trans.isOpen()
>   File "/home/michael/Impala/shell/build/py2_venv/local/lib/python2.7/site-packages/thrift/transport/TSocket.py", line 92, in isOpen
>     peeked_bytes = self.handle.recv(1, socket.MSG_PEEK)
>   File "/usr/lib/python2.7/ssl.py", line 753, in recv
>     self.__class__)
> ValueError: non-zero flags not allowed in calls to recv() on <class 'ssl.SSLSocket'>
> {code}
> A relatively simple reproduction (if you have an open socket to connect to) is
> {code}
> from thrift.transport import TSSLSocket
> import ssl
> sock = TSSLSocket.TSSLSocket('localhost', '21000', ssl.CERT_NONE, None, None, ssl_version=ssl.PROTOCOL_SSLv23)
> sock.open()
> sock.isOpen()
> {code}
> which produces
> {code}
> Traceback (most recent call last):
>   File "<stdin>", line 1, in <module>
>   File "/home/michael/Impala/shell/build/py3_venv/lib/python3.8/site-packages/thrift/transport/TSocket.py", line 92, in isOpen
>     peeked_bytes = self.handle.recv(1, socket.MSG_PEEK)
>   File "/usr/lib/python3.8/ssl.py", line 1223, in recv
>     raise ValueError(
> ValueError: non-zero flags not allowed in calls to recv() on <class 'ssl.SSLSocket'>
> {code}
> I've reproduced this with python 2.7 and python 3.8.



--
This message was sent by Atlassian Jira
(v8.20.7#820007)