commit 0f0ba5d53468223ea8ca42887f103af16fc37291 Author: Damian Johnson atagar@torproject.org Date: Thu Oct 4 11:10:01 2018 -0700
Better normalize ORPort SSL connection failures
On reflection the assertion failure addressed in commit 0e08db7 was a legitimate one. It was exposing a bug in our error response normalization. Reverting the change to the test and doing a proper fix. --- stem/client/__init__.py | 14 +++++++++++--- test/integ/client/connection.py | 16 +--------------- 2 files changed, 12 insertions(+), 18 deletions(-)
diff --git a/stem/client/__init__.py b/stem/client/__init__.py index aaa62f5b..6cadc098 100644 --- a/stem/client/__init__.py +++ b/stem/client/__init__.py @@ -82,10 +82,18 @@ class Relay(object): except stem.SocketError as exc: if 'Connection refused' in str(exc): raise stem.SocketError("Failed to connect to %s:%i. Maybe it isn't an ORPort?" % (address, port)) - elif 'SSL: ' in str(exc): + + # If not an ORPort (for instance, mistakenly connecting to a ControlPort + # instead) we'll likely fail during SSL negotiation. This can result + # in a variety of responses so normalizing what we can... + # + # Ubuntu 16.04: [SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:590) + # Ubuntu 12.04: [Errno 1] _ssl.c:504: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol + + if 'unknown protocol' in str(exc): raise stem.SocketError("Failed to SSL authenticate to %s:%i. Maybe it isn't an ORPort?" % (address, port)) - else: - raise + + raise
# To negotiate our link protocol the first VERSIONS cell is expected to use # a circuit ID field size from protocol version 1-3 for backward diff --git a/test/integ/client/connection.py b/test/integ/client/connection.py index ca8853c7..a43283b9 100644 --- a/test/integ/client/connection.py +++ b/test/integ/client/connection.py @@ -31,21 +31,7 @@ class TestConnection(unittest.TestCase): # connect to our ControlPort like it's an ORPort
if test.runner.Torrc.PORT in test.runner.get_runner().get_options(): - try: - Relay.connect('127.0.0.1', test.runner.CONTROL_PORT) - self.fail('Connecting to a non-ORPort should raise a stem.SocketError') - except stem.SocketError as exc: - if str(exc) == "Failed to SSL authenticate to 127.0.0.1:1111. Maybe it isn't an ORPort?": - pass # good, this is the usual response - elif 'SSL23_GET_SERVER_HELLO:unknown protocol' in str(exc): - # Less common, but still ok. This arises on older systems that do not - # support tor's ssl version. The full response is... - # - # [Errno 1] _ssl.c:504: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol - - pass - else: - self.fail('Unexpected response when connecting to a non-ORPort: %s' % exc) + self.assertRaisesWith(stem.SocketError, "Failed to SSL authenticate to 127.0.0.1:1111. Maybe it isn't an ORPort?", Relay.connect, '127.0.0.1', test.runner.CONTROL_PORT)
def test_no_common_link_protocol(self): """