@@ -868,14 +868,6 @@ async def server():
868868 nursery .spawn (client )
869869 nursery .spawn (server )
870870
871- # There are a lot of complicated error cases around shutting down and I'm not
872- # sure how SSLStream should signal them:
873- # - underlying connection dropped, transport's send_all or receive_some raises some
874- # arbitrary error (NB: receive_some() can give a BrokenPipeError!)
875- # - trying to send/receive_some on a connection that we already closed
876- # - SSLObject has lots of possible complaints, e.g. trying to send/receive_some on a
877- # successfully closed connection raises SSLZeroReturnError,
878-
879871# maybe a test of presenting a client cert on a renegotiation?
880872
881873# - sloppy and strict EOF modes
@@ -892,46 +884,6 @@ async def server():
892884# what happens if a send_all was aborted half-way through, and *then* we call
893885# graceful_close?
894886
895- # graceful_close is wrong - it should call SSL_shutdown once to send the
896- # close_notify, and then immediately close the transport. unwrap needs to wait
897- # for the peer to respond; graceful_close does not.
898- #
899- # SSL_shutdown has the return values:
900- # - 0 meaning it sent the close notify, but hasn't seen one and should be
901- # called again if you want that
902- # - 1 if the complete shutdown handshake is done
903- # - <0, get_error has an error saying the problem
904- #
905- # Then CPython's _ssl.c has the logic where in its shutdown() method (which is
906- # what ssl.py's unwrap() calls), if it sees a zero return, then it calls
907- # SSL_shutdown exactly one more time.
908- #
909- # so when we graceful_close, there are three possible paths:
910- #
911- # - call unwrap
912- # - SSL_shutdown already saw a close notify, so it sends one back and
913- # returns 1
914- # - unwrap succeeds
915- #
916- # or
917- #
918- # - call unwrap
919- # - SSL_shutdown writes the close notify to the outgoing BIO then returns 0
920- # - Python calls SSL_shutdown again to look for the response, which sees a
921- # close notify already in its receive buffer, and returns 1
922- # - unwrap succeeds
923- #
924- # or
925- #
926- # - call unwrap
927- # - SSL_shutdown writes the close notify to the outgoing BIO then returns 0
928- # - Python calls SSL_shutdown again to look for the response, which isn't
929- # there, so it gives a WANT_READ error
930- # - unwrap raises SSLWantRead
931- #
932- # in all of these cases, for graceful_close's purposes, this is a success.
933-
934-
935887# should unwrap switch to a mode where we only receive 1 byte at a time? this
936888# would cause a CPU spike when unwrapping, but probably not *too* much (?)
937889# since we're not talking about a lot of data? I think the actual close_notify
0 commit comments