pyOpenSSL doesn’t cope with error routines returning None about pyopenssl HOT 4 CLOSED

I have investigated; the check is okay but lib.ERR_*_error_string(error) can return None nevertheless. No idea why that happens but it does and should taken into account.

from pyopenssl.

One more bit:

We’re coping with three problems, so I changed the title of this bug to limit it to two. :)

1. lib.ERR_*_error_string(error) can return None and we don’t handle that,
2. in order to get error strings, you need to call ERR_load_SSL_strings first (and free them afterwards I reckon).
   cryptography does not expose this yet, I’ll try to get it into it ASAP: pyca/cryptography#452.

My main problem which made me stumble into the above, is that (after fixing above problems), I get:

OpenSSL.SSL.Error: [('SSL routines', 'SSL_CTX_new', 'library has no ciphers')]

if cryptography is installed normally, but it works if installed with pip install -e. This will go into separate issue once I know more.

from pyopenssl.

pyOpenSSL still doesn't try to handle None being returned by this API but with the correct initialization now being done I no longer know how to trigger that case. :)

Perhaps this is still hypothetically a problem but not a major one in practice?

Please let me know if you can still reproduce this. If so, I'll try to make it a priority for 0.14. If not, I will probably let it slip to 0.15.

from pyopenssl.

I’m not sure if it can happen barring the lack of loading of error strings. But I kind of doubt it.

from pyopenssl.