python
diff --git a/‎Misc/NEWS.d/next/Library/2023-08-03-12-52-19.gh-issue-107077.-pzHD6.rst
Copy file name to clipboard
+6Lines changed: 6 additions & 0 deletions b/‎Misc/NEWS.d/next/Library/2023-08-03-12-52-19.gh-issue-107077.-pzHD6.rst
Copy file name to clipboard
+6Lines changed: 6 additions & 0 deletions
diff --git a/‎Modules/_ssl.c
Copy file name to clipboardExpand all lines: Modules/_ssl.c
+4Lines changed: 4 additions & 0 deletions b/‎Modules/_ssl.c
Copy file name to clipboardExpand all lines: Modules/_ssl.c
+4Lines changed: 4 additions & 0 deletions
@@ -0,0 +1,6 @@
+Seems that in some conditions, OpenSSL will return ``SSL_ERROR_SYSCALL``
+instead of ``SSL_ERROR_SSL`` when a certification verification has failed,
+but the error parameters will still contain ``ERR_LIB_SSL`` and
+``SSL_R_CERTIFICATE_VERIFY_FAILED``. We are now detecting this situation and
+raising the appropiate ``ssl.SSLCertVerificationError``. Patch by Pablo
+Galindo
@@ -819,6 +819,10 @@ PySSL_SetError(PySSLSocket *sslsock, int ret, const char *filename, int lineno)
                     errstr = "Some I/O error occurred";
                 }
             } else {
+                if (ERR_GET_LIB(e) == ERR_LIB_SSL &&
+                        ERR_GET_REASON(e) == SSL_R_CERTIFICATE_VERIFY_FAILED) {
+                    type = PySSLCertVerificationErrorObject;
+                }
                 p = PY_SSL_ERROR_SYSCALL;
             }
             break;
Original file line number	Diff line number	Diff line change
`@@ -819,6 +819,10 @@ PySSL_SetError(PySSLSocket sslsock, int ret, const char filename, int lineno)`
`819`	`819`	`errstr = "Some I/O error occurred";`
`820`	`820`	`}`
`821`	`821`	`} else {`
	`822`	`+ if (ERR_GET_LIB(e) == ERR_LIB_SSL &&`
	`823`	`+ ERR_GET_REASON(e) == SSL_R_CERTIFICATE_VERIFY_FAILED) {`
	`824`	`+ type = PySSLCertVerificationErrorObject;`
	`825`	`+ }`
`822`	`826`	`p = PY_SSL_ERROR_SYSCALL;`
`823`	`827`	`}`
`824`	`828`	`break;`