add vars for pyopenssl and test

sleepyStick · sleepyStick · commit d9dfb99b33bf · 2025-04-15T15:01:47.000-07:00
diff --git a/pymongo/asynchronous/encryption.py b/pymongo/asynchronous/encryption.py
@@ -85,7 +85,7 @@
 )
 from pymongo.read_concern import ReadConcern
 from pymongo.results import BulkWriteResult, DeleteResult
-from pymongo.ssl_support import BLOCKING_IO_ERRORS, get_ssl_context
+from pymongo.ssl_support import BLOCKING_IO_ERRORS, PYBLOCKING_IO_ERRORS, get_ssl_context
 from pymongo.typings import _DocumentType, _DocumentTypeArg
 from pymongo.uri_parser_shared import parse_host
 from pymongo.write_concern import WriteConcern
@@ -216,7 +216,7 @@ async def kms_request(self, kms_context: MongoCryptKmsContext) -> None:
                 raise  # Propagate MongoCryptError errors directly.
             except Exception as exc:
                 # Wrap I/O errors in PyMongo exceptions.
-                if isinstance(exc, BLOCKING_IO_ERRORS):
+                if isinstance(exc, (BLOCKING_IO_ERRORS, PYBLOCKING_IO_ERRORS)):
                     exc = socket.timeout("timed out")
                 # Async raises an OSError instead of returning empty bytes.
                 if isinstance(exc, OSError):
diff --git a/pymongo/asynchronous/pool.py b/pymongo/asynchronous/pool.py
@@ -85,7 +85,7 @@
 from pymongo.server_api import _add_to_command
 from pymongo.server_type import SERVER_TYPE
 from pymongo.socket_checker import SocketChecker
-from pymongo.ssl_support import SSLError
+from pymongo.ssl_support import PYSSLError, SSLError
 
 if TYPE_CHECKING:
     from bson import CodecOptions
@@ -637,7 +637,7 @@ async def _raise_connection_failure(self, error: BaseException) -> NoReturn:
             reason = ConnectionClosedReason.ERROR
         await self.close_conn(reason)
         # SSLError from PyOpenSSL inherits directly from Exception.
-        if isinstance(error, (IOError, OSError, SSLError)):
+        if isinstance(error, (IOError, OSError, SSLError, PYSSLError)):
             details = _get_timeout_details(self.opts)
             _raise_connection_failure(self.address, error, timeout_details=details)
         else:
@@ -1033,7 +1033,7 @@ async def connect(self, handler: Optional[_MongoClientErrorHandler] = None) -> A
                     reason=_verbose_connection_error_reason(ConnectionClosedReason.ERROR),
                     error=ConnectionClosedReason.ERROR,
                 )
-            if isinstance(error, (IOError, OSError, SSLError)):
+            if isinstance(error, (IOError, OSError, SSLError, PYSSLError)):
                 details = _get_timeout_details(self.opts)
                 _raise_connection_failure(self.address, error, timeout_details=details)
 
diff --git a/pymongo/pool_shared.py b/pymongo/pool_shared.py
@@ -38,7 +38,7 @@
 )
 from pymongo.network_layer import AsyncNetworkingInterface, NetworkingInterface, PyMongoProtocol
 from pymongo.pool_options import PoolOptions
-from pymongo.ssl_support import HAS_SNI, SSLError
+from pymongo.ssl_support import HAS_SNI, PYSSLError, SSLError
 
 if TYPE_CHECKING:
     from pymongo.pyopenssl_context import _sslConn
@@ -138,7 +138,7 @@ def _raise_connection_failure(
         msg += format_timeout_details(timeout_details)
     if isinstance(error, socket.timeout):
         raise NetworkTimeout(msg) from error
-    elif isinstance(error, SSLError) and "timed out" in str(error):
+    elif isinstance(error, (SSLError, PYSSLError)) and "timed out" in str(error):
         # Eventlet does not distinguish TLS network timeouts from other
         # SSLErrors (https://github.com/eventlet/eventlet/issues/692).
         # Luckily, we can work around this limitation because the phrase
@@ -293,7 +293,7 @@ async def _async_configured_socket(
         # Raise _CertificateError directly like we do after match_hostname
         # below.
         raise
-    except (OSError, SSLError) as exc:
+    except (OSError, SSLError, PYSSLError) as exc:
         sock.close()
         # We raise AutoReconnect for transient and permanent SSL handshake
         # failures alike. Permanent handshake failures, like protocol
@@ -349,7 +349,7 @@ async def _configured_protocol_interface(
         # Raise _CertificateError directly like we do after match_hostname
         # below.
         raise
-    except (OSError, SSLError) as exc:
+    except (OSError, SSLError, PYSSLError) as exc:
         # We raise AutoReconnect for transient and permanent SSL handshake
         # failures alike. Permanent handshake failures, like protocol
         # mismatch, will be turned into ServerSelectionTimeoutErrors later.
@@ -467,7 +467,7 @@ def _configured_socket(address: _Address, options: PoolOptions) -> Union[socket.
         # Raise _CertificateError directly like we do after match_hostname
         # below.
         raise
-    except (OSError, SSLError) as exc:
+    except (OSError, SSLError, PYSSLError) as exc:
         sock.close()
         # We raise AutoReconnect for transient and permanent SSL handshake
         # failures alike. Permanent handshake failures, like protocol
@@ -516,7 +516,7 @@ def _configured_socket_interface(address: _Address, options: PoolOptions) -> Net
         # Raise _CertificateError directly like we do after match_hostname
         # below.
         raise
-    except (OSError, SSLError) as exc:
+    except (OSError, SSLError, PYSSLError) as exc:
         sock.close()
         # We raise AutoReconnect for transient and permanent SSL handshake
         # failures alike. Permanent handshake failures, like protocol
diff --git a/pymongo/ssl_support.py b/pymongo/ssl_support.py
@@ -59,6 +59,20 @@
     BLOCKING_IO_WRITE_ERROR = _ssl.BLOCKING_IO_WRITE_ERROR
     BLOCKING_IO_LOOKUP_ERROR = BLOCKING_IO_READ_ERROR
 
+    if HAVE_PYSSL:
+        PYSSLError = _pyssl.SSLError
+        PYBLOCKING_IO_ERRORS = _pyssl.BLOCKING_IO_ERRORS
+        PYBLOCKING_IO_READ_ERROR = _pyssl.BLOCKING_IO_READ_ERROR
+        PYBLOCKING_IO_WRITE_ERROR = _pyssl.BLOCKING_IO_WRITE_ERROR
+        PYBLOCKING_IO_LOOKUP_ERROR = BLOCKING_IO_READ_ERROR
+    else:
+        # just make them the same as SSL so imports won't error
+        PYSSLError = _ssl.SSLError
+        PYBLOCKING_IO_ERRORS = ()
+        PYBLOCKING_IO_READ_ERROR = _ssl.BLOCKING_IO_READ_ERROR
+        PYBLOCKING_IO_WRITE_ERROR = _ssl.BLOCKING_IO_WRITE_ERROR
+        PYBLOCKING_IO_LOOKUP_ERROR = BLOCKING_IO_READ_ERROR
+
     def get_ssl_context(
         certfile: Optional[str],
         passphrase: Optional[str],
diff --git a/pymongo/synchronous/encryption.py b/pymongo/synchronous/encryption.py
@@ -80,7 +80,7 @@
 )
 from pymongo.read_concern import ReadConcern
 from pymongo.results import BulkWriteResult, DeleteResult
-from pymongo.ssl_support import BLOCKING_IO_ERRORS, get_ssl_context
+from pymongo.ssl_support import BLOCKING_IO_ERRORS, PYBLOCKING_IO_ERRORS, get_ssl_context
 from pymongo.synchronous.collection import Collection
 from pymongo.synchronous.cursor import Cursor
 from pymongo.synchronous.database import Database
@@ -215,7 +215,7 @@ def kms_request(self, kms_context: MongoCryptKmsContext) -> None:
                 raise  # Propagate MongoCryptError errors directly.
             except Exception as exc:
                 # Wrap I/O errors in PyMongo exceptions.
-                if isinstance(exc, BLOCKING_IO_ERRORS):
+                if isinstance(exc, (BLOCKING_IO_ERRORS, PYBLOCKING_IO_ERRORS)):
                     exc = socket.timeout("timed out")
                 # Async raises an OSError instead of returning empty bytes.
                 if isinstance(exc, OSError):
diff --git a/pymongo/synchronous/pool.py b/pymongo/synchronous/pool.py
@@ -82,7 +82,7 @@
 from pymongo.server_api import _add_to_command
 from pymongo.server_type import SERVER_TYPE
 from pymongo.socket_checker import SocketChecker
-from pymongo.ssl_support import SSLError
+from pymongo.ssl_support import PYSSLError, SSLError
 from pymongo.synchronous.client_session import _validate_session_write_concern
 from pymongo.synchronous.helpers import _handle_reauth
 from pymongo.synchronous.network import command
@@ -635,7 +635,7 @@ def _raise_connection_failure(self, error: BaseException) -> NoReturn:
             reason = ConnectionClosedReason.ERROR
         self.close_conn(reason)
         # SSLError from PyOpenSSL inherits directly from Exception.
-        if isinstance(error, (IOError, OSError, SSLError)):
+        if isinstance(error, (IOError, OSError, SSLError, PYSSLError)):
             details = _get_timeout_details(self.opts)
             _raise_connection_failure(self.address, error, timeout_details=details)
         else:
@@ -1029,7 +1029,7 @@ def connect(self, handler: Optional[_MongoClientErrorHandler] = None) -> Connect
                     reason=_verbose_connection_error_reason(ConnectionClosedReason.ERROR),
                     error=ConnectionClosedReason.ERROR,
                 )
-            if isinstance(error, (IOError, OSError, SSLError)):
+            if isinstance(error, (IOError, OSError, SSLError, PYSSLError)):
                 details = _get_timeout_details(self.opts)
                 _raise_connection_failure(self.address, error, timeout_details=details)
 
diff --git a/test/__init__.py b/test/__init__.py
@@ -825,6 +825,12 @@ def require_sync(self, func):
             lambda: _IS_SYNC, "This test only works with the synchronous API", func=func
         )
 
+    def require_async(self, func):
+        """Run a test only if using the synchronous API."""
+        return self._require(
+            lambda: not _IS_SYNC, "This test only works with the synchronous API", func=func
+        )
+
     def mongos_seeds(self):
         return ",".join("{}:{}".format(*address) for address in self.mongoses)
 
diff --git a/test/asynchronous/__init__.py b/test/asynchronous/__init__.py
@@ -827,6 +827,12 @@ def require_sync(self, func):
             lambda: _IS_SYNC, "This test only works with the synchronous API", func=func
         )
 
+    def require_async(self, func):
+        """Run a test only if using the synchronous API."""
+        return self._require(
+            lambda: not _IS_SYNC, "This test only works with the asynchronous API", func=func
+        )
+
     def mongos_seeds(self):
         return ",".join("{}:{}".format(*address) for address in self.mongoses)
 
diff --git a/test/asynchronous/test_ssl.py b/test/asynchronous/test_ssl.py
@@ -657,6 +657,16 @@ def remove(path):
         ) as client:
             self.assertTrue(await client.admin.command("ping"))
 
+    @async_client_context.require_async
+    @unittest.skipUnless(_HAVE_PYOPENSSL, "PyOpenSSL is not available.")
+    @unittest.skipUnless(HAVE_SSL, "The ssl module is not available.")
+    async def test_pyopenssl_not_ignored_in_async(self):
+        client = AsyncMongoClient(
+            "mongodb://localhost:27017?tls=true&tlsAllowInvalidCertificates=true"
+        )
+        await client.admin.command("ping")  # command doesn't matter, just needs it to connect
+        await client.close()
+
 
 if __name__ == "__main__":
     unittest.main()
diff --git a/test/test_ssl.py b/test/test_ssl.py
@@ -657,6 +657,14 @@ def remove(path):
         ) as client:
             self.assertTrue(client.admin.command("ping"))
 
+    @client_context.require_async
+    @unittest.skipUnless(_HAVE_PYOPENSSL, "PyOpenSSL is not available.")
+    @unittest.skipUnless(HAVE_SSL, "The ssl module is not available.")
+    def test_pyopenssl_not_ignored_in_async(self):
+        client = MongoClient("mongodb://localhost:27017?tls=true&tlsAllowInvalidCertificates=true")
+        client.admin.command("ping")  # command doesn't matter, just needs it to connect
+        client.close()
+
 
 if __name__ == "__main__":
     unittest.main()
