Always enable auto retry (#753)
* test using auto retry
* add/update changelog and add comment
* wordsmithing
* Update CHANGELOG.rst
* Update CHANGELOG.rst
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 85c1be7..ab28dcb 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -4,7 +4,7 @@
Versions are year-based with a strict backward-compatibility policy.
The third digit is only for regressions.
-17.6.0 (UNRELEASED)
+18.0.0 (UNRELEASED)
-------------------
@@ -24,7 +24,8 @@
Changes:
^^^^^^^^
-*none*
+- ``OpenSSL.SSL.Connection`` now sets ``SSL_MODE_AUTO_RETRY`` by default.
+ `#753 <https://github.com/pyca/pyopenssl/pull/753>`_
----
diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py
index f3c9db0..1bf6450 100644
--- a/src/OpenSSL/SSL.py
+++ b/src/OpenSSL/SSL.py
@@ -1529,6 +1529,11 @@
ssl = _lib.SSL_new(context._context)
self._ssl = _ffi.gc(ssl, _lib.SSL_free)
+ # We set SSL_MODE_AUTO_RETRY to handle situations where OpenSSL returns
+ # an SSL_ERROR_WANT_READ when processing a non-application data packet
+ # even though there is still data on the underlying transport.
+ # See https://github.com/openssl/openssl/issues/6234 for more details.
+ _lib.SSL_set_mode(self._ssl, _lib.SSL_MODE_AUTO_RETRY)
self._context = context
self._app_data = None