Fix handling of OpenSSL 3.2.0 new error message "record layer failure" (#3405)

illia-v · ecerulm · rubelagu · web-flow · commit 29cfd02f6637 · 2024-06-17T09:31:40.000+03:00
Co-authored-by: Ruben Laguna &lt;ruben.laguna@gmail.com&gt;
Co-authored-by: Ruben Laguna &lt;ruben.laguna@tele2.com&gt;
Co-authored-by: Seth Michael Larson &lt;sethmichaellarson@gmail.com&gt;
diff --git a/changelog/3268.bugfix.rst b/changelog/3268.bugfix.rst
@@ -0,0 +1 @@
+Fixed handling of OpenSSL 3.2.0 new error message for misconfiguring an HTTP proxy as HTTPS.
diff --git a/src/urllib3/connectionpool.py b/src/urllib3/connectionpool.py
@@ -768,7 +768,9 @@ def _is_ssl_error_message_from_http_proxy(ssl_error):
                 # so we try to cover our bases here!
                 message = " ".join(re.split("[^a-z]", str(ssl_error).lower()))
                 return (
-                    "wrong version number" in message or "unknown protocol" in message
+                    "wrong version number" in message
+                    or "unknown protocol" in message
+                    or "record layer failure" in message
                 )
 
             # Try to detect a common user error with proxies which is to
diff --git a/test/with_dummyserver/test_socketlevel.py b/test/with_dummyserver/test_socketlevel.py
@@ -1223,7 +1223,8 @@ def socket_handler(listener):
         self._start_server(socket_handler)
         with HTTPSConnectionPool(self.host, self.port, ca_certs=DEFAULT_CA) as pool:
             with pytest.raises(
-                SSLError, match=r"(wrong version number|record overflow)"
+                SSLError,
+                match=r"(wrong version number|record overflow|record layer failure)",
             ):
                 pool.request("GET", "/", retries=False)
 

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+Fixed handling of OpenSSL 3.2.0 new error message for misconfiguring an HTTP proxy as HTTPS.`