PYTHON-5014 Fix handling of async socket errors in kms request (#2054)

Author: blink1073

pymongo/asynchronous/encryption.py

@@ -219,7 +219,14 @@ async def kms_request(self, kms_context: MongoCryptKmsContext) -> None:
                 # Wrap I/O errors in PyMongo exceptions.
                 if isinstance(exc, BLOCKING_IO_ERRORS):
                     exc = socket.timeout("timed out")
-                _raise_connection_failure(address, exc, timeout_details=_get_timeout_details(opts))
+                # Async raises an OSError instead of returning empty bytes.
+                if isinstance(exc, OSError):
+                    msg_prefix = "KMS connection closed"
+                else:
+                    msg_prefix = None
+                _raise_connection_failure(
+                    address, exc, msg_prefix=msg_prefix, timeout_details=_get_timeout_details(opts)
+                )
             finally:
                 conn.close()
         except MongoCryptError:

pymongo/synchronous/encryption.py

@@ -219,7 +219,14 @@ def kms_request(self, kms_context: MongoCryptKmsContext) -> None:
                 # Wrap I/O errors in PyMongo exceptions.
                 if isinstance(exc, BLOCKING_IO_ERRORS):
                     exc = socket.timeout("timed out")
-                _raise_connection_failure(address, exc, timeout_details=_get_timeout_details(opts))
+                # Async raises an OSError instead of returning empty bytes.
+                if isinstance(exc, OSError):
+                    msg_prefix = "KMS connection closed"
+                else:
+                    msg_prefix = None
+                _raise_connection_failure(
+                    address, exc, msg_prefix=msg_prefix, timeout_details=_get_timeout_details(opts)
+                )
             finally:
                 conn.close()
         except MongoCryptError:

test/asynchronous/test_encryption.py

@@ -2162,7 +2162,8 @@ async def test_01_aws(self):
         # 127.0.0.1:9001: ('Certificate does not contain any `subjectAltName`s.',)
         key["endpoint"] = "127.0.0.1:9001"
         with self.assertRaisesRegex(
-            EncryptionError, "IP address mismatch|wronghost|IPAddressMismatch|Certificate"
+            EncryptionError,
+            "IP address mismatch|wronghost|IPAddressMismatch|Certificate|SSL handshake failed",
         ):
             await self.client_encryption_invalid_hostname.create_data_key("aws", key)
 
@@ -2179,7 +2180,8 @@ async def test_02_azure(self):
             await self.client_encryption_expired.create_data_key("azure", key)
         # Invalid cert hostname error.
         with self.assertRaisesRegex(
-            EncryptionError, "IP address mismatch|wronghost|IPAddressMismatch|Certificate"
+            EncryptionError,
+            "IP address mismatch|wronghost|IPAddressMismatch|Certificate|SSL handshake failed",
         ):
             await self.client_encryption_invalid_hostname.create_data_key("azure", key)
 
@@ -2196,7 +2198,8 @@ async def test_03_gcp(self):
             await self.client_encryption_expired.create_data_key("gcp", key)
         # Invalid cert hostname error.
         with self.assertRaisesRegex(
-            EncryptionError, "IP address mismatch|wronghost|IPAddressMismatch|Certificate"
+            EncryptionError,
+            "IP address mismatch|wronghost|IPAddressMismatch|Certificate|SSL handshake failed",
         ):
             await self.client_encryption_invalid_hostname.create_data_key("gcp", key)
 
@@ -2210,7 +2213,8 @@ async def test_04_kmip(self):
             await self.client_encryption_expired.create_data_key("kmip")
         # Invalid cert hostname error.
         with self.assertRaisesRegex(
-            EncryptionError, "IP address mismatch|wronghost|IPAddressMismatch|Certificate"
+            EncryptionError,
+            "IP address mismatch|wronghost|IPAddressMismatch|Certificate|SSL handshake failed",
         ):
             await self.client_encryption_invalid_hostname.create_data_key("kmip")
 

test/test_encryption.py

@@ -2154,7 +2154,8 @@ def test_01_aws(self):
         # 127.0.0.1:9001: ('Certificate does not contain any `subjectAltName`s.',)
         key["endpoint"] = "127.0.0.1:9001"
         with self.assertRaisesRegex(
-            EncryptionError, "IP address mismatch|wronghost|IPAddressMismatch|Certificate"
+            EncryptionError,
+            "IP address mismatch|wronghost|IPAddressMismatch|Certificate|SSL handshake failed",
         ):
             self.client_encryption_invalid_hostname.create_data_key("aws", key)
 
@@ -2171,7 +2172,8 @@ def test_02_azure(self):
             self.client_encryption_expired.create_data_key("azure", key)
         # Invalid cert hostname error.
         with self.assertRaisesRegex(
-            EncryptionError, "IP address mismatch|wronghost|IPAddressMismatch|Certificate"
+            EncryptionError,
+            "IP address mismatch|wronghost|IPAddressMismatch|Certificate|SSL handshake failed",
         ):
             self.client_encryption_invalid_hostname.create_data_key("azure", key)
 
@@ -2188,7 +2190,8 @@ def test_03_gcp(self):
             self.client_encryption_expired.create_data_key("gcp", key)
         # Invalid cert hostname error.
         with self.assertRaisesRegex(
-            EncryptionError, "IP address mismatch|wronghost|IPAddressMismatch|Certificate"
+            EncryptionError,
+            "IP address mismatch|wronghost|IPAddressMismatch|Certificate|SSL handshake failed",
         ):
             self.client_encryption_invalid_hostname.create_data_key("gcp", key)
 
@@ -2202,7 +2205,8 @@ def test_04_kmip(self):
             self.client_encryption_expired.create_data_key("kmip")
         # Invalid cert hostname error.
         with self.assertRaisesRegex(
-            EncryptionError, "IP address mismatch|wronghost|IPAddressMismatch|Certificate"
+            EncryptionError,
+            "IP address mismatch|wronghost|IPAddressMismatch|Certificate|SSL handshake failed",
         ):
             self.client_encryption_invalid_hostname.create_data_key("kmip")