repair CI (#1116)

* repair CI

* more fixes

* pypy39 requires latest cryptography

* Apply suggestions from code review

Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>

* use constant

* bump minimum version

* remove unneeded try

* fix

Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>

1 files changed, 18 insertions, 0 deletions

diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py
index 3e6ee1b..d100e6c 100644
--- a/src/OpenSSL/SSL.py
+++ b/src/OpenSSL/SSL.py
@@ -1685,6 +1685,24 @@ class Connection:
             else:
                 # TODO: This is untested.
                 _raise_current_error()
+        elif error == _lib.SSL_ERROR_SSL and _lib.ERR_peek_error() != 0:
+            # In 3.0.x an unexpected EOF no longer triggers syscall error
+            # but we want to maintain compatibility so we check here and
+            # raise syscall if it is an EOF. Since we're not actually sure
+            # what else could raise SSL_ERROR_SSL we check for the presence
+            # of the OpenSSL 3 constant SSL_R_UNEXPECTED_EOF_WHILE_READING
+            # and if it's not present we just raise an error, which matches
+            # the behavior before we added this elif section
+            peeked_error = _lib.ERR_peek_error()
+            reason = _lib.ERR_GET_REASON(peeked_error)
+            if _lib.Cryptography_HAS_UNEXPECTED_EOF_WHILE_READING:
+                _openssl_assert(
+                    reason == _lib.SSL_R_UNEXPECTED_EOF_WHILE_READING
+                )
+                _lib.ERR_clear_error()
+                raise SysCallError(-1, "Unexpected EOF")
+            else:
+                _raise_current_error()
         elif error == _lib.SSL_ERROR_NONE:
             pass
         else: