From 08066a1eb92b24628c452c480cbdcc9853827f24 Mon Sep 17 00:00:00 2001 From: Puneet Dixit Date: Thu, 21 May 2026 16:44:53 +0530 Subject: [PATCH 1/2] Improve HTTPS-on-HTTP parser error --- CHANGES/10142.bugfix.rst | 1 + CONTRIBUTORS.txt | 1 + aiohttp/_http_parser.pyx | 3 +++ aiohttp/http_exceptions.py | 5 +++++ tests/test_http_parser.py | 9 +++++++++ 5 files changed, 19 insertions(+) create mode 100644 CHANGES/10142.bugfix.rst diff --git a/CHANGES/10142.bugfix.rst b/CHANGES/10142.bugfix.rst new file mode 100644 index 00000000000..821db59818d --- /dev/null +++ b/CHANGES/10142.bugfix.rst @@ -0,0 +1 @@ +Improved the parser error message shown when TLS handshake bytes are received on an HTTP port -- by :user:`puneetdixit200`. diff --git a/CONTRIBUTORS.txt b/CONTRIBUTORS.txt index b65e45ddc4a..428ac1a1fee 100644 --- a/CONTRIBUTORS.txt +++ b/CONTRIBUTORS.txt @@ -316,6 +316,7 @@ Phebe Polk Philipp A. Pierre-Louis Peeters Pieter van Beek +Puneet Dixit Qiao Han Rafael Viotti Rahul Nahata diff --git a/aiohttp/_http_parser.pyx b/aiohttp/_http_parser.pyx index b1b642330bd..5b50645d070 100644 --- a/aiohttp/_http_parser.pyx +++ b/aiohttp/_http_parser.pyx @@ -25,6 +25,7 @@ from .http_exceptions import ( BadHttpMethod, BadStatusLine, ContentLengthError, + HTTPS_ON_HTTP_PORT_ERROR, InvalidHeader, InvalidURLError, LineTooLong, @@ -932,6 +933,8 @@ cdef parser_error_from_errno(cparser.llhttp_t* parser, data, pointer): cparser.HPE_INVALID_TRANSFER_ENCODING}: return BadHttpMessage(err_msg) elif errno == cparser.HPE_INVALID_METHOD: + if data.startswith(b"\x16\x03"): + return BadHttpMethod(error=HTTPS_ON_HTTP_PORT_ERROR) return BadHttpMethod(error=err_msg) elif errno in {cparser.HPE_INVALID_STATUS, cparser.HPE_INVALID_VERSION, diff --git a/aiohttp/http_exceptions.py b/aiohttp/http_exceptions.py index 95d0d6373ae..acd96de23e2 100644 --- a/aiohttp/http_exceptions.py +++ b/aiohttp/http_exceptions.py @@ -94,10 +94,15 @@ def __init__(self, line: str = "", error: str | None = None) -> None: self.line = line +HTTPS_ON_HTTP_PORT_ERROR = "Received HTTPS traffic on an HTTP port" + + class BadHttpMethod(BadStatusLine): """Invalid HTTP method in status line.""" def __init__(self, line: str = "", error: str | None = None) -> None: + if error is None and line.startswith("\x16\x03"): + error = HTTPS_ON_HTTP_PORT_ERROR super().__init__(line, error or f"Bad HTTP method in status line {line!r}") diff --git a/tests/test_http_parser.py b/tests/test_http_parser.py index bb9ef3393bb..88269684973 100644 --- a/tests/test_http_parser.py +++ b/tests/test_http_parser.py @@ -1600,6 +1600,15 @@ def test_http_request_parser_bad_method( ) +def test_http_request_parser_tls_handshake_on_http_port( + parser: HttpRequestParser, +) -> None: + with pytest.raises(http_exceptions.BadHttpMethod) as ctx: + parser.feed_data(b"\x16\x03\x03\x01F\x01\r\n\r\n") + + assert "Received HTTPS traffic on an HTTP port" in str(ctx.value) + + def test_http_request_parser_bad_version(parser: HttpRequestParser) -> None: with pytest.raises(http_exceptions.BadHttpMessage): parser.feed_data(b"GET //get HT/11\r\nHost: a\r\n\r\n") From 233f352f16731dbe3c4fa7d052e0df99b45993ed Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Thu, 21 May 2026 11:17:37 +0000 Subject: [PATCH 2/2] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- aiohttp/_http_parser.pyx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aiohttp/_http_parser.pyx b/aiohttp/_http_parser.pyx index 5b50645d070..7a950f0f3ae 100644 --- a/aiohttp/_http_parser.pyx +++ b/aiohttp/_http_parser.pyx @@ -21,11 +21,11 @@ from aiohttp.helpers import DEBUG, set_exception from .helpers import HeadersDictProxy as _HeadersDictProxy from .http_exceptions import ( + HTTPS_ON_HTTP_PORT_ERROR, BadHttpMessage, BadHttpMethod, BadStatusLine, ContentLengthError, - HTTPS_ON_HTTP_PORT_ERROR, InvalidHeader, InvalidURLError, LineTooLong,