Handle SSLWantReadError when using local certificates (see #9)

Author: simonrob

README.md

@@ -6,10 +6,10 @@ An IMAP/SMTP proxy that transparently adds OAuth 2.0 authentication for client a
 Many email services that provide IMAP/SMTP access require the use of OAuth 2.0 to authenticate the connection, but not all clients support this method. This script creates a simple local proxy that intercepts the standard IMAP/SMTP authentication commands and transparently replaces them with the appropriate (X)OAuth 2.0 commands and credentials. Your email client can continue to use the traditional `login` or `auth`/`authenticate` options, with no need to make it aware of OAuth's existence.
 
 ### Example use-cases
-- You need to use an Office 365 email account, but don't get on with Outlook. The email client you like doesn't support OAuth2.
+- You need to use an Office 365 email account, but don't get on with Outlook. The email client you like doesn't support OAuth 2.0.
 - You currently use Gmail with your raw account credentials (i.e., username/password). You've received a notification that Google is disabling this access at the end of May 2022, but you don't want to use an [App Password](https://support.google.com/accounts/answer/185833) (or cannot enable this option).
-- You have an account already set up in an email client, but you need to switch it to OAuth2 authentication. You can edit the server details, but the client forces you to delete and re-add the account to enable OAuth2, and you don't want to do this.
-- You run a server with multiple services that use IMAP/SMTP, and you don't want to have to set up OAuth2 independently on each one.
+- You have an account already set up in an email client, but you need to switch it to OAuth 2.0 authentication. You can edit the server details, but the client forces you to delete and re-add the account to enable OAuth 2.0, and you don't want to do this.
+- You run a server with multiple services that use IMAP/SMTP, and you don't want to have to set up OAuth 2.0 independently on each one.
 
 In all of these cases and more, this proxy script can help. Follow the instructions below to get started, and please [open an issue](https://github.com/simonrob/email-oauth2-proxy/issues) with any problems or suggestions.
 

emailproxy.py

@@ -526,20 +526,22 @@ def get_data(self):
         try:
             byte_data = self.recv(RECEIVE_BUFFER_SIZE)
             return byte_data
-        except BlockingIOError:
+        except ssl.SSLWantReadError:
+            Log.info(
+                'Warning: ignoring client-side SSLWantReadError (see github.com/simonrob/email-oauth2-proxy/issues/9)')
             return
         except OSError:
             self.handle_error()
-            return
 
     def handle_read(self):
         byte_data = self.get_data()
+        if not byte_data:
+            return
 
         # client is established after server; this state should not happen unless already closing
         if not self.server_connection:
-            if byte_data:
-                Log.debug(self.proxy_type, self.connection_info,
-                          'Data received without server connection - ignoring and closing:', byte_data)
+            Log.debug(self.proxy_type, self.connection_info,
+                      'Data received without server connection - ignoring and closing:', byte_data)
             self.close()
             return
 
@@ -788,16 +790,16 @@ def get_data(self):
             return
         except OSError:
             self.handle_error()
-            return
 
     def handle_read(self):
         byte_data = self.get_data()
+        if not byte_data:
+            return
 
         # data received before client is connected (or after client has disconnected) - ignore
         if not self.client_connection:
-            if byte_data:
-                Log.debug(self.proxy_type, self.connection_info, 'Data received without client connection - ignoring:',
-                          byte_data)
+            Log.debug(self.proxy_type, self.connection_info, 'Data received without client connection - ignoring:',
+                      byte_data)
             return
 
         # we have already authenticated - nothing to do; just pass data directly to client, ignoring overridden method