Here is how to reproduce the leak in Python 2.6.4 and Python 2.7:

  import gc
  import socket
  import ssl
  sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  gc.disable()
  gc.collect()
  count0 = gc.get_count()[0]
  for i in xrange(1000):
    ssl.SSLSocket(sock)
  count1 = gc.get_count()[0]
  # This should be less than 100 without the leak, but it is >1000.
  diff = count1 - count0
  assert diff < 1000, diff

The reason why the memory usage has increased is that the SSLSocket objects contain a circular reference (self -> __init__ ->  recv -> lambda -> self), and thus Python cannot free them without garbage collection.

A side effect is that if the SSLSocket doesn't have external references, the underlying socket._realsocket may remain unclosed for a long time (until the garbage collection kicks in), because the SSLSocket still refers to it. Another side effect is that when there is an exception in the wrapping in SSLSocket.accept() (e.g. keyfile not found), then the newly accepted socket won't get closed immediately, and the client will experience a hanging open socket.

With gc.enable(), the leak goes away (the garbage collector finds and frees the SSLSocket objects with circular reference). Python 3.1.1 is not affected since it has a very different SSLSocket implementation.

Here is an easy fix: replace the self.recv = lambda ... lines in the code of ssl.SSLSocket.__init__ with this:

  import socket as socket_module
  for attr in socket_module._delegate_methods:
    delattr(self, attr)  

See the attached patch. You can also download the patch from http://code.google.com/p/pts-mini-gpl/source/browse/trunk/patches/pts-python2.6.4-ssl-init-memory-leak-fix.patch

Committed with test in r80423 (trunk) and r80425 (2.6).
Also ported the test to py3k/3.1. Thanks!