Message258100
Marc-Andre: This is a fix or workaround for the problem I first described in <https://bugs.python.org/issue25940#msg257578>. It looks like the code was written by Geert Jansen in Issue 21965. I suspect it is not right, but I am not familiar enough with the Open SSL API to be certain.
Geert: can you shed any light on why ssl_io_loop() in /Lib/test/test_ssl.py catches SSL_ERROR_SYSCALL and immediately retries the call? I found that when the call is unwrap(), and the remote end has shut down the TCP connection without a secure SSL-level shutdown, this calls unwrap() over and over in an infinite loop.
Geert’s comment, that my latest patch removes, mentions a spurious SSL_ERROR_SYSCALL for non-blocking IO, especially for SSL_shutdown(), which is what the Python-level unwrap() method calls. Even though the OS-level socket is blocking, I guess from Open SSL’s point of view it is doing non-blocking IO through the BIO interface.
The manual page <https://www.openssl.org/docs/manmaster/ssl/SSL_shutdown.html> does mention a quirk with SSL_ERROR_SYSCALL, but only for a return value of zero, indicating the operation is half done. Python’s SSL module does not seem to pay any attention to any error codes if SSL_shutdown() returns zero; see <https://hg.python.org/cpython/annotate/v3.5.1/Modules/_ssl.c#l2051>. It just retries once, and then either returns the socket or None, never raising an exception. When the infinite loop problem occurs, the SSL_shutdown() return value is negative, indicating failure. |
|
Date |
User |
Action |
Args |
2016-01-12 11:45:29 | martin.panter | set | recipients:
+ martin.panter, lemburg, georg.brandl, geertj, larry, benjamin.peterson, alex, skrah, python-dev, koobs, jmadden, yan12125, vincent-legoll, EWDurbin |
2016-01-12 11:45:29 | martin.panter | set | messageid: <1452599129.02.0.32128828503.issue25940@psf.upfronthosting.co.za> |
2016-01-12 11:45:28 | martin.panter | link | issue25940 messages |
2016-01-12 11:45:28 | martin.panter | create | |
|