classification
Title: test_ssl.py hangs with SSL 1.1 built with no threads
Type: behavior Stage: resolved
Components: SSL Versions: Python 3.9, Python 3.8, Python 3.7
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: christian.heimes Nosy List: christian.heimes, mig28suarez, miss-islington
Priority: normal Keywords: patch

Created on 2020-05-05 13:20 by mig28suarez, last changed 2020-05-15 20:38 by christian.heimes. This issue is now closed.

Pull Requests
URL Status Linked Edit
PR 19953 merged christian.heimes, 2020-05-06 11:56
PR 20119 merged christian.heimes, 2020-05-15 19:43
PR 20120 merged christian.heimes, 2020-05-15 19:47
Messages (8)
msg368143 - (view) Author: Miguel (mig28suarez) Date: 2020-05-05 13:20
Hello, this is my first python bug report!

I've been running builds of Python 3.7.x on CentOS Linux release 7.7 (64bit/Intel Core
2 Duo) 
and I ran into hangs with test_ssl.py when using latest SSL 1.1.1d sources.

I've done a full compilation from source for Python 3.7.7 and SSL 1.1 in my
workspaces.

From what I can tell the problem is when SSL 1.1 is built with no threading
there is no locking enabled by python.

This one line change will make the hangs in test_ssl.py  go away:

Index: Modules/_ssl.c

--- Modules/_ssl.c      (revision 70)
+++ Modules/_ssl.c      (working copy)
@@ -5875,7 +5875,7 @@
     if (!_setup_ssl_threads()) {
         return NULL;
     }
-#elif OPENSSL_VERSION_1_1 && defined(OPENSSL_THREADS)
+#elif OPENSSL_VERSION_1_1
     / OpenSSL 1.1.0 builtin thread support is enabled /
     _ssl_locks_count++;

# endif

There appears to be an assumption in _ssl.c and test_ssl.y that SSL 1.1 will be
threaded
but this may not be true (as in my case).

Appreciate any feedback. Thanks!
msg368145 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2020-05-05 13:30
How did you build OpenSSL 1.1.1d? Python assumes default build of OpenSSL. Since Python is now always multi-threaded we no longer support non-threaded OpenSSL builds.
msg368155 - (view) Author: Miguel (mig28suarez) Date: 2020-05-05 14:39
I built with 'no-threads' option.
I understand if you no longer wish to support non-threaded SSL. 
But it just seemed to me that you could if you protected the SSL API calls with locking since I can get all your ssl tests to work with this minor change.
msg368176 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2020-05-05 15:49
It not about what I wish or wish not to do.

Python requires thread-safe libraries. A library without proper locking and thread safety is no longer safe to use without great effort and careful locking in the glue code. A non-threaded OpenSSL build will lead to memory corruption and eventually crash the interpreter.
msg368964 - (view) Author: miss-islington (miss-islington) Date: 2020-05-15 18:55
New changeset c087a268a4d4ead8ef2ca21e325423818729da89 by Christian Heimes in branch 'master':
bpo-40515: Require OPENSSL_THREADS (GH-19953)
https://github.com/python/cpython/commit/c087a268a4d4ead8ef2ca21e325423818729da89
msg368969 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2020-05-15 20:36
New changeset 387c7441f589cc45ea86f1fa257af616c39d9a4b by Christian Heimes in branch '3.8':
[3.8] bpo-40515: Require OPENSSL_THREADS (GH-19953) (GH-20119)
https://github.com/python/cpython/commit/387c7441f589cc45ea86f1fa257af616c39d9a4b
msg368970 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2020-05-15 20:37
New changeset efc9065904c4df8962e04303c2c03642f45019b5 by Christian Heimes in branch '3.7':
[3.7] bpo-40515: Require OPENSSL_THREADS (GH-19953) (GH-20120)
https://github.com/python/cpython/commit/efc9065904c4df8962e04303c2c03642f45019b5
msg368971 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2020-05-15 20:38
Users will now get an error message when they are trying to compile against an OpenSSL build without thread support.
History
Date User Action Args
2020-05-15 20:38:47christian.heimessetstatus: open -> closed
versions: + Python 3.8, Python 3.9
messages: + msg368971

resolution: fixed
stage: patch review -> resolved
2020-05-15 20:37:36christian.heimessetmessages: + msg368970
2020-05-15 20:36:57christian.heimessetmessages: + msg368969
2020-05-15 19:47:45christian.heimessetpull_requests: + pull_request19424
2020-05-15 19:43:47christian.heimessetpull_requests: + pull_request19423
2020-05-15 18:55:32miss-islingtonsetnosy: + miss-islington
messages: + msg368964
2020-05-06 11:56:40christian.heimessetkeywords: + patch
stage: patch review
pull_requests: + pull_request19269
2020-05-05 15:49:09christian.heimessetmessages: + msg368176
2020-05-05 14:39:02mig28suarezsetmessages: + msg368155
2020-05-05 13:30:39christian.heimessetmessages: + msg368145
versions: - Python 3.5, Python 3.6, Python 3.8, Python 3.9
2020-05-05 13:20:24mig28suarezcreate