classification
Title: Borrow asyncio ssl implementation from uvloop
Type: enhancement Stage: patch review
Components: asyncio Versions: Python 3.10
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: asvetlov Nosy List: asvetlov, christian.heimes, pablogsal, yselivanov
Priority: critical Keywords: patch

Created on 2021-05-02 20:33 by asvetlov, last changed 2021-05-03 15:37 by pablogsal.

Pull Requests
URL Status Linked Edit
PR 17975 merged asvetlov, 2021-05-02 20:34
PR 25840 merged christian.heimes, 2021-05-03 06:37
PR 25842 merged asvetlov, 2021-05-03 08:26
PR 25846 open asvetlov, 2021-05-03 10:14
PR 25848 merged pablogsal, 2021-05-03 12:54
Messages (13)
msg392726 - (view) Author: Andrew Svetlov (asvetlov) * (Python committer) Date: 2021-05-02 20:33
There is a PR created a long time ago.
Finally, I've ported tests for it also.

The documentation doesn't mention new ssh_shutdown_timeout parameter yet.

The latest changes from https://github.com/MagicStack/uvloop/pull/385 can be applied separately.
msg392739 - (view) Author: Andrew Svetlov (asvetlov) * (Python committer) Date: 2021-05-02 21:34
New changeset 5fb06edbbb769561e245d0fe13002bab50e2ae60 by Andrew Svetlov in branch 'master':
bpo-44011: New asyncio ssl implementation (#17975)
https://github.com/python/cpython/commit/5fb06edbbb769561e245d0fe13002bab50e2ae60
msg392769 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2021-05-03 06:32
The commit has broken multiple build bots, e.g .https://buildbot.python.org/all/#/builders/345/builds/134/steps/5/logs/stdio The new code is missing checks for presence of ssl module. It's an optional component.
msg392771 - (view) Author: Karthikeyan Singaravelan (xtreak) * (Python committer) Date: 2021-05-03 07:16
The PR made sslproto a hard dependency that even import asyncio fails on non-ssl builds and thus anything that indirectly import asyncio also fails. It seems some of the test modules can be skipped. Some parts of the asyncio codebase already has checks for ssl and has to be done for new parts. Attached is a patch to add more checks but it will be helpful to ensure only relevant parts that absolutely require ssl are skipped.

The test_make_socket_transport is slightly tricky since it tries to simulate ssl being not present by patching it but mock does import of sslproto which will fail since SSLAgainErrors is initialized at module level. Perhaps the test can be modified better to only mock if ssl is not present.


diff --git a/Lib/asyncio/base_events.py b/Lib/asyncio/base_events.py
index e54ee309e4..6ccac76dfb 100644
--- a/Lib/asyncio/base_events.py
+++ b/Lib/asyncio/base_events.py
@@ -41,13 +41,14 @@
 from . import exceptions
 from . import futures
 from . import protocols
-from . import sslproto
 from . import staggered
 from . import tasks
 from . import transports
 from . import trsock
 from .log import logger
 
+if ssl is not None:
+    from . import sslproto
 
 __all__ = 'BaseEventLoop',
 
diff --git a/Lib/asyncio/proactor_events.py b/Lib/asyncio/proactor_events.py
index 10852afe2b..ac0dc1978c 100644
--- a/Lib/asyncio/proactor_events.py
+++ b/Lib/asyncio/proactor_events.py
@@ -19,11 +19,17 @@
 from . import futures
 from . import exceptions
 from . import protocols
-from . import sslproto
 from . import transports
 from . import trsock
 from .log import logger
 
+try:
+    import ssl
+except ImportError:  # pragma: no cover
+    ssl = None
+
+if ssl is not None:
+    from . import sslproto
 
 def _set_socket_extra(transport, sock):
     transport._extra['socket'] = trsock.TransportSocket(sock)
@@ -826,6 +832,9 @@ def loop(f=None):
                                      server, addr, conn)
                     protocol = protocol_factory()
                     if sslcontext is not None:
+                        if ssl is None:
+                            raise RuntimeError('Python ssl module is not available')
+
                         self._make_ssl_transport(
                             conn, protocol, sslcontext, server_side=True,
                             extra={'peername': addr}, server=server,
diff --git a/Lib/asyncio/selector_events.py b/Lib/asyncio/selector_events.py
index 63ab15f30f..9bc9a03699 100644
--- a/Lib/asyncio/selector_events.py
+++ b/Lib/asyncio/selector_events.py
@@ -23,11 +23,12 @@
 from . import events
 from . import futures
 from . import protocols
-from . import sslproto
 from . import transports
 from . import trsock
 from .log import logger
 
+if ssl is not None:
+    from . import sslproto
 
 def _test_selector_event(selector, fd, event):
     # Test if the selector is monitoring 'event' events
@@ -213,6 +214,9 @@ def _accept_connection(
             protocol = protocol_factory()
             waiter = self.create_future()
             if sslcontext:
+                if ssl is None:
+                    raise RuntimeError('Python ssl module is not available')
+
                 transport = self._make_ssl_transport(
                     conn, protocol, sslcontext, waiter=waiter,
                     server_side=True, extra=extra, server=server,
diff --git a/Lib/test/test_asyncio/test_selector_events.py b/Lib/test/test_asyncio/test_selector_events.py
index 349e4f2dca..6aaa7a86be 100644
--- a/Lib/test/test_asyncio/test_selector_events.py
+++ b/Lib/test/test_asyncio/test_selector_events.py
@@ -70,6 +70,7 @@ def test_make_socket_transport(self):
 
         close_transport(transport)
 
+    @unittest.skipIf(ssl is None, 'No ssl module')
     @mock.patch('asyncio.selector_events.ssl', None)
     @mock.patch('asyncio.sslproto.ssl', None)
     def test_make_ssl_transport_without_ssl_error(self):
diff --git a/Lib/test/test_asyncio/test_ssl.py b/Lib/test/test_asyncio/test_ssl.py
index 38235c63e0..c58346bcab 100644
--- a/Lib/test/test_asyncio/test_ssl.py
+++ b/Lib/test/test_asyncio/test_ssl.py
@@ -1,3 +1,8 @@
+from test.support import import_helper
+
+# Skip tests if we don't have ssl
+import_helper.import_module('ssl')
+
 import asyncio
 import asyncio.sslproto
 import contextlib
diff --git a/Lib/test/test_asyncio/test_sslproto.py b/Lib/test/test_asyncio/test_sslproto.py
index 79a81bd8c3..2edbb11b58 100644
--- a/Lib/test/test_asyncio/test_sslproto.py
+++ b/Lib/test/test_asyncio/test_sslproto.py
@@ -11,6 +11,9 @@
 except ImportError:
     ssl = None
 
+# Skip tests if we don't have ssl
+support.import_helper.import_module('ssl')
+
 import asyncio
 from asyncio import log
 from asyncio import protocols
msg392774 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2021-05-03 07:32
PR GH-25840 fixes most issues. Gentoo with X buildbot https://buildbot.python.org/all/#builders/465/builds/23 has one failing test.

======================================================================
ERROR: test_create_server_ssl_over_ssl (test.test_asyncio.test_ssl.TestSSL)
----------------------------------------------------------------------
asyncio.exceptions.CancelledError
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
  File "/buildbot/buildarea/cpython/pull_request.ware-gentoo-x86.installed/build/target/lib/python3.10/asyncio/tasks.py", line 458, in wait_for
    fut.result()
asyncio.exceptions.CancelledError
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
  File "/buildbot/buildarea/cpython/pull_request.ware-gentoo-x86.installed/build/target/lib/python3.10/test/test_asyncio/test_ssl.py", line 1157, in test_create_server_ssl_over_ssl
    self.loop.run_until_complete(start_server())
  File "/buildbot/buildarea/cpython/pull_request.ware-gentoo-x86.installed/build/target/lib/python3.10/asyncio/base_events.py", line 644, in run_until_complete
    return future.result()
  File "/buildbot/buildarea/cpython/pull_request.ware-gentoo-x86.installed/build/target/lib/python3.10/test/test_asyncio/test_ssl.py", line 1150, in start_server
    await asyncio.wait_for(asyncio.gather(*tasks), TIMEOUT)
  File "/buildbot/buildarea/cpython/pull_request.ware-gentoo-x86.installed/build/target/lib/python3.10/asyncio/tasks.py", line 460, in wait_for
    raise exceptions.TimeoutError() from exc
asyncio.exceptions.TimeoutError
----------------------------------------------------------------------
msg392775 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2021-05-03 07:39
New changeset 37ebdf0a866457ce825d0ff6e498a10938895760 by Christian Heimes in branch 'master':
bpo-44011: Fix asyncio tests without ssl module (GH-25840)
https://github.com/python/cpython/commit/37ebdf0a866457ce825d0ff6e498a10938895760
msg392776 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2021-05-03 07:41
I have merged my PR to unblock buildbots. Karthikeyan has made suggestions how to improve the tests even further. CI also had some issues with OpenSSL 3.0.0-alpha15. Please run the tests with new OpenSSL version, too. "make multissltest" automates download, compilation, local installation, and testing.
msg392798 - (view) Author: Pablo Galindo Salgado (pablogsal) * (Python committer) Date: 2021-05-03 12:34
Since commit https://github.com/python/cpython/commit/5fb06edbbb769561e245d0fe13002bab50e2ae60 was merged there are multiple timeouts in several buildbots. Unfortunately if this is not fixed by the time I need to do the beta release I may need to revert all these commits until all buildbots are stable again.

Could someone investigate those timeouts?

For instance, check:

https://buildbot.python.org/all/#/builders/464/builds/138
msg392799 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2021-05-03 12:41
When was https://buildbot.python.org/all/#/builders/464/builds/138 start? The build properties tab doesn't have a start timestamp.

Andrew, increase timeout doesn't seem to help. It's looks like the test suite is leaking threads on error.
msg392800 - (view) Author: Pablo Galindo Salgado (pablogsal) * (Python committer) Date: 2021-05-03 12:56
I have created https://github.com/python/cpython/pull/25848 for the revert, in case this is not fixed in the next hours or so.

Given the nature of PR 17975, this should have tested with the buildbots as the release team asked in:

https://mail.python.org/archives/list/python-committers@python.org/thread/SIJQE3BZ6ICCGNJWFR4YR65BQBJJZZAZ/

and

https://mail.python.org/archives/list/python-committers@python.org/thread/V7V5JHKZCJVE2GTI5NFEP3PNKOLH35VL/
msg392802 - (view) Author: Pablo Galindo Salgado (pablogsal) * (Python committer) Date: 2021-05-03 13:00
Specifically this part of both messages:

>> If your change involves some platform-specific behaviour or has a
>> non-trivial amount of C code, make sure you run the buildbots
>> in your Pull Request by using the "test-with-buildbots" label (
>> https://discuss.python.org/t/now-you-can-test-a-pr-with-the-buildbots-before...).
>> Alternatively you could check the buildbots post-merge in the buildbot server:
>> https://buildbot.python.org/all/#/builders?tags=%2B3.x&tags=%2Bstable
>> This is very important because if problems are detected at the time >> of the
>> release, the release management team may have to revert
>> the changes and therefore those will not be included in Python 3.10.
msg392813 - (view) Author: Pablo Galindo Salgado (pablogsal) * (Python committer) Date: 2021-05-03 15:22
New changeset 7719953b30430b351ba0f153c2b51b16cc68ee36 by Pablo Galindo in branch 'master':
bpo-44011: Revert "New asyncio ssl implementation (GH-17975)" (GH-25848)
https://github.com/python/cpython/commit/7719953b30430b351ba0f153c2b51b16cc68ee36
msg392815 - (view) Author: Pablo Galindo Salgado (pablogsal) * (Python committer) Date: 2021-05-03 15:37
Unfortunately I have reverted 5fb06edbbb769561e245d0fe13002bab50e2ae60 commit to unblock the beta release :(

I know that nobody wants this but my responsibilities as a release manager is to safeguard the stability of the release and we are too close to the beta release to do all the testing we need, giving that many buildbots have been broken in a short timespan.

Andrew, we can try to get your PR merge between beta 1 and beta 2 but once we have done extensive testing and we know that there will be no impact on the buildbots and the CI.

Thank you all for your understanding
History
Date User Action Args
2021-05-03 15:37:22pablogsalsetmessages: + msg392815
2021-05-03 15:22:02pablogsalsetmessages: + msg392813
2021-05-03 13:00:16pablogsalsetmessages: + msg392802
2021-05-03 12:56:11pablogsalsetmessages: + msg392800
2021-05-03 12:54:25pablogsalsetpull_requests: + pull_request24531
2021-05-03 12:41:10christian.heimessetmessages: + msg392799
2021-05-03 12:34:46pablogsalsetmessages: + msg392798
2021-05-03 10:14:01asvetlovsetpull_requests: + pull_request24529
2021-05-03 08:26:22asvetlovsetpull_requests: + pull_request24526
2021-05-03 07:41:57christian.heimessetpriority: release blocker -> critical
assignee: asvetlov
messages: + msg392776
2021-05-03 07:39:05christian.heimessetmessages: + msg392775
2021-05-03 07:32:22christian.heimessetnosy: - xtreak
type: enhancement
messages: + msg392774
2021-05-03 07:16:17xtreaksetnosy: + xtreak
messages: + msg392771
2021-05-03 06:38:53xtreaksetnosy: + pablogsal
2021-05-03 06:37:20christian.heimessetpull_requests: + pull_request24524
2021-05-03 06:32:51christian.heimessetpriority: normal -> release blocker
nosy: + christian.heimes
messages: + msg392769

2021-05-02 21:34:22asvetlovsetmessages: + msg392739
2021-05-02 20:34:03asvetlovsetkeywords: + patch
stage: patch review
pull_requests: + pull_request24507
2021-05-02 20:33:40asvetlovcreate