New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ssl module doesn't support non-blocking handshakes #45592
Comments
The current version of the ssl module doesn't support non-blocking The attached patch fixes this problem by removing the handshaking code |
Assigning to Bill Janssen. |
By a bit of synchronicity, I've been looking at non-blocking SSL issues |
The larger problem here is that straightforward select() just doesn't When packets in SSL arrive at a destination, they are pulled off the |
Yeah, the pattern for doing non-blocking I/O with select() is I can see how this pattern might not play nicely with asyncore. But |
"SSL-wrapped sockets *must* be set non-blocking." Can you say a bit more about why? |
I meant that SSL-wrapped sockets must be set non-blocking in the case With an SSL-wrapped socket, you have to try the I/O operation first, That's my understanding, anyway, based on the OpenSSL man pages and |
Yes, that's correct. I've reviewed your patch, and it looks OK to me. I'll fold it in in the |
Chris, Looking at this a bit harder, I don't see that it accomplishes much. |
I don't know why you think that, but it's easy enough to show that $ ../build/bin/python2.6 nonblocking_handshake.py
starting handshake
need read
need read
need read
handshake complete The second reproduces the situation that led me to file this bug $ ../build/bin/python2.6 blocking_handshake.py
starting handshake
need read
Traceback (most recent call last):
File "blocking_handshake.py", line 14, in <module>
s = ssl.wrap_socket(s,cert_reqs=ssl.CERT_NONE)
File "/Users/cstawarz/Documents/Code/Python/svn/build/lib/
python2.6/ssl.py", line 466, in wrap_socket
ssl_version=ssl_version, ca_certs=ca_certs)
File "/Users/cstawarz/Documents/Code/Python/svn/build/lib/
python2.6/ssl.py", line 103, in __init__
cert_reqs, ssl_version, ca_certs)
ssl.SSLError: [Errno 1] _ssl.c:429: error:04077068:rsa
routines:RSA_verify:bad signature As you see, in both cases the handshaking fails with |
It's my mistake; I was looking at too many patches at the same time. Bill |
Perhaps we shouldn't expose this at the application level. We could |
Bill, You seem to be missing the whole point of doing non-blocking I/O, The point is that the *application* must have control over when it And this has nothing to do with the GIL or multiple threads. Like I |
"You seem to be missing the whole point of doing non-blocking I/O," You know, I think that's right. I'm so used to using threads by now OK, I've folded your patch into the PyPI version, ssl 1.8. It will Bill On 10/15/07, Chris Stawarz <report@bugs.python.org> wrote:
|
This is now checked into the 3K branch. |
Should this be back-ported to 2.6, or can it be closed? |
I'm working on it. I'll close it when it's finished. |
I'm hitting this issue aswell. How is going?. I'm creating a socket with a, let say, 5 seconds timeout. The timeout What can I do?. If I need to call "do_handshake()" myself, working with That is, any difference between "normal" sockets and "ssl" sockets need My opinion, of course :). |
Here's what's in the 3.0 docs: The parameter do_handshake_on_connect specifies whether to do the SSL Look at test.test_ssl.testNonBlockingHandshake() in 3.0alpha or in the PyPI Bill On Thu, May 15, 2008 at 3:56 PM, Jesús Cea Avión <report@bugs.python.org>
|
Thanks, Bill. I was reading 2.6 preview documentation, and nothing is |
This issue is yet not fixed for both Py2.6 and Py3k. The tests which are I understand, customers have a good chance of hitting upon this issue. Janssen, would you like to close on this? bpo-1424152 (for certain scenarios) has a dependency upon this one. |
I believe this is now implemented in all the branches. And when I run the |
Yes Janssen, I checked again and found it implemented in both trunk However, in one of my testcases for bpo-1424152, where I expected the The following is the tail from the traceback. File "/usr/local/lib/python2.6/httplib.py", line 1095, in connect |
Thanks. If you can identify a specific bug, I'll take a look at it. |
Bill, should this issue be closed? Or Senthil found a bug in the actual code and you're waiting for him to |
Well, maybe he found something -- never reported back. But it was a few |
do_handshake() not respecting the socket timeout was fixed in r80452. |
I recently started getting what appears to be this bug in 2.6.6 and 2.7.3 when connecting to Google. My script does this: while True:
get an IMAP connection to Google, if our old one timed out
fetch unread messages. if any:
make an SMTP connection to Google and send some emails
mark the unread messages as read
sleep 10 seconds It used to run fine on 2.6. I'm assuming something changed at Google, because it started hanging, whether in 2.6 or 2.7. Here's the stack trace when I eventually press Ctrl-C: File "./main.py", line 21, in loop FWIW, for the last couple of days my script is *not* hanging, so perhaps Google changed something on their end, avoiding the Python bug. Should this Issue be reopened or should I file a new Issue? |
[...]
I would prefer a new issue to be filed (assuming the error happens |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: