Message21284
Logged In: YES
user_id=972995
Testing it with Python2.5a2, the problem is still there.
Without the .shutdown(2) (or .shutdown(1)) patch to the
httplib.SharedSocket (base for FakeSocket), the ftps example
freezes on the cmd channel, because the SSL'ed data channel
doesn't close/terminate --> FTPS server doesn't respond on
the cmd channel. The ftps example is most specific to show
the bug.
Yet you can also easily blow up a HTTPS-server with this
decent test code who only opens (bigger!) files and closes
without reading everything:
Python 2.5a2 (r25a2:45740, May 11 2006, 11:25:30)
[GCC 3.3.5 (Debian 1:3.3.5-13)] on linux2
Type "help", "copyright", "credits" or "license" for more
information.
Robert's Interactive Python - TAB=complete
import sys,os,re,string,time,glob,thread,pdb
>>> import urllib
>>> l=[]
>>> for i in range(10):
... f=urllib.urlopen('https://srv/big-Python-2.5a2.tgz')
... f.close()
... l.append(f)
...
>>>
=> in the (apache) servers ssl_engine_log you can see that
connections remain open (until apache times out after 2
minutes) and lots of extra apache daemons are started!
=> f.close() doesn't really close the connection (until it
is __del__'ed )
Trying around I found that the original undeleted f.fp._ssl
is most probably the cause and holds the real socket open.
a f.fp._sock.close() doesn't close also - but only when del
f.fp._ssl is done. (only a f.fp._sock._sock.close() would
force the close). The original fp is held in closures of
.readline(s)/__iter__/next...
--
I now tried an alternative patch (instead of the
shutdown(2)-patch), which also so far seems to cure
everything . Maybe thats the right solution for the bug:
--- httplib.py.orig 2006-05-11 11:25:32.000000000 +0200
+++ httplib.py 2006-05-11 13:45:07.000000000 +0200
@@ -970,6 +970,7 @@
self._shared.decref()
self._closed = 1
self._shared = None
+ self._ssl = None
class SSLFile(SharedSocketClient):
"""File-like object wrapping an SSL socket."""
@@ -1085,6 +1086,7 @@
def close(self):
SharedSocketClient.close(self)
self._sock = self.__class__._closedsocket()
+ self._ssl = None
def makefile(self, mode, bufsize=None):
if mode != 'r' and mode != 'rb':
--------------
In another application with SSL'ed SMTP connections there
arose similar problems.
I also worked around the problem in smtplib.py so far in a
similar style:
def close(self):
self.realsock.shutdown(2)
self.realsock.close()
---
Yet, the right patch maybe (not tested extensively so far):
--- Lib-orig/smtplib.py 2006-05-03 13:10:40.000000000 +0200
+++ Lib/smtplib.py 2006-05-11 13:50:12.000000000 +0200
@@ -142,6 +142,7 @@
sendall = send
def close(self):
+ self.sslobj = None
self.realsock.close()
class SSLFakeFile:
@@ -161,7 +162,7 @@
return str
def close(self):
- pass
+ self.sslobj = None
def quoteaddr(addr):
"""Quote a subset of the email addresses defined by RFC
821.
------------------
-robert |
|
Date |
User |
Action |
Args |
2007-08-23 14:22:53 | admin | link | issue978833 messages |
2007-08-23 14:22:53 | admin | create | |
|