This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author martin.panter
Recipients EWDurbin, alex, benjamin.peterson, geertj, georg.brandl, jmadden, koobs, larry, lemburg, martin.panter, python-dev, skrah, vincent-legoll, yan12125
Date 2016-01-12.11:45:28
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
Marc-Andre: This is a fix or workaround for the problem I first described in <>. It looks like the code was written by Geert Jansen in Issue 21965. I suspect it is not right, but I am not familiar enough with the Open SSL API to be certain.

Geert: can you shed any light on why ssl_io_loop() in /Lib/test/ catches SSL_ERROR_SYSCALL and immediately retries the call? I found that when the call is unwrap(), and the remote end has shut down the TCP connection without a secure SSL-level shutdown, this calls unwrap() over and over in an infinite loop.

Geert’s comment, that my latest patch removes, mentions a spurious SSL_ERROR_SYSCALL for non-blocking IO, especially for SSL_shutdown(), which is what the Python-level unwrap() method calls. Even though the OS-level socket is blocking, I guess from Open SSL’s point of view it is doing non-blocking IO through the BIO interface.

The manual page <> does mention a quirk with SSL_ERROR_SYSCALL, but only for a return value of zero, indicating the operation is half done. Python’s SSL module does not seem to pay any attention to any error codes if SSL_shutdown() returns zero; see <>. It just retries once, and then either returns the socket or None, never raising an exception. When the infinite loop problem occurs, the SSL_shutdown() return value is negative, indicating failure.
Date User Action Args
2016-01-12 11:45:29martin.pantersetrecipients: + martin.panter, lemburg, georg.brandl, geertj, larry, benjamin.peterson, alex, skrah, python-dev, koobs, jmadden, yan12125, vincent-legoll, EWDurbin
2016-01-12 11:45:29martin.pantersetmessageid: <>
2016-01-12 11:45:28martin.panterlinkissue25940 messages
2016-01-12 11:45:28martin.pantercreate