Message 391131 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	vstinner
Recipients	christian.heimes, vstinner
Date	2021-04-15.12:49:56
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1618490997.04.0.782752491303.issue43855@roundup.psfhosted.org>
In-reply-to

Content
macOS of GitHub Action failed: https://github.com/python/cpython/pull/25400/checks?check_run_id=2344085246 ERROR: test_msg_callback_deadlock_bpo43577 (test.test_ssl.TestSSLDebug) ---------------------------------------------------------------------- Traceback (most recent call last): File "/Users/runner/work/cpython/cpython/Lib/test/test_ssl.py", line 4799, in test_msg_callback_deadlock_bpo43577 s.connect((HOST, server.port)) File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 1342, in connect self._real_connect(addr, False) File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 1329, in _real_connect super().connect(addr) ConnectionRefusedError: [Errno 61] Connection refused Test code: def test_msg_callback_deadlock_bpo43577(self): client_context, server_context, hostname = testing_context() server_context2 = testing_context()[1] def msg_cb(conn, direction, version, content_type, msg_type, data): pass def sni_cb(sock, servername, ctx): sock.context = server_context2 server_context._msg_callback = msg_cb server_context.sni_callback = sni_cb server = ThreadedEchoServer(context=server_context, chatty=False) with server: with client_context.wrap_socket(socket.socket(), server_hostname=hostname) as s: s.connect((HOST, server.port)) with client_context.wrap_socket(socket.socket(), server_hostname=hostname) as s: s.connect((HOST, server.port)) # <===== FAIL HERE ==== test.pythoninfo: ssl.HAS_SNI: True ssl.OPENSSL_VERSION: OpenSSL 1.1.1k 25 Mar 2021 ssl.OPENSSL_VERSION_INFO: (1, 1, 1, 11, 15) ssl.OP_ALL: 0x80000054 ssl.OP_NO_TLSv1_1: 0x10000000 ssl.SSLContext.maximum_version: MAXIMUM_SUPPORTED ssl.SSLContext.minimum_version: MINIMUM_SUPPORTED ssl.SSLContext.options: OP_NO_COMPRESSION\|OP_ENABLE_MIDDLEBOX_COMPAT\|OP_CIPHER_SERVER_PREFERENCE\|OP_NO_SSLv3\|0x80000054 ssl.SSLContext.protocol: PROTOCOL_TLS ssl.SSLContext.verify_mode: CERT_NONE ssl.default_https_context.maximum_version: MAXIMUM_SUPPORTED ssl.default_https_context.minimum_version: MINIMUM_SUPPORTED ssl.default_https_context.options: OP_NO_COMPRESSION\|OP_ENABLE_MIDDLEBOX_COMPAT\|OP_CIPHER_SERVER_PREFERENCE\|OP_NO_SSLv3\|0x80000054 ssl.default_https_context.protocol: PROTOCOL_TLS ssl.default_https_context.verify_mode: CERT_REQUIRED ssl.stdlib_context.maximum_version: MAXIMUM_SUPPORTED ssl.stdlib_context.minimum_version: MINIMUM_SUPPORTED ssl.stdlib_context.options: OP_NO_COMPRESSION\|OP_ENABLE_MIDDLEBOX_COMPAT\|OP_CIPHER_SERVER_PREFERENCE\|OP_NO_SSLv3\|0x80000054 ssl.stdlib_context.protocol: PROTOCOL_TLS ssl.stdlib_context.verify_mode: CERT_NONE The test was added recently: commit 77cde5042a2f1eae489c11a67540afaf43cd5cdf Author: Christian Heimes <christian@python.org> Date: Sun Mar 21 16:13:09 2021 +0100 bpo-43577: Fix deadlock with SSLContext._msg_callback and sni_callback (GH-24957) OpenSSL copies the internal message callback from SSL_CTX->msg_callback to SSL->msg_callback. SSL_set_SSL_CTX() does not update SSL->msg_callback to use the callback value of the new context. PySSL_set_context() now resets the callback and _PySSL_msg_callback() resets thread state in error path. Signed-off-by: Christian Heimes <christian@python.org>

macOS of GitHub Action failed:
https://github.com/python/cpython/pull/25400/checks?check_run_id=2344085246

ERROR: test_msg_callback_deadlock_bpo43577 (test.test_ssl.TestSSLDebug)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/Users/runner/work/cpython/cpython/Lib/test/test_ssl.py", line 4799, in test_msg_callback_deadlock_bpo43577
    s.connect((HOST, server.port))
  File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 1342, in connect
    self._real_connect(addr, False)
  File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 1329, in _real_connect
    super().connect(addr)
ConnectionRefusedError: [Errno 61] Connection refused


Test code:

    def test_msg_callback_deadlock_bpo43577(self):
        client_context, server_context, hostname = testing_context()
        server_context2 = testing_context()[1]

        def msg_cb(conn, direction, version, content_type, msg_type, data):
            pass

        def sni_cb(sock, servername, ctx):
            sock.context = server_context2

        server_context._msg_callback = msg_cb
        server_context.sni_callback = sni_cb

        server = ThreadedEchoServer(context=server_context, chatty=False)
        with server:
            with client_context.wrap_socket(socket.socket(),
                                            server_hostname=hostname) as s:
                s.connect((HOST, server.port))
            with client_context.wrap_socket(socket.socket(),
                                            server_hostname=hostname) as s:
                s.connect((HOST, server.port))  # <===== FAIL HERE ====


test.pythoninfo:

ssl.HAS_SNI: True
ssl.OPENSSL_VERSION: OpenSSL 1.1.1k  25 Mar 2021
ssl.OPENSSL_VERSION_INFO: (1, 1, 1, 11, 15)
ssl.OP_ALL: 0x80000054
ssl.OP_NO_TLSv1_1: 0x10000000
ssl.SSLContext.maximum_version: MAXIMUM_SUPPORTED
ssl.SSLContext.minimum_version: MINIMUM_SUPPORTED
ssl.SSLContext.options: OP_NO_COMPRESSION|OP_ENABLE_MIDDLEBOX_COMPAT|OP_CIPHER_SERVER_PREFERENCE|OP_NO_SSLv3|0x80000054
ssl.SSLContext.protocol: PROTOCOL_TLS
ssl.SSLContext.verify_mode: CERT_NONE
ssl.default_https_context.maximum_version: MAXIMUM_SUPPORTED
ssl.default_https_context.minimum_version: MINIMUM_SUPPORTED
ssl.default_https_context.options: OP_NO_COMPRESSION|OP_ENABLE_MIDDLEBOX_COMPAT|OP_CIPHER_SERVER_PREFERENCE|OP_NO_SSLv3|0x80000054
ssl.default_https_context.protocol: PROTOCOL_TLS
ssl.default_https_context.verify_mode: CERT_REQUIRED
ssl.stdlib_context.maximum_version: MAXIMUM_SUPPORTED
ssl.stdlib_context.minimum_version: MINIMUM_SUPPORTED
ssl.stdlib_context.options: OP_NO_COMPRESSION|OP_ENABLE_MIDDLEBOX_COMPAT|OP_CIPHER_SERVER_PREFERENCE|OP_NO_SSLv3|0x80000054
ssl.stdlib_context.protocol: PROTOCOL_TLS
ssl.stdlib_context.verify_mode: CERT_NONE


The test was added recently:

commit 77cde5042a2f1eae489c11a67540afaf43cd5cdf
Author: Christian Heimes <christian@python.org>
Date:   Sun Mar 21 16:13:09 2021 +0100

    bpo-43577: Fix deadlock with SSLContext._msg_callback and sni_callback (GH-24957)
    
    OpenSSL copies the internal message callback from SSL_CTX->msg_callback to
    SSL->msg_callback. SSL_set_SSL_CTX() does not update SSL->msg_callback
    to use the callback value of the new context.
    
    PySSL_set_context() now resets the callback and _PySSL_msg_callback()
    resets thread state in error path.
    
    Signed-off-by: Christian Heimes <christian@python.org>

History
Date	User	Action	Args
2021-04-15 12:49:57	vstinner	set	recipients: + vstinner, christian.heimes
2021-04-15 12:49:57	vstinner	set	messageid: <1618490997.04.0.782752491303.issue43855@roundup.psfhosted.org>
2021-04-15 12:49:57	vstinner	link	issue43855 messages
2021-04-15 12:49:56	vstinner	create