Author: Ben Darnell <[email protected]>
Branch: ssl_moving_write_buffer
Changeset: r65391:d78b1a28fe34
Date: 2013-07-13 10:32 -0400
http://bitbucket.org/pypy/pypy/changeset/d78b1a28fe34/
Log: Add the SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER flag.
This disables a sanity check in openssl that can cause problems when
it is used in non-blocking mode and the GC causes the address of a
str object to change (https://bugs.pypy.org/issue1238).
diff --git a/pypy/module/_ssl/interp_ssl.py b/pypy/module/_ssl/interp_ssl.py
--- a/pypy/module/_ssl/interp_ssl.py
+++ b/pypy/module/_ssl/interp_ssl.py
@@ -722,7 +722,10 @@
libssl_SSL_CTX_set_verify(ss.ctx, verification_mode, None)
ss.ssl = libssl_SSL_new(ss.ctx) # new ssl struct
libssl_SSL_set_fd(ss.ssl, sock_fd) # set the socket for SSL
- libssl_SSL_set_mode(ss.ssl, SSL_MODE_AUTO_RETRY)
+ # The ACCEPT_MOVING_WRITE_BUFFER flag is necessary because the address
+ # of a str object may be changed by the garbage collector.
+ libssl_SSL_set_mode(ss.ssl,
+ SSL_MODE_AUTO_RETRY |
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)
# If the socket is in non-blocking mode or timeout mode, set the BIO
# to non-blocking mode (blocking is the default)
diff --git a/rpython/rlib/ropenssl.py b/rpython/rlib/ropenssl.py
--- a/rpython/rlib/ropenssl.py
+++ b/rpython/rlib/ropenssl.py
@@ -93,6 +93,7 @@
SSL_RECEIVED_SHUTDOWN = rffi_platform.ConstantInteger(
"SSL_RECEIVED_SHUTDOWN")
SSL_MODE_AUTO_RETRY = rffi_platform.ConstantInteger("SSL_MODE_AUTO_RETRY")
+ SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER =
rffi_platform.ConstantInteger("SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER")
NID_subject_alt_name =
rffi_platform.ConstantInteger("NID_subject_alt_name")
GEN_DIRNAME = rffi_platform.ConstantInteger("GEN_DIRNAME")
_______________________________________________
pypy-commit mailing list
[email protected]
http://mail.python.org/mailman/listinfo/pypy-commit
