-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
C locking callback #3226
C locking callback #3226
Conversation
The Python OpenSSL locking callback is unsafe; if GC is triggered during the callback's invocation, it can result in the callback being invoked reentrantly, which can lead to deadlocks. This patch replaces it with one in C that gets built at compile time via cffi along with the rest of the OpenSSL binding.
jenkins, retest this please. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we try to fail gracefully on pythons with no threading? I think I'd rather do it this way and see what happens. Still need to sort out the licensing before we can merge this though.
I don't think the previous implementation failed gracefully in such cases. On Tue, Nov 8, 2016 at 12:47 AM, Paul Kehrer [email protected]
"I disapprove of what you say, but I will defend to the death your right to |
int _setup_ssl_threads(void) { | ||
unsigned int i; | ||
|
||
if (_ssl_locks == NULL) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does it make sense to check for CRYPTO_get_locking_callback() == NULL
as well?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It looks like in this version we call __import__("_ssl")
but then we register our callback anyway. We should check to see if the callback is already registered before we register anything.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The if cls.lib.CRYPTO_get_locking_callback() != cls.ffi.NULL
is still there.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sigh, the problems with just looking at diffs. Yep, this is fine then.
@@ -1,3 +1,5 @@ | |||
# -*- coding: utf8 -*- |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This has unicode in it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The copyright symbol. I copied it directly out o the license file.
Jenkins, retest this please. |
No description provided.