[issue17672] ssl unclean shutdown
Hiroaki Kawai
report at bugs.python.org
Tue Apr 9 16:36:14 CEST 2013
Hiroaki Kawai added the comment:
Please run the test so that you'll see the problem.
2013/4/9 Antoine Pitrou <report at bugs.python.org>
>
> Antoine Pitrou added the comment:
>
> I don't think your patch is right:
>
> - calling unwrap() already shuts down the SSL layer; this is the right way
> to do it and is documented as such: "Performs the SSL shutdown handshake,
> which removes the TLS layer from the underlying socket, and returns the
> underlying socket object"
>
> - shutdown() right now isn't blocking; if you add a call to SSL shutdown,
> it can either block or fail with EAGAIN or similar, which is something
> people won't expect
>
> - close() should simply close the file descriptor, like on a regular
> socket (if you call socket.close(), it won't shutdown the TCP connection,
> especially if there's another file descriptor referencing the same
> connection)
>
> As for Modules/_ssl.c, the case where SSL_shutdown() returns 0 is already
> handled:
>
> if (err == 0) {
> /* Don't loop endlessly; instead preserve legacy
> behaviour of trying SSL_shutdown() only twice.
> This looks necessary for OpenSSL < 0.9.8m */
> if (++zeros > 1)
> break;
> /* Shutdown was sent, now try receiving */
> self->shutdown_seen_zero = 1;
> continue;
> }
>
> ... so I don't think anything more is necessary.
>
> So I think things are fine right now and your patch shouldn't be applied.
>
> ----------
> nosy: +pitrou
> stage: -> patch review
> versions: -Python 2.6, Python 3.1, Python 3.2, Python 3.5
>
> _______________________________________
> Python tracker <report at bugs.python.org>
> <http://bugs.python.org/issue17672>
> _______________________________________
>
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue17672>
_______________________________________
More information about the Python-bugs-list
mailing list