[pyOpenSSL] pyOpenSSL threading issues under Linux
Dan Williams
dcbw at redhat.com
Tue Jul 12 20:28:13 CEST 2005
On Tue, 2005-07-12 at 10:57 -0400, Dan Williams wrote:
> Hi,
> However, even with that patch, python falls over fairly quickly on
> multi-cpu boxes with segfaults, while single-cpu boxes work 90% of the
> time and segfault after a while. Turning off SSL in the testcases
> results in success. Debug builds of python fail fairly quickly using
> SSL under test cases with this message:
>
> Fatal Python error: UNREF invalid object
> Abort
>
> So I've thought of a number of things here:
>
> 1) The pyOpenSSL locking patch I've applied isn't working correctly, or
> I've forgotten some bits
> 2) Maybe we need to grab python locks in the pyOpenSSL locking patch in
> addition to the local pthreads lock
> 3) Perhaps pyOpenSSL needs to lock calls into OpenSSL with python locks
> too
> 4) Incorrect reference counting in pyOpenSSL?
> 5) Incorrect reference counting in python itself?
>
> I'd be very grateful if anyone has tips on how to debug this sort of
> thing, or has insights/ideas about threading, python, OpenSSL, and
> pyOpenSSL. I'd be happy to provide more condensed testcases than just
> the CVSweb link above, if that would help.
In partial reply to myself, this patch seems to help somewhat, along
with the threading one earlier... I'm not sure why though.
--- pyOpenSSL-0.6/src/ssl/context.c.threadsafe 2004-08-06 06:24:38.000000000 -0400
+++ pyOpenSSL-0.6/src/ssl/context.c 2005-07-12 13:34:41.000000000 -0400
@@ -117,12 +117,15 @@
crypto_X509Obj *cert;
int errnum, errdepth, c_ret;
- cert = crypto_X509_New(X509_STORE_CTX_get_current_cert(x509_ctx), 0);
errnum = X509_STORE_CTX_get_error(x509_ctx);
errdepth = X509_STORE_CTX_get_error_depth(x509_ctx);
ssl = (SSL *)X509_STORE_CTX_get_app_data(x509_ctx);
conn = (ssl_ConnectionObj *)SSL_get_app_data(ssl);
+ MY_END_ALLOW_THREADS(conn->tstate);
+ cert = crypto_X509_New(X509_STORE_CTX_get_current_cert(x509_ctx), 0);
+ MY_BEGIN_ALLOW_THREADS(conn->tstate);
+
argv = Py_BuildValue("(OOiii)", (PyObject *)conn, (PyObject *)cert,
errnum, errdepth, ok);
Py_DECREF(cert);
More information about the pyopenssl-users
mailing list