[pyOpenSSL] pyOpenSSL threading issues under Linux

Dan Williams dcbw at redhat.com
Tue Jul 12 20:28:13 CEST 2005 

On Tue, 2005-07-12 at 10:57 -0400, Dan Williams wrote:
> Hi,
> However, even with that patch, python falls over fairly quickly on
> multi-cpu boxes with segfaults, while single-cpu boxes work 90% of the
> time and segfault after a while.  Turning off SSL in the testcases
> results in success.  Debug builds of python fail fairly quickly using
> SSL under test cases with this message:
> 
> Fatal Python error: UNREF invalid object
> Abort
> 
> So I've thought of a number of things here:
> 
> 1) The pyOpenSSL locking patch I've applied isn't working correctly, or
> I've forgotten some bits
> 2) Maybe we need to grab python locks in the pyOpenSSL locking patch in
> addition to the local pthreads lock
> 3) Perhaps pyOpenSSL needs to lock calls into OpenSSL with python locks
> too
> 4) Incorrect reference counting in pyOpenSSL?
> 5) Incorrect reference counting in python itself?
> 
> I'd be very grateful if anyone has tips on how to debug this sort of
> thing, or has insights/ideas about threading, python, OpenSSL, and
> pyOpenSSL.  I'd be happy to provide more condensed testcases than just
> the CVSweb link above, if that would help.

In partial reply to myself, this patch seems to help somewhat, along
with the threading one earlier...  I'm not sure why though.


--- pyOpenSSL-0.6/src/ssl/context.c.threadsafe	2004-08-06 06:24:38.000000000 -0400
+++ pyOpenSSL-0.6/src/ssl/context.c	2005-07-12 13:34:41.000000000 -0400
@@ -117,12 +117,15 @@
     crypto_X509Obj *cert;
     int errnum, errdepth, c_ret;
 
-    cert = crypto_X509_New(X509_STORE_CTX_get_current_cert(x509_ctx), 0);
     errnum = X509_STORE_CTX_get_error(x509_ctx);
     errdepth = X509_STORE_CTX_get_error_depth(x509_ctx);
     ssl = (SSL *)X509_STORE_CTX_get_app_data(x509_ctx);
     conn = (ssl_ConnectionObj *)SSL_get_app_data(ssl);
 
+    MY_END_ALLOW_THREADS(conn->tstate);
+    cert = crypto_X509_New(X509_STORE_CTX_get_current_cert(x509_ctx), 0);
+    MY_BEGIN_ALLOW_THREADS(conn->tstate);
+
     argv = Py_BuildValue("(OOiii)", (PyObject *)conn, (PyObject *)cert,
                                     errnum, errdepth, ok);
     Py_DECREF(cert);

More information about the pyopenssl-users mailing list