[pypy-commit] pypy release-2.1.x: Add the SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER flag.
Ben Darnell
noreply at buildbot.pypy.org
Wed Jul 17 14:25:57 CEST 2013
Author: Ben Darnell <ben at bendarnell.com>
Branch: release-2.1.x
Changeset: r65433:94f8ef1a69a0
Date: 2013-07-13 10:32 -0400
http://bitbucket.org/pypy/pypy/changeset/94f8ef1a69a0/
Log: Add the SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER flag.
This disables a sanity check in openssl that can cause problems when
it is used in non-blocking mode and the GC causes the address of a
str object to change (https://bugs.pypy.org/issue1238).
diff --git a/pypy/module/_ssl/interp_ssl.py b/pypy/module/_ssl/interp_ssl.py
--- a/pypy/module/_ssl/interp_ssl.py
+++ b/pypy/module/_ssl/interp_ssl.py
@@ -722,7 +722,10 @@
libssl_SSL_CTX_set_verify(ss.ctx, verification_mode, None)
ss.ssl = libssl_SSL_new(ss.ctx) # new ssl struct
libssl_SSL_set_fd(ss.ssl, sock_fd) # set the socket for SSL
- libssl_SSL_set_mode(ss.ssl, SSL_MODE_AUTO_RETRY)
+ # The ACCEPT_MOVING_WRITE_BUFFER flag is necessary because the address
+ # of a str object may be changed by the garbage collector.
+ libssl_SSL_set_mode(ss.ssl,
+ SSL_MODE_AUTO_RETRY | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)
# If the socket is in non-blocking mode or timeout mode, set the BIO
# to non-blocking mode (blocking is the default)
diff --git a/rpython/rlib/ropenssl.py b/rpython/rlib/ropenssl.py
--- a/rpython/rlib/ropenssl.py
+++ b/rpython/rlib/ropenssl.py
@@ -93,6 +93,7 @@
SSL_RECEIVED_SHUTDOWN = rffi_platform.ConstantInteger(
"SSL_RECEIVED_SHUTDOWN")
SSL_MODE_AUTO_RETRY = rffi_platform.ConstantInteger("SSL_MODE_AUTO_RETRY")
+ SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER = rffi_platform.ConstantInteger("SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER")
NID_subject_alt_name = rffi_platform.ConstantInteger("NID_subject_alt_name")
GEN_DIRNAME = rffi_platform.ConstantInteger("GEN_DIRNAME")
More information about the pypy-commit
mailing list