[PYTHON-CRYPTO] Memoryleak in SSL.Connection

Andre Reitz reitz at INWORKS.DE
Mon Apr 5 23:08:07 CEST 2004


On Mon, 5 Apr 2004 22:36:37 +0800
Ng Pheng Siong <ngps at POST1.COM> wrote:

> On Thu, Apr 01, 2004 at 11:25:53PM +0200, Andre Reitz wrote:
> > I am pretty sure, that since the Connection object
> > gets garbage collected (and the __del__ method gets called)
> > the server sometimes hangs completely.
> > [...]
> > IN OTHER WORDS:
> > Is it possible that:
> >    m2.bio_free(self.sslbio)
> >    m2.bio_free(self.sockbio)
> > or self.socket.close()
> > may hang if the client does not finish the connection completely?
>
> Perhaps the server is waiting for SSL connection-close alerts, and
> OpenSSL isn't allowing the session to be harvested?
>
> E.g., running echo.py, see the ALERTs at the end:
>
>   INFO: SSL connect: SSL negotiation finished successfully
>   Host = vista.netmemetic.com
>   Cipher = DHE-RSA-AES256-SHA
>   Server = /C=SG/O=M2Crypto/CN=localhost/emailAddress=admin at server.example.dom
>   ALERT: read: warning: close notify
>   ALERT: write: warning: close notify
>
> Before your server calls self.socket.close(), try calling this:
>
>   self.socket.set_shutdown(SSL.SSL_SENT_SHUTDOWN|SSL.SSL_RECEIVED_SHUTDOWN)
>
Ok I will try it...

> This says to set the SSL 'shutdown' state to "sent shutdown" and "received
> shutdown". The precise behaviour is described in the TLS RFC.
>
> Are your clients in Python?
>
yes. but the clients dont use M2Crypto.
They use socket.ssl from the standard distribution.


Greetings, Andre'

>
> --
> Ng Pheng Siong <ngps at netmemetic.com>
>
> http://firewall.rulemaker.net -+- Firewall Change Management & Version Control
> http://sandbox.rulemaker.net/ngps -+- Open Source Python Crypto & SSL




More information about the python-crypto mailing list