[PYTHON-CRYPTO] Memoryleak in SSL.Connection

Ng Pheng Siong ngps at POST1.COM
Thu Apr 15 02:48:04 CEST 2004

On Wed, Apr 14, 2004 at 11:21:17AM +0200, Andre Reitz wrote:
>  calling
>  before destructor __del__ comes
>  stops my multi-threaded server from hanging.
>  if I do not call
>  the complete server sometimes hangs in
>    m2.bio_free(self.sslbio)  of Connection.__del__
> Why?
>   does bio_free still want to communicate with the client?
>   (which is already disconnected?)

M2Crypto's bio_free calls OpenSSL API BIO_free calls OpenSSL internal
ssl_free calls OpenSSL API SSL_shutdown and others.

SSL_shutdown tears down the SSL connection, including handling the closure
alert messages I mentioned in the earlier post.

The statement set_shutdown(...) tells OpenSSL to not send nor wait for the
closure alerts.

The alerts are actually a security feature that defends against *truncation

I've been thinking of creating, say, classes SSL.SContext and
SSL.SConnection that presents a simpler API, with more defaults and fewer

OTOH, I'm reluctant to hide any security feature that inconveniences the
app programmer under the hood because I think that's saying, "Trust me,
I've figured this out and have decided for you what you need to know."

Trust me you can ;-) but decide for yourself you should.

What does the list think?

Ng Pheng Siong <ngps at netmemetic.com>

http://firewall.rulemaker.net -+- Firewall Change Management & Version Control
http://sandbox.rulemaker.net/ngps -+- ZServerSSL/Zope Windows Installers

More information about the python-crypto mailing list