-
-
Notifications
You must be signed in to change notification settings - Fork 30.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
gh-124984: Fix ssl
thread safety
#124993
gh-124984: Fix ssl
thread safety
#124993
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, that's a lot of locks.
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
Merged, thank you! I replaced "Fix" with "Enhance" in the commit message: "Enhance ssl thread safety" :-) |
Remaining question: should we backport this enhancement (bugfix?) to Python 3.13? |
Yeah, I had the same thought. I'll leave that decision to @Yhg1s |
Without this change, the |
I think that fixing the SSL module crash in the 3.13 free threading build is important -- lots of basic tasks around HTTP requests are likely to crash without it. I don't think "lines of code changed" is a good measure of the complexity here -- the If backporting this PR is a nonstarter than we should consider a smaller, more targeted change that only adds |
Also, thank you @ZeroIntensity for fixing this bug and @vstinner, @corona10, and everyone else that reviewed the PR. |
Thanks @ZeroIntensity for the PR, and @vstinner for merging it 🌮🎉.. I'm working now to backport this PR to: 3.13. |
Sorry, @ZeroIntensity and @vstinner, I could not cleanly backport this to
|
@ZeroIntensity: Automated backport failed. Would you mind to backport the change manually? With a backport, it might be easier to take a decision on fixing 3.13 or not. |
Yeah, I can do it later today. |
GH-125780 is a backport of this pull request to the 3.13 branch. |
Make SSL objects thread safe in Free Theaded build by using critical sections. (cherry picked from commit 4c53b25) Co-authored-by: Peter Bierma <zintensitydev@gmail.com> Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
@Yhg1s: Are you still against the backport to 3.13 after @colesbury's comment? |
I'm okay with a backport of just the @critical_section changes (since those expand to nothing in the normal build, and the free-threaded build is experimental anyway). It's the larger refactorings that worry me. |
Other changes are tests and changes to use the code declared with |
There isn't any other refactoring going on here, I just had to switch the getters and setters over to AC for the critical section. Another issue is that not backporting this to 3.13 will also hurt any automatic backports for |
Make SSL objects thread safe in Free Theaded build by using critical sections. (cherry picked from commit 4c53b25) Co-authored-by: Peter Bierma <zintensitydev@gmail.com> Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
As it turns out, OpenSSL doesn't like being called in multiple threads. This adds a per-socket (and per-context and per-session) lock for all OpenSSL calls.
requests
#124984