Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

enabling SSL_MODE_AUTO_RETRY on SSL sockets #52469

Closed
pitrou opened this issue Mar 24, 2010 · 10 comments
Closed

enabling SSL_MODE_AUTO_RETRY on SSL sockets #52469

pitrou opened this issue Mar 24, 2010 · 10 comments
Labels
stdlib Python modules in the Lib dir type-bug An unexpected behavior, bug, or error

Comments

@pitrou
Copy link
Member

pitrou commented Mar 24, 2010

BPO 8222
Nosy @jcea, @pitrou, @vstinner, @giampaolo

Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

Show more details

GitHub fields:

assignee = None
closed_at = <Date 2010-03-26.19:39:29.467>
created_at = <Date 2010-03-24.16:33:19.838>
labels = ['type-bug', 'library']
title = 'enabling SSL_MODE_AUTO_RETRY on SSL sockets'
updated_at = <Date 2011-06-16.14:31:52.910>
user = 'https://github.com/pitrou'

bugs.python.org fields:

activity = <Date 2011-06-16.14:31:52.910>
actor = 'jcea'
assignee = 'none'
closed = True
closed_date = <Date 2010-03-26.19:39:29.467>
closer = 'pitrou'
components = ['Library (Lib)']
creation = <Date 2010-03-24.16:33:19.838>
creator = 'pitrou'
dependencies = []
files = []
hgrepos = []
issue_num = 8222
keywords = []
message_count = 10.0
messages = ['101640', '101648', '101649', '101651', '101734', '101758', '101759', '101760', '101764', '101771']
nosy_count = 5.0
nosy_names = ['jcea', 'janssen', 'pitrou', 'vstinner', 'giampaolo.rodola']
pr_nums = []
priority = 'normal'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'behavior'
url = 'https://bugs.python.org/issue8222'
versions = ['Python 2.6', 'Python 3.1', 'Python 2.7', 'Python 3.2']

@pitrou
Copy link
Member Author

pitrou commented Mar 24, 2010

In light of the recv() and recv_into() implementation change (bpo-3890), I think we should enable SSL_MODE_AUTO_RETRY for SSL sockets. It prevents blocking read() calls from getting SSL_ERROR_WANT_READ at all.
(previously, we would loop manually in recv() and recv_into(); letting
the C OpenSSL runtime do it for us is certainly more efficient)

See description in
http://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html:

« SSL_MODE_AUTO_RETRY

    Never bother the application with retries if the transport is
    blocking. If a renegotiation take place during normal operation,
    a SSL_read(3) or SSL_write(3) would return with -1 and indicate
    the need to retry with SSL_ERROR_WANT_READ. In a non-blocking
    environment applications must be prepared to handle incomplete
    read/write operations. In a blocking environment, applications
    are not always prepared to deal with read/write operations
    returning without success report. The flag SSL_MODE_AUTO_RETRY
    will cause read/write operations to only return after the
    handshake and successful completion. »

@pitrou pitrou added stdlib Python modules in the Lib dir type-bug An unexpected behavior, bug, or error labels Mar 24, 2010
@pitrou pitrou changed the title enabling SSL_ERROR_WANT_READ on SSL sockets enabling SSL_MODE_AUTO_RETRY on SSL sockets Mar 24, 2010
@giampaolo
Copy link
Contributor

By reading the doc it is not clear if we should activate this option only when dealing with blocking sockets.
What's the behavior with non blocking ones?
Does it result in a no-op or does it hang the applcation?

@pitrou
Copy link
Member Author

pitrou commented Mar 24, 2010

To me it looks clearly like a no-op ("Never bother the application with retries *if the transport is blocking*").

@giampaolo
Copy link
Contributor

Mmm you're right. Sorry.
I'm clearly too tired. =)

@janssen
Copy link
Mannequin

janssen mannequin commented Mar 25, 2010

Looks like a good idea.

@vstinner
Copy link
Member

See also issue bpo-8240 about SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER (ssl.SSLSocket.write may fail on non-blocking sockets).

@vstinner
Copy link
Member

letting the C OpenSSL runtime do it for us is certainly more efficient

+1 if it's more efficient ;-)

@vstinner
Copy link
Member

Would it be possible to add an option to disable SSL_MODE_AUTO_RETRY for a specific socket? Existing applications may rely on / prefer the current behaviour.

@pitrou
Copy link
Member Author

pitrou commented Mar 26, 2010

Would it be possible to add an option to disable SSL_MODE_AUTO_RETRY
for a specific socket? Existing applications may rely on / prefer the
current behaviour.

I don't think so, since recv() used to emulate that behaviour anyway.

@pitrou
Copy link
Member Author

pitrou commented Mar 26, 2010

Fixed in r79448 (trunk), r79449 (py3k), r79451 (2.6), r79453 (3.1).

@pitrou pitrou closed this as completed Mar 26, 2010
@ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
stdlib Python modules in the Lib dir type-bug An unexpected behavior, bug, or error
Projects
None yet
Development

No branches or pull requests

3 participants