Properly shut down the ssl connection in m2urllib2 (!188) · Merge requests · m2crypto / m2crypto

Marcus Hüwe requested to merge marcus-h/m2crypto:m2urllib2_ssl_conn_shutdown into master Feb 28, 2018

Without this change, the following code did not properly shut down the ssl connection:

opener = m2urllib2.build_opener()
f = opener.open(<url>)
f.close()

That is, f.close() did not result in a shut down of the ssl connection. The reason for this depends on the python version:

python2: The SSL.Connection.makefile(...) returns a socket._fileobject instance, which was instantiated with close=False. Hence, calling close() on the socket._fileobject instance does not yield to a close() of the wrapped ssl connection.
python3: In m2urllib2.HTTPSHandler.https_open, the httplib.HTTPResponse instance was wrapped in a socket.SocketIO instance, but its _decref_socketios function was a NOP. Hence, calling close() on the socket.SocketIO instance does not yield to a close() of the wrapped http response, which would eventually result in a shut down of the ssl connection.

In order to fix this, we introduce the m2urllib2.RefCountingSSLConnection class and the m2urllib2._makefile function. Moreover, we adapt the httpslib.HTTPSConnection class to support a custom ssl connection class.

Additionally, this fixes the sock leak that was documented in the tests.Urllib2SSLClientTestCase.test_urllib2_leak testcase (now, renamed to test_urllib2_no_sock_leak).

Fixes: https://github.com/openSUSE/osc/issues/384 ("Not closing the SSL connection causes osc to hang in libcrypto")

Edited Nov 20, 2020 by Matěj Cepl

Admin message

Properly shut down the ssl connection in m2urllib2

Merge request reports