Skip to content

gh-137583: Only lock the SSL context, not the SSL socket #137588

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 16 commits into from
Aug 10, 2025
+60 −19
Merged

gh-137583: Only lock the SSL context, not the SSL socket #137588

Changes from 1 commit
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
0a070e2
Only lock the SSL context, not the SSL socket.
ZeroIntensity Aug 9, 2025
42a0351
Fix the test.
ZeroIntensity Aug 9, 2025
c776679
Fix race conditions in the test case.
ZeroIntensity Aug 9, 2025
90d93c3
I now realize that approach was bad.
ZeroIntensity Aug 9, 2025
7ea2613
Some other fixups.
ZeroIntensity Aug 9, 2025
5ff4efc
I give up.
ZeroIntensity Aug 9, 2025
cf630d7
Stupid workaround.
ZeroIntensity Aug 9, 2025
f3ec86c
Add blurb.
ZeroIntensity Aug 9, 2025
12a68a5
Fix blurb.
ZeroIntensity Aug 9, 2025
d45f6a8
Supposedly this *actually* fixes the blurb.
ZeroIntensity Aug 9, 2025
6799b03
Avoid Sphinx references for the blurb.
ZeroIntensity Aug 9, 2025
38e29f9
Fix race condition in the test case (for real this time).
ZeroIntensity Aug 9, 2025
64f7480
Fix the blurb (hopefully for the last time).
ZeroIntensity Aug 9, 2025
6da074e
Fix the Windows buildbots.
ZeroIntensity Aug 9, 2025
bb99322
Blurb fixup.
ZeroIntensity Aug 10, 2025
36a4d66
Ugh.
ZeroIntensity Aug 10, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Avoid Sphinx references for the blurb.
  • Loading branch information
@ZeroIntensity
ZeroIntensity committed Aug 9, 2025
commit 6799b03c4876b796b38ae09cc4beb7014d04e35c
4 changes: 2 additions & 2 deletions Misc/NEWS.d/next/Library/2025-08-09-08-53-32.gh-issue-137583.s6OZud.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
Fix a deadlock introduced in the :mod:`ssl` module when a call to
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

mention the specific Python 3.13 version the deadlock was introduced in.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(and 3.14.0rc1)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The backport didn't make it to 3.14, so it's fine there. Only 3.13.6 is affected.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

:meth:`ssl.SSLSocket.recv` was blocked in one thread, while another
attempted to call :meth:`ssl.SSLSocket.send` to unblock it in another
``recv()`` was blocked in one thread, while another
attempted to call ``send()`` to unblock it in another
thread.
Copy link

@aaugustin aaugustin Aug 10, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd simplify this as follows:

Fix a regression in 3.13.6 when a call to
:meth:`ssl.SSLSocket.recv <socket.socket.recv>` in a thread would block calling
:meth:`ssl.SSLSocket.send <socket.socket.send>` in another thread.

Indeed, the problem happens even without a dependency between recv and send.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we even need to mention send at all. If recv was blocked, it's not possible to access most methods on an SSLSocket, because they'll also try to acquire that same lock.

Loading