Issue 8222: enabling SSL_MODE_AUTO_RETRY on SSL sockets (original) (raw)

This issue has been migrated to GitHub: https://github.com/python/cpython/issues/52469

classification

process

Created on 2010-03-24 16:33 by pitrou, last changed 2022-04-11 14:56 by admin. This issue is now closed.

Messages (10)
msg101640 - (view)	Author: Antoine Pitrou (pitrou) *	Date: 2010-03-24 16:33
In light of the recv() and recv_into() implementation change (), I think we should enable SSL_MODE_AUTO_RETRY for SSL sockets. It prevents blocking read() calls from getting SSL_ERROR_WANT_READ at all. (previously, we would loop manually in recv() and recv_into(); letting the C OpenSSL runtime do it for us is certainly more efficient) See description in http://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html: « SSL_MODE_AUTO_RETRY Never bother the application with retries if the transport is blocking. If a renegotiation take place during normal operation, a SSL_read(3) or SSL_write(3) would return with -1 and indicate the need to retry with SSL_ERROR_WANT_READ. In a non-blocking environment applications must be prepared to handle incomplete read/write operations. In a blocking environment, applications are not always prepared to deal with read/write operations returning without success report. The flag SSL_MODE_AUTO_RETRY will cause read/write operations to only return after the handshake and successful completion. »
msg101648 - (view)	Author: Giampaolo Rodola' (giampaolo.rodola) *	Date: 2010-03-24 19:05
By reading the doc it is not clear if we should activate this option only when dealing with blocking sockets. What's the behavior with non blocking ones? Does it result in a no-op or does it hang the applcation?
msg101649 - (view)	Author: Antoine Pitrou (pitrou) *	Date: 2010-03-24 19:08
To me it looks clearly like a no-op ("Never bother the application with retries *if the transport is blocking*").
msg101651 - (view)	Author: Giampaolo Rodola' (giampaolo.rodola) *	Date: 2010-03-24 19:11
Mmm you're right. Sorry. I'm clearly too tired. =)
msg101734 - (view)	Author: Bill Janssen (janssen) *	Date: 2010-03-25 22:11
Looks like a good idea.
msg101758 - (view)	Author: STINNER Victor (vstinner) *	Date: 2010-03-26 17:48
See also issue #8240 about SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER (ssl.SSLSocket.write may fail on non-blocking sockets).
msg101759 - (view)	Author: STINNER Victor (vstinner) *	Date: 2010-03-26 17:49
> letting the C OpenSSL runtime do it for us is certainly more efficient +1 if it's more efficient ;-)
msg101760 - (view)	Author: STINNER Victor (vstinner) *	Date: 2010-03-26 17:51
Would it be possible to add an option to disable SSL_MODE_AUTO_RETRY for a specific socket? Existing applications may rely on / prefer the current behaviour.
msg101764 - (view)	Author: Antoine Pitrou (pitrou) *	Date: 2010-03-26 18:28
> Would it be possible to add an option to disable SSL_MODE_AUTO_RETRY > for a specific socket? Existing applications may rely on / prefer the > current behaviour. I don't think so, since recv() used to emulate that behaviour anyway.
msg101771 - (view)	Author: Antoine Pitrou (pitrou) *	Date: 2010-03-26 19:39
Fixed in r79448 (trunk), r79449 (py3k), r79451 (2.6), r79453 (3.1).