Commits

Anonymous committed d78b1a2

Add the SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER flag.

This disables a sanity check in openssl that can cause problems when
it is used in non-blocking mode and the GC causes the address of a
str object to change (https://bugs.pypy.org/issue1238).

Comments (0)

Files changed (2)

pypy/module/_ssl/interp_ssl.py

     libssl_SSL_CTX_set_verify(ss.ctx, verification_mode, None)
     ss.ssl = libssl_SSL_new(ss.ctx) # new ssl struct
     libssl_SSL_set_fd(ss.ssl, sock_fd) # set the socket for SSL
-    libssl_SSL_set_mode(ss.ssl, SSL_MODE_AUTO_RETRY)
+    # The ACCEPT_MOVING_WRITE_BUFFER flag is necessary because the address
+    # of a str object may be changed by the garbage collector.
+    libssl_SSL_set_mode(ss.ssl, 
+                        SSL_MODE_AUTO_RETRY | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)
 
     # If the socket is in non-blocking mode or timeout mode, set the BIO
     # to non-blocking mode (blocking is the default)

rpython/rlib/ropenssl.py

     SSL_RECEIVED_SHUTDOWN = rffi_platform.ConstantInteger(
         "SSL_RECEIVED_SHUTDOWN")
     SSL_MODE_AUTO_RETRY = rffi_platform.ConstantInteger("SSL_MODE_AUTO_RETRY")
+    SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER = rffi_platform.ConstantInteger("SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER")
 
     NID_subject_alt_name = rffi_platform.ConstantInteger("NID_subject_alt_name")
     GEN_DIRNAME = rffi_platform.ConstantInteger("GEN_DIRNAME")