Antoine Pitrou added the comment:
I don't think your patch is right:
- calling unwrap() already shuts down the SSL layer; this is the right way to
do it and is documented as such: "Performs the SSL shutdown handshake, which
removes the TLS layer from the underlying socket, and returns the underlying
socket object"
- shutdown() right now isn't blocking; if you add a call to SSL shutdown, it
can either block or fail with EAGAIN or similar, which is something people
won't expect
- close() should simply close the file descriptor, like on a regular socket (if
you call socket.close(), it won't shutdown the TCP connection, especially if
there's another file descriptor referencing the same connection)
As for Modules/_ssl.c, the case where SSL_shutdown() returns 0 is already
handled:
if (err == 0) {
/* Don't loop endlessly; instead preserve legacy
behaviour of trying SSL_shutdown() only twice.
This looks necessary for OpenSSL < 0.9.8m */
if (++zeros > 1)
break;
/* Shutdown was sent, now try receiving */
self->shutdown_seen_zero = 1;
continue;
}
... so I don't think anything more is necessary.
So I think things are fine right now and your patch shouldn't be applied.
----------
nosy: +pitrou
stage: -> patch review
versions: -Python 2.6, Python 3.1, Python 3.2, Python 3.5
_______________________________________
Python tracker <[email protected]>
<http://bugs.python.org/issue17672>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
