bpo-29406: asyncio SSL contexts leak sockets after calling close with certain servers#409
Conversation
|
Hello, and thanks for your contribution! I'm a bot set up to make sure that the project can legally accept your contribution by verifying you have signed the PSF contributor agreement (CLA). Unfortunately we couldn't find an account corresponding to your GitHub username on bugs.python.org (b.p.o) to verify you have signed the CLA. This is necessary for legal reasons before we can look at your contribution. Please follow these steps to help rectify the issue:
Thanks again to your contribution and we look forward to looking at it! |
|
@1st1 PR for http://bugs.python.org/issue29406 |
|
I actually signed CLA before I started to contribute to tulip/asyncio |
I think you need to go to the bugs.python.org and add your GH username to your profile. |
|
I dont remembre account that I used when signed cla. I just re-signed it |
|
Maybe you used OAuth? |
|
my bugs.python.org details page shows "Contributor Form Received: Yes" |
|
Did you list your GH account name in your account on bpo? |
|
yes |
|
@brettcannon something weird is going on here with @the-knights-who-say-ni bot. @fafhrd91 Can you rebase your PR against master branch? And then add "needs backport to 3.6" and 3.5 tags. |
|
rebased, but I can not add labels |
There was a problem hiding this comment.
I would rename this method to _on_shutdown_timeout.
There was a problem hiding this comment.
To make the code more clear I would set self._transport = None in _finalize and _fatal_error methods.
|
added simple unit tests |
|
@1st1 there was nothing weird going on; you didn't remove the "CLA not signed" to retrigger the bot to check for the new CLA signing. In the end the synchronizing of the PR triggered the bot again and picked up on the signing. |
There was a problem hiding this comment.
little nit: I'd add a newline before this if.
There was a problem hiding this comment.
Why is it 5 seconds? Is this some timeout value defined in some SSL RFC?
|
@fafhrd91 ping |
|
5 seconds just some number |
|
You may want to see #981 |
|
@fafhrd91 I honestly don't know. In my case (with the server/client described in my PR), |
|
@1st1 done |
|
wait |
|
@1st1 restored |
|
Can you add a NEWS entry? |
|
added |
unittests don't seem to pass :( |
There was a problem hiding this comment.
Should we also cleanup _shutdown_timeout_handle here?
There was a problem hiding this comment.
Should fatal_error just call finalize?
There was a problem hiding this comment.
I don't think that makes sense.
There was a problem hiding this comment.
added cleanup code for _shutdown_timeout_handle, it is possible to get here while handle still active
…e with certain servers (GH-409) (#2062) * bpo-29406: asyncio SSL contexts leak sockets after calling close with certain servers (#409) (cherry picked from commit a608d2d) * [3.6] bpo-29406: asyncio SSL contexts leak sockets after calling close with certain servers (GH-409) * asyncio SSL contexts leak sockets after calling close with certain servers * cleanup _shutdown_timeout_handle on _fatal_error. (cherry picked from commit a608d2d)
…e with certain servers (GH-409) (#2063) * bpo-29406: asyncio SSL contexts leak sockets after calling close with certain servers (#409) (cherry picked from commit a608d2d) * [3.5] bpo-29406: asyncio SSL contexts leak sockets after calling close with certain servers (GH-409) * asyncio SSL contexts leak sockets after calling close with certain servers * cleanup _shutdown_timeout_handle on _fatal_error. (cherry picked from commit a608d2d)
Bumps [aiohttp](https://github.com/aio-libs/aiohttp) from 3.6.2 to 3.7.2. - [Release notes](https://github.com/aio-libs/aiohttp/releases) - [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst) - [Commits](aio-libs/aiohttp@v3.6.2...v3.7.2) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Per supervisor 19:13:18Z artefact request + [arch_completeness_disclaimer] durable-falsifiable rule. Expands the existing c22b-mech audit comment in MakeDecref else-branch (around the c22b-mech _Py_Dealloc bridge call) into a full 16-site enumeration with per-site disposition. Inlines the 6 active-rewired sites (c22b-mech site 611 + c23 site 599 + c24 kRaiseAwaitableError + c25 kInitFrameCellVars + c26 kSetCurrentAwaiter SP-only + c27 kStoreArrayItem SP-only — the latter two with disposition C provisional tag) and the 10 dead/conditional sites with their gating #ifdef / version macros explained: - 3 sites #ifdef Py_GIL_DISABLED (DEAD in default GIL build) - 1 site #ifdef Py_TRACE_REFS (DEAD in default build) - 5 sites #if PY_VERSION_HEX < 0x030C0000 (DEAD in 3.12 target) - 1 site #elif defined(ENABLE_LIGHTWEIGHT_FRAMES) (build-option-gated) Originally enumerated chat-only at theologian 13:29:55Z + supervisor disposition; converted to in-tree artefact for cross-session durability (per pythia python#409 audit-class observation 19:12:39Z + supervisor 19:13:18Z). Re-port becomes mandatory if Phoenix adopts a build config matching any of the gates (free-threaded GIL, TRACE_REFS, pre-3.12 compat, or ENABLE_LIGHTWEIGHT_FRAMES). No prod codegen change — comment-only. Authorized by supervisor 19:13:18Z artefact-class request.
Some servers does not complete ssl shutdown procedure, which cause socket leak on asyncio side.