Issue #8222: Enable the SSL_MODE_AUTO_RETRY flag on SSL sockets, so that blocking

reads and writes are always retried by OpenSSL itself.

(this is a followup to issue #3890)

diff --git a/Misc/NEWS b/Misc/NEWS
index 15807689d4c0aa70b7d0b64a0183ea681f645de6..581ee9a0d5d6b4a302a27ad0ce841c97e76f6d1b 100644 (file)
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -59,7 +59,9 @@ Library
 - Issue #8200: logging: Handle errors when multiprocessing is not
   fully loaded when logging occurs.
 
-- Issue #3890: Fix recv() and recv_into() on non-blocking SSL sockets.
+- Issue #3890, #8222: Fix recv() and recv_into() on non-blocking SSL sockets.
+  Also, enable the SSL_MODE_AUTO_RETRY flag on SSL sockets, so that blocking
+  reads and writes are always retried by OpenSSL itself.
 
 - Issue #8179: Fix macpath.realpath() on a non-existing path.
 

diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index f5f9ebaeb1b4226b7692f9a6cda333c1904a508d..52fdf0ffd32ece776524c94c9d11f984e84b7fc9 100644 (file)
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -9,8 +9,6 @@
    directly.
 
    XXX should partial writes be enabled, SSL_MODE_ENABLE_PARTIAL_WRITE?
-
-   XXX what about SSL_MODE_AUTO_RETRY?
 */
 
 #include "Python.h"
@@ -370,6 +368,7 @@ newPySSLObject(PySocketSockObject *Sock, char *key_file, char *cert_file,
        self->ssl = SSL_new(self->ctx); /* New ssl struct */
        PySSL_END_ALLOW_THREADS
        SSL_set_fd(self->ssl, Sock->sock_fd);   /* Set the socket for SSL */
+       SSL_set_mode(self->ssl, SSL_MODE_AUTO_RETRY);
 
        /* If the socket is in non-blocking mode or timeout mode, set the BIO
         * to non-blocking mode (blocking is the default)