Skip to content

Commit 23e9e11

Browse files
committed
Fix for problem caused by SSL_WANT_READ or SSL_WANT_WRITE errors.
When SSL_WANT_READ or SSL_WANT_WRITE are encountered, it's typical to retry the call but this must be repeated with the exact same arguments. Without this change, openSSL requires that the address of the buffer passed is the same. However, buffers in python can change location in some circumstances which cause the retry to fail. By add the setting SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER, the requirement for the same buffer address is forgiven and the retry has a better chance of success. See cherrypy/cheroot#245 for discussion.
1 parent 482b95e commit 23e9e11

File tree

4 files changed

+23
-4
lines changed

4 files changed

+23
-4
lines changed

CHANGELOG.rst

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,23 @@ Changelog
44
Versions are year-based with a strict backward-compatibility policy.
55
The third digit is only for regressions.
66

7+
24.1.0 (UNRELEASED)
8+
-------------------
9+
10+
Backward-incompatible changes:
11+
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
12+
13+
- ``pyOpenSSL`` now sets ``SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER`` by default, matching CPython's behavior. `#1287 <https://github.com/pyca/pyopenssl/pull/1287>`_.
14+
- The minimum ``cryptography`` version is now 42.0.0.
15+
16+
Deprecations:
17+
^^^^^^^^^^^^^
18+
19+
Changes:
20+
^^^^^^^^
21+
22+
23+
724
24.0.0 (2024-01-22)
825
-------------------
926

setup.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -93,7 +93,7 @@ def find_meta(meta):
9393
packages=find_packages(where="src"),
9494
package_dir={"": "src"},
9595
install_requires=[
96-
"cryptography>=41.0.5,<43",
96+
"cryptography>=42.0.0,<43",
9797
],
9898
extras_require={
9999
"test": ["flaky", "pretend", "pytest>=3.0.1"],

src/OpenSSL/SSL.py

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -855,8 +855,10 @@ def __init__(self, method):
855855
self._ocsp_data = None
856856
self._cookie_generate_helper = None
857857
self._cookie_verify_helper = None
858-
859-
self.set_mode(_lib.SSL_MODE_ENABLE_PARTIAL_WRITE)
858+
self.set_mode(
859+
_lib.SSL_MODE_ENABLE_PARTIAL_WRITE
860+
| _lib.SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER
861+
)
860862
if version is not None:
861863
self.set_min_proto_version(version)
862864
self.set_max_proto_version(version)

tox.ini

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ extras =
1818
test
1919
deps =
2020
coverage>=4.2
21-
cryptographyMinimum: cryptography==41.0.5
21+
cryptographyMinimum: cryptography==42.0.0
2222
randomorder: pytest-randomly
2323
setenv =
2424
# Do not allow the executing environment to pollute the test environment

0 commit comments

Comments
 (0)