Align SSL adapters by removing bind()
#801
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #801 +/- ##
==========================================
- Coverage 77.69% 77.55% -0.14%
==========================================
Files 41 41
Lines 4672 4688 +16
Branches 544 542 -2
==========================================
+ Hits 3630 3636 +6
- Misses 900 909 +9
- Partials 142 143 +1 |
julianz-
force-pushed
the
remove_SSL_bind
branch
from
3624670 to
8322acf
Compare
julianz-
force-pushed
the
remove_SSL_bind
branch
3 times, most recently
from
df6669b to
5b5513d
Compare
julianz-
force-pushed
the
remove_SSL_bind
branch
2 times, most recently
from
8a4e5f7 to
3ec166a
Compare
julianz-
force-pushed
the
remove_SSL_bind
branch
10 times, most recently
from
01478b9 to
576d872
Compare
|
@webknjaz This PR is failing in some instances running |
Not sure. I've suspected race conditions in some places. I think I've also seen some of these happening under pytest because we turn warnings into errors in there. So when some cleanup is not deterministic, the destructors on things like sockets issue resource warnings that cascade further and perhaps even affect the control flow in such conditions. This is probably why Lines 55 to 58 in a475500 It would definitely need a dedicated PR but I'd rather focus on finishing this refactoring first. If you're worried about the 3.14 jobs — they all are marked as allowed to fail and fixing that would be a separate effort. Maybe, there's something in your #770 / #779 that will help eventually but right now, let's not bother and focus on the stable envs first. As a part of adding Python 3.14 support and figuring out the flakiness, we'll need to look at how to handle the ignored warnings. The reason these fail under Python 3.14 is that it seems like the warning messages changed slightly. They match what Python 3.13 emits and so are ignored in those jobs. This is probably a short-term workaround: https://github.com/cherrypy/cheroot/pull/780/files#diff-fb6a686182f16eb54af3c628f38593f347f68aba31de903983023c560288d7a1R65. That PR seems incomplete and abandoned but a few ideas in there give out some clues. |
julianz-
force-pushed
the
remove_SSL_bind
branch
2 times, most recently
from
7bc37f1 to
e4e706f
Compare
Interestingly, I am able to repro the error with 100% reliability on MacOS using Python v3.12. I notice that the test excludes MacOS with the builtin adapter for reasons that were not well explained in #225 apart from the fact that the test wouldn't pass! I am tempted to do a new PR and you can see for yourself. The fix is pretty simple. There's no reason to exclude MacOS anymore too. |
Looking forward! |
Relocated `SSLConnection` instantiation from `bind()` to `wrap()` to align with the adapter interface where `wrap()` is responsible for converting raw sockets to SSL connections. With this chenge `bind()` serves no purpose and so is deprecated. This change also fixes the pyOpenSSL adapter so that it doesn't prematurely wrap the raw socket, an issue in the old `bind()` implementation.
julianz-
force-pushed
the
remove_SSL_bind
branch
from
e4e706f to
3ac86f1
Compare
Align SSL adapters by removing `bind()`
2 participants
Relocated
SSLConnectioninstantiation frombind()towrap()to provide a uniform adapter interface, in whichwrap()is responsible for converting raw sockets to SSL connections. With this changebind()serves no purpose and so is deprecated. This change also fixes the pyOpenSSL adapter so that it doesn't prematurely wrap the raw socket, an issue in the oldbind()implementation.