From: Christian Heimes Date: Tue, 29 Oct 2013 20:11:55 +0000 (+0100) Subject: Issue #19227 / Issue #18747: Remove pthread_atfork() handler to remove OpenSSL re... X-Git-Tag: v3.4.0b1~481 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ee0bac66b2f388e2d685fa5eee2f7a4ea3910186;p=thirdparty%2FPython%2Fcpython.git Issue #19227 / Issue #18747: Remove pthread_atfork() handler to remove OpenSSL re-seeding It is causing trouble like e.g. hanging processes. --- ee0bac66b2f388e2d685fa5eee2f7a4ea3910186 diff --cc Doc/library/ssl.rst index e86da5fc2917,a12ce5b44369..e6f164d06204 --- a/Doc/library/ssl.rst +++ b/Doc/library/ssl.rst @@@ -26,9 -26,16 +26,17 @@@ probably additional platforms, as long Some behavior may be platform dependent, since calls are made to the operating system socket APIs. The installed version of OpenSSL may also - cause variations in behavior. + cause variations in behavior. For example, TLSv1.1 and TLSv1.2 come with + openssl version 1.0.1. + .. warning:: + + OpenSSL's internal random number generator does not properly handle fork. + Applications must change the PRNG state of the parent process if they use + any SSL feature with with :func:`os.fork`. Any successful call of + :func:`~ssl.RAND_add`, :func:`~ssl.RAND_bytes` or + :func:`~ssl.RAND_pseudo_bytes` is sufficient. + This section documents the objects and functions in the ``ssl`` module; for more general information about TLS, SSL, and certificates, the reader is referred to the documents in the "See Also" section at the bottom. diff --cc Misc/NEWS index 55403e9efdfe,e83016719309..cefc0edc3a3c --- a/Misc/NEWS +++ b/Misc/NEWS @@@ -28,10 -92,9 +28,13 @@@ Core and Builtin Library ------- -- Issue #19395: Raise an exception when attempting to pickle a bz2 or lzma - compressor/decompressor object, rather than creating a pickle that would - cause a segfault when loaded and used. ++- Issue #19227: Remove pthread_atfork() handler. The handler was added to ++ solve #18747 but has caused issues. ++ +- Issue #19420: Fix reference leak in module initalization code of + _hashopenssl.c + +- Issue #19329: Optimized compiling charsets in regular expressions. - Issue #19227: Try to fix deadlocks caused by re-seeding then OpenSSL pseudo-random number generator on fork().