gh-99813: Start using SSL_sendfile when available
#99907
Conversation
illia-v
changed the title
Start using SSL_sendfile when availableSSL_sendfile when available
Conflicts: Modules/clinic/_ssl.c.h
|
@gpshead could you please review this when you have a chance? |
|
I've recently pushed some changes after testing the new functionality manually by sending small and large files from Linux with the |
|
I'd appreciate it if this can make it in 3.13 |
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
| with client_context.wrap_socket(socket.socket(), | ||
| server_hostname=hostname) as s: | ||
| s.connect((HOST, server.port)) | ||
| # kTLS seems to work only with a connection created before |
There was a problem hiding this comment.
Can you check whether it "seems" to work or not? (for a personal project I would accept this but I'm interested in knowing whether this is an issue with Python SSL or OpenSSL)
There was a problem hiding this comment.
Okay, I'll post more details about this soon
There was a problem hiding this comment.
I can reproduce the same issue with C code using OpenSSL (without Python). Please check my findings here. I mentioned a possible patch, let me know if we can apply it or there can be undesirable consequences.
FYI, ssl.OP_ENABLE_KTLS to enable kTLS has been available since Python 3.12 (and it could be added to options as a simple integer even before). And the issue is not specific to SSL_sendfile, it affects kTLS availability for simple reads and writes.
I added my reproducer to an existing OpenSSL issue openssl/openssl#19676 (comment).
Misc/NEWS.d/next/Library/2023-03-13-22-51-40.gh-issue-99813.40TV02.rst
Outdated
Show resolved
Hide resolved
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
|
@picnixz OpenSSL provides |
| } | ||
| else if (sockstate == SOCKET_HAS_BEEN_CLOSED) { | ||
| PyErr_SetString(get_state_sock(self)->PySSLErrorObject, | ||
| "Underlying socket has been closed."); |
There was a problem hiding this comment.
Just checking this:
- if the error message already exists, use the same text (namely capitalized text ending with a period)
- if not, try to see if error messages are using periods or not and/or are capitalized and pick the one that is the most common
There was a problem hiding this comment.
The exact error message exists in four other places in the file
There was a problem hiding this comment.
Regarding the message "The sendfile operation timed out" above without the period, it's siblings don't end with a period too:
- "The handshake operation timed out"
- "The write operation timed out"
- "The read operation timed out"
SSL_sendfile()from OpenSSL 3.0 inSSLSocket.sendfilewhen available. #99813New
_ssl__SSLSocket_sendfile_implfunction is very similar to_ssl__SSLSocket_write_implwith a few adjustments for theSSL_sendfilesyscall.I am glad there was non-SSL
socket.socket.sendfileand underlyingsocket.socket._sendfile_use_sendfileimplemented. I reused that code for newssl.SSLSocket._sendfile_use_ssl_sendfileby moving shared logic tosocket.socket._sendfile_zerocopy.And
test.test_ssl.ThreadedTests.test_sendfileneeded to have a socket bound before an SSL context wrapped it because this seemed to affect kTLS availability.