Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add thread-safety clarifications to the SSLContext documentation #118596

Closed
mm-matthias opened this issue May 5, 2024 · 2 comments
Closed

Add thread-safety clarifications to the SSLContext documentation #118596

mm-matthias opened this issue May 5, 2024 · 2 comments
Assignees
@gpshead
Labels
docs Documentation in the Doc dir

Comments

@mm-matthias
Copy link
Contributor

mm-matthias commented May 5, 2024
edited by bedevere-app bot
Loading

Documentation

Currently there is no documentation that tells anything about whether SSLContext is thread-safe or not and how it can be shared between different connections. Knowing how to share the SSLContext between different threads and connections is important for example to solve problems like this.
This issue has also come up here where the matter was clarified by @tiran in this comment:

SSLContext is designed to be shared and used for multiple connections. It is thread safe as long as you don't reconfigure it once it is used by a connection. Adding new certs to the internal trust store is fine, but changing ciphers, verification settings, or mTLS certs can lead to surprising behavior. The problem is unrelated to threads and can even occur in a single-threaded program.

I have reworked this statement into a PR so that it's generally available for future reference.

Linked PRs
@mm-matthias mm-matthias added the docs Documentation in the Doc dir label May 5, 2024
@mm-matthias mm-matthias mentioned this issue May 5, 2024
Merged
@nineteendo
Copy link
Contributor

In 3 days, ask someone to review your pull request here: https://discuss.python.org/c/core-dev/23

gpshead pushed a commit that referenced this issue Jun 16, 2024
@mm-matthias
gh-118596: Add thread-safety clarifications to the SSLContext documen…
4f59f86 
…tation (#118597)

Add thread-safety clarifications to the SSLContext documentation. Per the issue:

This issue has also come up [here](psf/requests#6667) where the matter was clarified by @tiran in [this comment](psf/requests#6667):
> `SSLContext` is designed to be shared and used for multiple connections. It is thread safe as long as you don't reconfigure it once it is used by a connection. Adding new certs to the internal trust store is fine, but changing ciphers, verification settings, or mTLS certs can lead to surprising behavior. The problem is unrelated to threads and can even occur in a single-threaded program.
miss-islington pushed a commit to miss-islington/cpython that referenced this issue Jun 16, 2024
@mm-matthias @miss-islington
pythongh-118596: Add thread-safety clarifications to the SSLContext d…
07ba4c4 
…ocumentation (pythonGH-118597)

Add thread-safety clarifications to the SSLContext documentation. Per the issue:

This issue has also come up [here](psf/requests#6667) where the matter was clarified by @tiran in [this comment](psf/requests#6667):
> `SSLContext` is designed to be shared and used for multiple connections. It is thread safe as long as you don't reconfigure it once it is used by a connection. Adding new certs to the internal trust store is fine, but changing ciphers, verification settings, or mTLS certs can lead to surprising behavior. The problem is unrelated to threads and can even occur in a single-threaded program.
(cherry picked from commit 4f59f86)

Co-authored-by: mm-matthias <[email protected]>
@bedevere-app bedevere-app bot mentioned this issue Jun 16, 2024
Merged
miss-islington pushed a commit to miss-islington/cpython that referenced this issue Jun 16, 2024
@mm-matthias @miss-islington
pythongh-118596: Add thread-safety clarifications to the SSLContext d…
6d850ae 
…ocumentation (pythonGH-118597)

Add thread-safety clarifications to the SSLContext documentation. Per the issue:

This issue has also come up [here](psf/requests#6667) where the matter was clarified by @tiran in [this comment](psf/requests#6667):
> `SSLContext` is designed to be shared and used for multiple connections. It is thread safe as long as you don't reconfigure it once it is used by a connection. Adding new certs to the internal trust store is fine, but changing ciphers, verification settings, or mTLS certs can lead to surprising behavior. The problem is unrelated to threads and can even occur in a single-threaded program.
(cherry picked from commit 4f59f86)

Co-authored-by: mm-matthias <[email protected]>
@bedevere-app bedevere-app bot mentioned this issue Jun 16, 2024
Merged
@gpshead
Copy link
Member

gpshead commented Jun 16, 2024

thanks!

@gpshead gpshead closed this as completed Jun 16, 2024
@gpshead gpshead self-assigned this Jun 16, 2024
gpshead pushed a commit that referenced this issue Jun 16, 2024
@miss-islington @mm-matthias
[3.12] gh-118596: Add thread-safety clarifications to the SSLContext …
7abfc92 
…documentation (GH-118597) (#120596)

gh-118596: Add thread-safety clarifications to the SSLContext documentation (GH-118597)

Add thread-safety clarifications to the SSLContext documentation. Per the issue:

This issue has also come up [here](psf/requests#6667) where the matter was clarified by @tiran in [this comment](psf/requests#6667):
> `SSLContext` is designed to be shared and used for multiple connections. It is thread safe as long as you don't reconfigure it once it is used by a connection. Adding new certs to the internal trust store is fine, but changing ciphers, verification settings, or mTLS certs can lead to surprising behavior. The problem is unrelated to threads and can even occur in a single-threaded program.
(cherry picked from commit 4f59f86)

Co-authored-by: mm-matthias <[email protected]>
gpshead pushed a commit that referenced this issue Jun 16, 2024
@miss-islington @mm-matthias
[3.13] gh-118596: Add thread-safety clarifications to the SSLContext …
7655989 
…documentation (GH-118597) (#120595)

gh-118596: Add thread-safety clarifications to the SSLContext documentation (GH-118597)

Add thread-safety clarifications to the SSLContext documentation. Per the issue:

This issue has also come up [here](psf/requests#6667) where the matter was clarified by @tiran in [this comment](psf/requests#6667):
> `SSLContext` is designed to be shared and used for multiple connections. It is thread safe as long as you don't reconfigure it once it is used by a connection. Adding new certs to the internal trust store is fine, but changing ciphers, verification settings, or mTLS certs can lead to surprising behavior. The problem is unrelated to threads and can even occur in a single-threaded program.
(cherry picked from commit 4f59f86)

Co-authored-by: mm-matthias <[email protected]>
mrahtz pushed a commit to mrahtz/cpython that referenced this issue Jun 30, 2024
@mm-matthias @mrahtz
pythongh-118596: Add thread-safety clarifications to the SSLContext d…
af63073 
…ocumentation (python#118597)

Add thread-safety clarifications to the SSLContext documentation. Per the issue:

This issue has also come up [here](psf/requests#6667) where the matter was clarified by @tiran in [this comment](psf/requests#6667):
> `SSLContext` is designed to be shared and used for multiple connections. It is thread safe as long as you don't reconfigure it once it is used by a connection. Adding new certs to the internal trust store is fine, but changing ciphers, verification settings, or mTLS certs can lead to surprising behavior. The problem is unrelated to threads and can even occur in a single-threaded program.
noahbkim pushed a commit to hudson-trading/cpython that referenced this issue Jul 11, 2024
@mm-matthias @noahbkim
pythongh-118596: Add thread-safety clarifications to the SSLContext d…
8d8ed7f 
…ocumentation (python#118597)

Add thread-safety clarifications to the SSLContext documentation. Per the issue:

This issue has also come up [here](psf/requests#6667) where the matter was clarified by @tiran in [this comment](psf/requests#6667):
> `SSLContext` is designed to be shared and used for multiple connections. It is thread safe as long as you don't reconfigure it once it is used by a connection. Adding new certs to the internal trust store is fine, but changing ciphers, verification settings, or mTLS certs can lead to surprising behavior. The problem is unrelated to threads and can even occur in a single-threaded program.
estyxx pushed a commit to estyxx/cpython that referenced this issue Jul 17, 2024
@mm-matthias @estyxx
pythongh-118596: Add thread-safety clarifications to the SSLContext d…
4ec7d8c 
…ocumentation (python#118597)

Add thread-safety clarifications to the SSLContext documentation. Per the issue:

This issue has also come up [here](psf/requests#6667) where the matter was clarified by @tiran in [this comment](psf/requests#6667):
> `SSLContext` is designed to be shared and used for multiple connections. It is thread safe as long as you don't reconfigure it once it is used by a connection. Adding new certs to the internal trust store is fine, but changing ciphers, verification settings, or mTLS certs can lead to surprising behavior. The problem is unrelated to threads and can even occur in a single-threaded program.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gpshead gpshead

Labels
docs Documentation in the Doc dir
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gpshead @mm-matthias @nineteendo