From a61870e19602f54a0579dd83edf334ba00ad92f6 Mon Sep 17 00:00:00 2001
From: "Miss Islington (bot)"
 <31488909+miss-islington@users.noreply.github.com>
Date: Sat, 9 Jul 2022 09:33:15 -0700
Subject: [PATCH] gh-94637: Release GIL in SSLContext.set_default_verify_paths
 (GH-94658)

(cherry picked from commit 78307c7dc2352b6633138466debd4c10fae32970)

Co-authored-by: Christian Heimes <christian@python.org>
---
 .../Library/2022-07-07-15-46-55.gh-issue-94637.IYEiUM.rst   | 3 +++
 Modules/_ssl.c                                              | 6 +++++-
 2 files changed, 8 insertions(+), 1 deletion(-)
 create mode 100644 Misc/NEWS.d/next/Library/2022-07-07-15-46-55.gh-issue-94637.IYEiUM.rst

diff --git a/Misc/NEWS.d/next/Library/2022-07-07-15-46-55.gh-issue-94637.IYEiUM.rst b/Misc/NEWS.d/next/Library/2022-07-07-15-46-55.gh-issue-94637.IYEiUM.rst
new file mode 100644
index 00000000000..20cbbcd5088
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2022-07-07-15-46-55.gh-issue-94637.IYEiUM.rst
@@ -0,0 +1,3 @@
+:meth:`SSLContext.set_default_verify_paths` now releases the GIL around
+``SSL_CTX_set_default_verify_paths`` call. The function call performs I/O
+and CPU intensive work.
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 08596577086..6d5c0199b78 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -4305,7 +4305,11 @@ static PyObject *
 _ssl__SSLContext_set_default_verify_paths_impl(PySSLContext *self)
 /*[clinic end generated code: output=0bee74e6e09deaaa input=35f3408021463d74]*/
 {
-    if (!SSL_CTX_set_default_verify_paths(self->ctx)) {
+    int rc;
+    Py_BEGIN_ALLOW_THREADS
+    rc = SSL_CTX_set_default_verify_paths(self->ctx);
+    Py_END_ALLOW_THREADS
+    if (!rc) {
         _setSSLError(get_state_ctx(self), NULL, 0, __FILE__, __LINE__);
         return NULL;
     }
-- 
GitLab