From a61870e19602f54a0579dd83edf334ba00ad92f6 Mon Sep 17 00:00:00 2001 From: "Miss Islington (bot)" <31488909+miss-islington@users.noreply.github.com> Date: Sat, 9 Jul 2022 09:33:15 -0700 Subject: [PATCH] gh-94637: Release GIL in SSLContext.set_default_verify_paths (GH-94658) (cherry picked from commit 78307c7dc2352b6633138466debd4c10fae32970) Co-authored-by: Christian Heimes <christian@python.org> --- .../Library/2022-07-07-15-46-55.gh-issue-94637.IYEiUM.rst | 3 +++ Modules/_ssl.c | 6 +++++- 2 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 Misc/NEWS.d/next/Library/2022-07-07-15-46-55.gh-issue-94637.IYEiUM.rst diff --git a/Misc/NEWS.d/next/Library/2022-07-07-15-46-55.gh-issue-94637.IYEiUM.rst b/Misc/NEWS.d/next/Library/2022-07-07-15-46-55.gh-issue-94637.IYEiUM.rst new file mode 100644 index 00000000000..20cbbcd5088 --- /dev/null +++ b/Misc/NEWS.d/next/Library/2022-07-07-15-46-55.gh-issue-94637.IYEiUM.rst @@ -0,0 +1,3 @@ +:meth:`SSLContext.set_default_verify_paths` now releases the GIL around +``SSL_CTX_set_default_verify_paths`` call. The function call performs I/O +and CPU intensive work. diff --git a/Modules/_ssl.c b/Modules/_ssl.c index 08596577086..6d5c0199b78 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -4305,7 +4305,11 @@ static PyObject * _ssl__SSLContext_set_default_verify_paths_impl(PySSLContext *self) /*[clinic end generated code: output=0bee74e6e09deaaa input=35f3408021463d74]*/ { - if (!SSL_CTX_set_default_verify_paths(self->ctx)) { + int rc; + Py_BEGIN_ALLOW_THREADS + rc = SSL_CTX_set_default_verify_paths(self->ctx); + Py_END_ALLOW_THREADS + if (!rc) { _setSSLError(get_state_ctx(self), NULL, 0, __FILE__, __LINE__); return NULL; } -- GitLab