gh-142352: Fix start_tls() to transfer buffered data from StreamReader #142354
Conversation
kasimov-maxim
requested review from
1st1,
asvetlov,
kumaraditya303 and
willingc
as code owners
|
All commit authors signed the Contributor License Agreement. |
| file.seek(offset + total_sent) | ||
| await proto.restore() | ||
|
|
||
| def _transfer_buffered_data_to_ssl(self, protocol, ssl_protocol): |
There was a problem hiding this comment.
As this method is called from just one place, I suggest to inline it
There was a problem hiding this comment.
I kept this logic in a small helper because it represents a distinct
conceptual step (bridging StreamReader buffering into the SSLProtocol BIO),
and start_tls() is already quite dense. Even though the block is relatively
short, it introduces non-obvious buffering semantics involving private
StreamReader and SSLProtocol internals.
Keeping it named helps document the behavior required for mid-connection
start_tls() scenarios, avoids cluttering the main flow, and leaves room
for future adjustments if this logic needs to grow.
If we inline this, I think it would be worth keeping a fairly detailed
comment explaining why this buffering transfer is needed.
That said, I'm happy to inline it if you think that's preferable here.
There was a problem hiding this comment.
There is no need for a method as it would indirectly be exposed on subclasses. The docstring is also un-necessary, and there is no need to mention custom implementations.
If we inline this, I think it would be worth keeping a fairly detailed
comment explaining why this buffering transfer is needed.
No. Just link an issue (and possibly a short comment). The code base prefers concise comments. It's not meant to be read by everyone and we definitely don't want to have more docstrings than code. If something is meant to be extensively documented it should be done at the RST level.
There was a problem hiding this comment.
Understood, thanks. I'll inline it and keep only a short comment with an issue reference.
There was a problem hiding this comment.
(my $0.02)
no need for a method as it would indirectly be exposed on subclasses
FWIW, I often make use of the technique of naming things. It's nice to have clear semantic names for such abstractions: it'd be more difficult to make sense of ssl_protocol._incoming.write(protocol._stream_reader._buffer) in the context of start_tls(). Plus having these low-level details leak into that layer would mean that future refactorings may result in unrelated lines being added in-between, making their way into a block of otherwise tightly-coupled instructions.
Clearly, having it a member of the class is suboptimal but what's wrong with having a _private helper function around, for example?
There was a problem hiding this comment.
We do not like proliferation of methods when code can be inlined. Making sense of line is the reason why adding a small comment is enough.
We also should not be worried about the future. However I would recommend having a more compact block (we avoid blank lines in the stdlib and only use them to separate sections in a function).
Now, If we want to make it private, why not also. But I do not think that it is better to leak the method itself to subclasses (because then we need to indicate that the logic is private and neither protected or public; this the unfortunate part of not having a protected convention aside from @override).
Since Kumar is the code owner I think we should respect his intentions on that matter. Though they could have changed after your suggestion.
picnixz
left a comment
picnixz
left a comment
There was a problem hiding this comment.
Has this PR been generated using an LLM? if so, indicate which places were so and read https://devguide.python.org/getting-started/generative-ai/.
| self.assertEqual(msg2, b"hello world 2!\n") | ||
|
|
||
| def _run_test_start_tls_behind_proxy(self, send_combined): | ||
| """Test start_tls() when TLS ClientHello arrives with PROXY header. |
There was a problem hiding this comment.
Remove docstrings from tests. It would be shown on failure. Use regular comments and shorten it. We don't want to restate the entire issue so simply link the issue's number as well.
There was a problem hiding this comment.
Understood, will update the tests accordingly.
| test_message = b"hello world\n" | ||
| expected_response = reverse_message(test_message) | ||
|
|
||
| class TCPProxyServer: |
There was a problem hiding this comment.
Do we really need this class? don't we already have some helpers elsewhere? The test also looks overly complex. Why not just patching existing TCPServer? (if possible; I don't know if there isn't some class that could be used as is with some minimal modifications)
| file.seek(offset + total_sent) | ||
| await proto.restore() | ||
|
|
||
| def _transfer_buffered_data_to_ssl(self, protocol, ssl_protocol): |
There was a problem hiding this comment.
There is no need for a method as it would indirectly be exposed on subclasses. The docstring is also un-necessary, and there is no need to mention custom implementations.
If we inline this, I think it would be worth keeping a fairly detailed
comment explaining why this buffering transfer is needed.
No. Just link an issue (and possibly a short comment). The code base prefers concise comments. It's not meant to be read by everyone and we definitely don't want to have more docstrings than code. If something is meant to be extensively documented it should be done at the RST level.
|
A Python core developer has requested some changes be made to your pull request before we can consider merging it. If you could please address their requests along with any other requests in other reviews from core developers that would be appreciated. Once you have made the requested changes, please leave a comment on this pull request containing the phrase |
|
Also, I think reading and checking if we're compliant with https://datatracker.ietf.org/doc/html/rfc2817 should be done (even if the RFC is only proposed and not in the standard tracks) or whatever RFC should be considered (I do think it's correct to fix this but I don't know if we should only send the possible hello for tls or generally write whatever was buffered) |
Noted in PR. |
|
|
||
| # Pause early so that "ssl_protocol.data_received()" doesn't | ||
| # have a chance to get called before "ssl_protocol.connection_made()". | ||
| transport.pause_reading() |
There was a problem hiding this comment.
Wouldn't it make sense to transfer the buffer after reading is paused rather than before?
| ssl_protocol._incoming.write(buffer) | ||
| buffer.clear() |
There was a problem hiding this comment.
I wonder if this could better belong @
cpython/Lib/asyncio/sslproto.py
Line 322 in b2ed3c3
Technically, there could be something like
- self._incoming = ssl.MemoryBIO()
+ self._incoming = ssl.MemoryBIO()
+ try:
+ underlying_raw_stream_buffer = app_protocol._stream_reader._buffer
+ except AttributeError:
+ pass
+ else:
+ self._incoming.write(underlying_raw_stream_buffer)
+ underlying_raw_stream_buffer.clear()But I don't know how other places that initialize sslproto.SSLProtocol() would be affected. So it's just an idea to check out and see if other instances should have the same buffer transfer logic (looks like it's used in two other modules).
4 participants
Fixes #142352
Summary
When using
StreamWriter.start_tls()to upgrade a connection to TLS mid-stream, any data already buffered in theStreamReaderwas lost. This commonly occurs when implementing servers that support the PROXY protocol.Changes
_transfer_buffered_data_to_ssl()method toBaseEventLoopthat transfers buffered data fromStreamReader._buffertoSSLProtocol._incomingbefore the TLS handshake beginsGenerative AI usage
Some parts of this PR were assisted by a generative AI tool. Specifically:
All functional logic and final edits were reviewed, verified, and authored by
me, in accordance with the Python devguide guidelines.
Test plan
test_streams.pymake patchcheckpasses