Skip to content

Fix Drop to prevent TLS data loss #6825

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
youknowone merged 1 commit into from
Jan 21, 2026
Merged

Fix Drop to prevent TLS data loss #6825

youknowone merged 1 commit into from
Jan 21, 2026

Conversation

@youknowone
Copy link
Member

@youknowone youknowone commented Jan 21, 2026
edited by coderabbitai bot
Loading

Remove pending_tls_output.clear() from Drop implementation.

SSLSocket._real_close() in Python doesn't call shutdown() before closing - it just sets _sslobj = None. This means pending TLS data in the output buffer may not have been flushed to the socket yet. Clearing this buffer in Drop causes data loss, resulting in empty HTTP responses (test_socketserver failure on Windows).

The explicit clearing is also unnecessary since all struct fields are automatically freed when the struct is dropped.

Summary by CodeRabbit

  • Refactor
    • Improved SSL socket cleanup behavior to mitigate potential data loss risks during resource cleanup.

✏️ Tip: You can customize this high-level summary in your review settings.

@youknowone
Fix Drop to prevent TLS data loss
33ab725 
Remove pending_tls_output.clear() from Drop implementation.

SSLSocket._real_close() in Python doesn't call shutdown() before
closing - it just sets _sslobj = None. This means pending TLS data
in the output buffer may not have been flushed to the socket yet.
Clearing this buffer in Drop causes data loss, resulting in empty
HTTP responses (test_socketserver failure on Windows).

The explicit clearing is also unnecessary since all struct fields
are automatically freed when the struct is dropped.
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Jan 21, 2026
edited
Loading

📝 Walkthrough

Walkthrough

Modified the PySSLSocket Drop implementation to remove explicit field clearing for pending_tls_output, write_buffered_len, and shutdown_state. Now only clears the connection explicitly while relying on automatic memory cleanup for other fields. Added explanatory comments about the rationale.

Changes

Cohort / File(s) Summary
PySSLSocket Drop Cleanup Refactoring
crates/stdlib/src/ssl.rs		 Simplified Drop implementation by removing explicit clearing of pending_tls_output, write_buffered_len, and shutdown_state. Now only explicitly clears self.connection via lock().take(). Added inline comments explaining why pending_tls_output should not be cleared and noting that other fields are automatically freed on drop.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

  • Drop for PySSLSocket #6791: Directly modifies the same Drop implementation for PySSLSocket in ssl.rs, specifically changing which connection/cleanup fields are cleared during drop.

Poem

🐰 A drop of wisdom, clean and bright,
We let the memory take its flight,
No need to clear what fades away,
The Rust will handle it, hooray! 🌿

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the main change: preventing TLS data loss by modifying the Drop implementation to not clear pending TLS output.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing touches
  • 📝 Generate docstrings

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@youknowone youknowone marked this pull request as ready for review January 21, 2026 08:16
@youknowone youknowone merged commit 2df879c into RustPython:main Jan 21, 2026
13 checks passed
@youknowone youknowone deleted the ssl-drop branch January 21, 2026 08:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@youknowone