From 1161aeadd3cc0f0769b0e39959c4c51aa206ed1d Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Sat, 24 Oct 2015 20:10:06 -0500
Subject: move lock initialization to during binding import

Previously we attempted to register our openssl locks only if the
backend was initialized, but we should really just do it immediately.
Consumers like PyOpenSSL already call init_static_locks after importing
the binding and if a library wants to replace the locks with something
else they can do so themselves.
---
 src/cryptography/hazmat/backends/openssl/backend.py | 2 --
 src/cryptography/hazmat/bindings/openssl/binding.py | 4 ++++
 2 files changed, 4 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index 58587b94..0c257d1e 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -524,8 +524,6 @@ class Backend(object):
         res = self._lib.ASN1_STRING_set_default_mask_asc(b"utf8only")
         self.openssl_assert(res == 1)
 
-        self._binding.init_static_locks()
-
         self._cipher_registry = {}
         self._register_default_ciphers()
         self.activate_osrandom_engine()
diff --git a/src/cryptography/hazmat/bindings/openssl/binding.py b/src/cryptography/hazmat/bindings/openssl/binding.py
index 4fac11d8..e2c34d6c 100644
--- a/src/cryptography/hazmat/bindings/openssl/binding.py
+++ b/src/cryptography/hazmat/bindings/openssl/binding.py
@@ -172,3 +172,7 @@ class Binding(object):
                     mode, n, file, line
                 )
             )
+
+
+# OpenSSL is not thread safe until the locks are initialized.
+Binding.init_static_locks()
-- 
cgit v1.2.3


From a4ff3ca63c175db7aa629205c5f52113ba4608a4 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Sat, 24 Oct 2015 21:29:24 -0500
Subject: expand comment

---
 src/cryptography/hazmat/bindings/openssl/binding.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/cryptography/hazmat/bindings/openssl/binding.py b/src/cryptography/hazmat/bindings/openssl/binding.py
index e2c34d6c..e8bf267b 100644
--- a/src/cryptography/hazmat/bindings/openssl/binding.py
+++ b/src/cryptography/hazmat/bindings/openssl/binding.py
@@ -174,5 +174,7 @@ class Binding(object):
             )
 
 
-# OpenSSL is not thread safe until the locks are initialized.
+# OpenSSL is not thread safe until the locks are initialized. We initialize in
+# module scope to cause initialization whenever this module is imported (and
+# try to get some benefit from the import lock).
 Binding.init_static_locks()
-- 
cgit v1.2.3


From 1de222d8f35fcf56650fdfff0314566e24dcb055 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Tue, 27 Oct 2015 10:29:43 +0900
Subject: modify sadness prose

---
 src/cryptography/hazmat/bindings/openssl/binding.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'src')

diff --git a/src/cryptography/hazmat/bindings/openssl/binding.py b/src/cryptography/hazmat/bindings/openssl/binding.py
index e8bf267b..a750cd6b 100644
--- a/src/cryptography/hazmat/bindings/openssl/binding.py
+++ b/src/cryptography/hazmat/bindings/openssl/binding.py
@@ -174,7 +174,9 @@ class Binding(object):
             )
 
 
-# OpenSSL is not thread safe until the locks are initialized. We initialize in
-# module scope to cause initialization whenever this module is imported (and
-# try to get some benefit from the import lock).
+# OpenSSL is not thread safe until the locks are initialized. We call this
+# method in module scope so that it executes with the import lock. On
+# Pythons < 3.4 this import lock is a global lock, which can prevent a race
+# condition registering the OpenSSL locks. On Python 3.4+ the import lock
+# is per module so this approach will not work.
 Binding.init_static_locks()
-- 
cgit v1.2.3