Conversation
xmlsec1 1.3.11 may call OPENSSL_cleanup() from the OpenSSL backend during shutdown. OpenSSL cannot be reinitialized in the same process after that cleanup runs. Update the lifecycle test to call init() before shutdown(), run it last, and stop testing shutdown/init reinitialization. Document the new lifecycle constraint in the module docs and runtime docstrings.
There was a problem hiding this comment.
Pull request overview
Updates the project’s bundled unix xmlsec1 dependency to 1.3.11 and adjusts docs/tests to accommodate upstream lifecycle changes (notably OpenSSL cleanup making shutdown effectively process-final).
Changes:
- Bump unix xmlsec1 from 1.3.10 to 1.3.11 in build tooling and CI cache workflow defaults.
- Update test ordering so the xmlsec shutdown test runs last, avoiding post-shutdown use.
- Document the init/shutdown lifecycle constraints in both C docstrings and Sphinx docs.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
build_support/lib_xmlsec_dependency_builder.py |
Bumps unix default xmlsec1_version to 1.3.11. |
.github/workflows/cache_libs.yml |
Updates default XMLSEC1_VERSION to 1.3.11 for non-Windows caching. |
tests/test_xmlsec.py |
Reworks module lifecycle test to avoid re-init after shutdown; sets iterations to 0. |
tests/conftest.py |
Reorders tests to ensure shutdown-related test runs last. |
src/main.c |
Updates init()/shutdown() docstrings to describe process-final shutdown constraint. |
doc/source/modules/xmlsec.rst |
Adds lifecycle documentation explaining why shutdown is process-final. |
Comments suppressed due to low confidence (1)
src/main.c:113
- The docs now state that calling
init()aftershutdown()is unsupported/process-final, butPyXmlSec_PyInitcurrently allows it unconditionally. To make the runtime behavior match the documentation (and avoid upstream OpenSSL reinit failures), consider tracking a "shutdown called" state and raising a clear Python exception ifinit()is called aftershutdown().
"This is called upon library import and normally does not need to be\n"
"called explicitly. It is only valid before shutdown() has been called.\n\n"
"Calling init() after shutdown() is unsupported because upstream\n"
"xmlsec1 1.3.11+ may call OPENSSL_cleanup() during shutdown, and OpenSSL\n"
"cannot be reinitialized in the same process after that cleanup.\n";
static PyObject* PyXmlSec_PyInit(PyObject *self) {
if (PyXmlSec_Init() < 0) {
return NULL;
}
Py_RETURN_NONE;
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.