[pull] master from aio-libs:master

CHANGES.rst

@@ -10,6 +10,74 @@
 
 .. towncrier release notes start
 
+3.12.11 (2025-06-07)
+====================
+
+Features
+--------
+
+- Improved SSL connection handling by changing the default ``ssl_shutdown_timeout``
+  from ``0.1`` to ``0`` seconds. SSL connections now use Python's default graceful
+  shutdown during normal operation but are aborted immediately when the connector
+  is closed, providing optimal behavior for both cases. Also added support for
+  ``ssl_shutdown_timeout=0`` on all Python versions. Previously, this value was
+  rejected on Python 3.11+ and ignored on earlier versions. Non-zero values on
+  Python < 3.11 now trigger a ``RuntimeWarning`` -- by :user:`bdraco`.
+
+  The ``ssl_shutdown_timeout`` parameter is now deprecated and will be removed in
+  aiohttp 4.0 as there is no clear use case for changing the default.
+
+
+  *Related issues and pull requests on GitHub:*
+  :issue:`11148`.
+
+
+
+
+Deprecations (removal in next major release)
+--------------------------------------------
+
+- Improved SSL connection handling by changing the default ``ssl_shutdown_timeout``
+  from ``0.1`` to ``0`` seconds. SSL connections now use Python's default graceful
+  shutdown during normal operation but are aborted immediately when the connector
+  is closed, providing optimal behavior for both cases. Also added support for
+  ``ssl_shutdown_timeout=0`` on all Python versions. Previously, this value was
+  rejected on Python 3.11+ and ignored on earlier versions. Non-zero values on
+  Python < 3.11 now trigger a ``RuntimeWarning`` -- by :user:`bdraco`.
+
+  The ``ssl_shutdown_timeout`` parameter is now deprecated and will be removed in
+  aiohttp 4.0 as there is no clear use case for changing the default.
+
+
+  *Related issues and pull requests on GitHub:*
+  :issue:`11148`.
+
+
+
+
+----
+
+
+3.12.10 (2025-06-07)
+====================
+
+Bug fixes
+---------
+
+- Fixed leak of ``aiodns.DNSResolver`` when :py:class:`~aiohttp.TCPConnector` is closed and no resolver was passed when creating the connector -- by :user:`Tasssadar`.
+
+  This was a regression introduced in version 3.12.0 (:pr:`10897`).
+
+
+  *Related issues and pull requests on GitHub:*
+  :issue:`11150`.
+
+
+
+
+----
+
+
 3.12.9 (2025-06-04)
 ===================
 

aiohttp/client.py

@@ -297,7 +297,7 @@ def __init__(
         max_field_size: int = 8190,
         fallback_charset_resolver: _CharsetResolver = lambda r, b: "utf-8",
         middlewares: Sequence[ClientMiddlewareType] = (),
-        ssl_shutdown_timeout: Optional[float] = 0.1,
+        ssl_shutdown_timeout: Union[_SENTINEL, None, float] = sentinel,
     ) -> None:
         # We initialise _connector to None immediately, as it's referenced in __del__()
         # and could cause issues if an exception occurs during initialisation.
@@ -323,6 +323,13 @@ def __init__(
             )
         self._timeout = timeout
 
+        if ssl_shutdown_timeout is not sentinel:
+            warnings.warn(
+                "The ssl_shutdown_timeout parameter is deprecated and will be removed in aiohttp 4.0",
+                DeprecationWarning,
+                stacklevel=2,
+            )
+
         if connector is None:
             connector = TCPConnector(ssl_shutdown_timeout=ssl_shutdown_timeout)
         # Initialize these three attrs before raising any exception,

aiohttp/client_proto.py

@@ -95,6 +95,15 @@ def close(self) -> None:
             self._payload = None
             self._drop_timeout()
 
+    def abort(self) -> None:
+        self._exception = None  # Break cyclic references
+        transport = self.transport
+        if transport is not None:
+            transport.abort()
+            self.transport = None
+            self._payload = None
+            self._drop_timeout()
+
     def is_connected(self) -> bool:
         return self.transport is not None and not self.transport.is_closing()
 

aiohttp/connector.py

@@ -205,15 +205,19 @@ def closed(self) -> bool:
 class _TransportPlaceholder:
     """placeholder for BaseConnector.connect function"""
 
-    __slots__ = ("closed",)
+    __slots__ = ("closed", "transport")
 
     def __init__(self, closed_future: asyncio.Future[Optional[Exception]]) -> None:
         """Initialize a placeholder for a transport."""
         self.closed = closed_future
+        self.transport = None
 
     def close(self) -> None:
         """Close the placeholder."""
 
+    def abort(self) -> None:
+        """Abort the placeholder (does nothing)."""
+
 
 class BaseConnector:
     """Base connector class.
@@ -431,17 +435,22 @@ def _cleanup_closed(self) -> None:
                 timeout_ceil_threshold=self._timeout_ceil_threshold,
             )
 
-    async def close(self) -> None:
-        """Close all opened transports."""
-        waiters = self._close_immediately()
+    async def close(self, *, abort_ssl: bool = False) -> None:
+        """Close all opened transports.
+
+        :param abort_ssl: If True, SSL connections will be aborted immediately
+                         without performing the shutdown handshake. This provides
+                         faster cleanup at the cost of less graceful disconnection.
+        """
+        waiters = self._close_immediately(abort_ssl=abort_ssl)
         if waiters:
             results = await asyncio.gather(*waiters, return_exceptions=True)
             for res in results:
                 if isinstance(res, Exception):
                     err_msg = "Error while closing connector: " + repr(res)
                     client_logger.debug(err_msg)
 
-    def _close_immediately(self) -> List[Awaitable[object]]:
+    def _close_immediately(self, *, abort_ssl: bool = False) -> List[Awaitable[object]]:
         waiters: List[Awaitable[object]] = []
 
         if self._closed:
@@ -463,12 +472,26 @@ def _close_immediately(self) -> List[Awaitable[object]]:
 
             for data in self._conns.values():
                 for proto, _ in data:
-                    proto.close()
+                    if (
+                        abort_ssl
+                        and proto.transport
+                        and proto.transport.get_extra_info("sslcontext") is not None
+                    ):
+                        proto.abort()
+                    else:
+                        proto.close()
                     if closed := proto.closed:
                         waiters.append(closed)
 
             for proto in self._acquired:
-                proto.close()
+                if (
+                    abort_ssl
+                    and proto.transport
+                    and proto.transport.get_extra_info("sslcontext") is not None
+                ):
+                    proto.abort()
+                else:
+                    proto.close()
                 if closed := proto.closed:
                     waiters.append(closed)
 
@@ -838,11 +861,12 @@ class TCPConnector(BaseConnector):
     socket_factory - A SocketFactoryType function that, if supplied,
                      will be used to create sockets given an
                      AddrInfoType.
-    ssl_shutdown_timeout - Grace period for SSL shutdown handshake on TLS
-                           connections. Default is 0.1 seconds. This usually
-                           allows for a clean SSL shutdown by notifying the
-                           remote peer of connection closure, while avoiding
-                           excessive delays during connector cleanup.
+    ssl_shutdown_timeout - DEPRECATED. Will be removed in aiohttp 4.0.
+                           Grace period for SSL shutdown handshake on TLS
+                           connections. Default is 0 seconds (immediate abort).
+                           This parameter allowed for a clean SSL shutdown by
+                           notifying the remote peer of connection closure,
+                           while avoiding excessive delays during connector cleanup.
                            Note: Only takes effect on Python 3.11+.
     """
 
@@ -866,7 +890,7 @@ def __init__(
         happy_eyeballs_delay: Optional[float] = 0.25,
         interleave: Optional[int] = None,
         socket_factory: Optional[SocketFactoryType] = None,
-        ssl_shutdown_timeout: Optional[float] = 0.1,
+        ssl_shutdown_timeout: Union[_SENTINEL, None, float] = sentinel,
     ):
         super().__init__(
             keepalive_timeout=keepalive_timeout,
@@ -903,26 +927,57 @@ def __init__(
         self._interleave = interleave
         self._resolve_host_tasks: Set["asyncio.Task[List[ResolveResult]]"] = set()
         self._socket_factory = socket_factory
-        self._ssl_shutdown_timeout = ssl_shutdown_timeout
+        self._ssl_shutdown_timeout: Optional[float]
 
-    def _close_immediately(self) -> List[Awaitable[object]]:
+        # Handle ssl_shutdown_timeout with warning for Python < 3.11
+        if ssl_shutdown_timeout is sentinel:
+            self._ssl_shutdown_timeout = 0
+        else:
+            # Deprecation warning for ssl_shutdown_timeout parameter
+            warnings.warn(
+                "The ssl_shutdown_timeout parameter is deprecated and will be removed in aiohttp 4.0",
+                DeprecationWarning,
+                stacklevel=2,
+            )
+            if (
+                sys.version_info < (3, 11)
+                and ssl_shutdown_timeout is not None
+                and ssl_shutdown_timeout != 0
+            ):
+                warnings.warn(
+                    f"ssl_shutdown_timeout={ssl_shutdown_timeout} is ignored on Python < 3.11; "
+                    "only ssl_shutdown_timeout=0 is supported. The timeout will be ignored.",
+                    RuntimeWarning,
+                    stacklevel=2,
+                )
+            self._ssl_shutdown_timeout = ssl_shutdown_timeout
+
+    async def close(self, *, abort_ssl: bool = False) -> None:
+        """Close all opened transports.
+
+        :param abort_ssl: If True, SSL connections will be aborted immediately
+                         without performing the shutdown handshake. If False (default),
+                         the behavior is determined by ssl_shutdown_timeout:
+                         - If ssl_shutdown_timeout=0: connections are aborted
+                         - If ssl_shutdown_timeout>0: graceful shutdown is performed
+        """
+        if self._resolver_owner:
+            await self._resolver.close()
+        # Use abort_ssl param if explicitly set, otherwise use ssl_shutdown_timeout default
+        await super().close(abort_ssl=abort_ssl or self._ssl_shutdown_timeout == 0)
+
+    def _close_immediately(self, *, abort_ssl: bool = False) -> List[Awaitable[object]]:
         for fut in chain.from_iterable(self._throttle_dns_futures.values()):
             fut.cancel()
 
-        waiters = super()._close_immediately()
+        waiters = super()._close_immediately(abort_ssl=abort_ssl)
 
         for t in self._resolve_host_tasks:
             t.cancel()
             waiters.append(t)
 
         return waiters
 
-    async def close(self) -> None:
-        """Close all opened transports."""
-        if self._resolver_owner:
-            await self._resolver.close()
-        await super().close()
-
     @property
     def family(self) -> int:
         """Socket family like AF_INET."""
@@ -1155,7 +1210,7 @@ async def _wrap_create_connection(
                 # Add ssl_shutdown_timeout for Python 3.11+ when SSL is used
                 if (
                     kwargs.get("ssl")
-                    and self._ssl_shutdown_timeout is not None
+                    and self._ssl_shutdown_timeout
                     and sys.version_info >= (3, 11)
                 ):
                     kwargs["ssl_shutdown_timeout"] = self._ssl_shutdown_timeout
@@ -1233,10 +1288,7 @@ async def _start_tls_connection(
             ):
                 try:
                     # ssl_shutdown_timeout is only available in Python 3.11+
-                    if (
-                        sys.version_info >= (3, 11)
-                        and self._ssl_shutdown_timeout is not None
-                    ):
+                    if sys.version_info >= (3, 11) and self._ssl_shutdown_timeout:
                         tls_transport = await self._loop.start_tls(
                             underlying_transport,
                             tls_proto,
@@ -1257,7 +1309,10 @@ async def _start_tls_connection(
                     # We need to close the underlying transport since
                     # `start_tls()` probably failed before it had a
                     # chance to do this:
-                    underlying_transport.close()
+                    if self._ssl_shutdown_timeout == 0:
+                        underlying_transport.abort()
+                    else:
+                        underlying_transport.close()
                     raise
                 if isinstance(tls_transport, asyncio.Transport):
                     fingerprint = self._get_fingerprint(req)