2 files changed, 40 insertions, 24 deletions

diff --git a/contrib/tools/python3/src/Modules/_ssl/clinic/cert.c.h b/contrib/tools/python3/src/Modules/_ssl/clinic/cert.c.h
index 53cedabc3f7..a052ab2086f 100644
--- a/contrib/tools/python3/src/Modules/_ssl/clinic/cert.c.h
+++ b/contrib/tools/python3/src/Modules/_ssl/clinic/cert.c.h
@@ -2,6 +2,12 @@
 preserve
 [clinic start generated code]*/
 
+#if defined(Py_BUILD_CORE) && !defined(Py_BUILD_CORE_MODULE)
+#  include "pycore_gc.h"            // PyGC_Head
+#  include "pycore_runtime.h"       // _Py_ID()
+#endif
+
+
 PyDoc_STRVAR(_ssl_Certificate_public_bytes__doc__,
 "public_bytes($self, /, format=Encoding.PEM)\n"
 "--\n"
@@ -17,8 +23,31 @@ static PyObject *
 _ssl_Certificate_public_bytes(PySSLCertificate *self, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames)
 {
     PyObject *return_value = NULL;
+    #if defined(Py_BUILD_CORE) && !defined(Py_BUILD_CORE_MODULE)
+
+    #define NUM_KEYWORDS 1
+    static struct {
+        PyGC_Head _this_is_not_used;
+        PyObject_VAR_HEAD
+        PyObject *ob_item[NUM_KEYWORDS];
+    } _kwtuple = {
+        .ob_base = PyVarObject_HEAD_INIT(&PyTuple_Type, NUM_KEYWORDS)
+        .ob_item = { &_Py_ID(format), },
+    };
+    #undef NUM_KEYWORDS
+    #define KWTUPLE (&_kwtuple.ob_base.ob_base)
+
+    #else  // !Py_BUILD_CORE
+    #  define KWTUPLE NULL
+    #endif  // !Py_BUILD_CORE
+
     static const char * const _keywords[] = {"format", NULL};
-    static _PyArg_Parser _parser = {NULL, _keywords, "public_bytes", 0};
+    static _PyArg_Parser _parser = {
+        .keywords = _keywords,
+        .fname = "public_bytes",
+        .kwtuple = KWTUPLE,
+    };
+    #undef KWTUPLE
     PyObject *argsbuf[1];
     Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0;
     int format = PY_SSL_ENCODING_PEM;
@@ -57,4 +86,4 @@ _ssl_Certificate_get_info(PySSLCertificate *self, PyObject *Py_UNUSED(ignored))
 {
     return _ssl_Certificate_get_info_impl(self);
 }
-/*[clinic end generated code: output=18885c4d167d5244 input=a9049054013a1b77]*/
+/*[clinic end generated code: output=82efada014f9b7fe input=a9049054013a1b77]*/
diff --git a/contrib/tools/python3/src/Modules/_ssl/debughelpers.c b/contrib/tools/python3/src/Modules/_ssl/debughelpers.c
index 03c125eb44f..a81f0aad05a 100644
--- a/contrib/tools/python3/src/Modules/_ssl/debughelpers.c
+++ b/contrib/tools/python3/src/Modules/_ssl/debughelpers.c
@@ -74,7 +74,7 @@ _PySSL_msg_callback(int write_p, int version, int content_type,
         buf, len
     );
     if (res == NULL) {
-        PyErr_Fetch(&ssl_obj->exc_type, &ssl_obj->exc_value, &ssl_obj->exc_tb);
+        ssl_obj->exc = PyErr_GetRaisedException();
     } else {
         Py_DECREF(res);
     }
@@ -87,8 +87,7 @@ _PySSL_msg_callback(int write_p, int version, int content_type,
 static PyObject *
 _PySSLContext_get_msg_callback(PySSLContext *self, void *c) {
     if (self->msg_cb != NULL) {
-        Py_INCREF(self->msg_cb);
-        return self->msg_cb;
+        return Py_NewRef(self->msg_cb);
     } else {
         Py_RETURN_NONE;
     }
@@ -107,8 +106,7 @@ _PySSLContext_set_msg_callback(PySSLContext *self, PyObject *arg, void *c) {
                             "not a callable object");
             return -1;
         }
-        Py_INCREF(arg);
-        self->msg_cb = arg;
+        self->msg_cb = Py_NewRef(arg);
         SSL_CTX_set_msg_callback(self->ctx, _PySSL_msg_callback);
     }
     return 0;
@@ -120,31 +118,22 @@ _PySSL_keylog_callback(const SSL *ssl, const char *line)
     PyGILState_STATE threadstate;
     PySSLSocket *ssl_obj = NULL;  /* ssl._SSLSocket, borrowed ref */
     int res, e;
-    static PyThread_type_lock *lock = NULL;
 
     threadstate = PyGILState_Ensure();
 
     ssl_obj = (PySSLSocket *)SSL_get_app_data(ssl);
     assert(Py_IS_TYPE(ssl_obj, get_state_sock(ssl_obj)->PySSLSocket_Type));
+    PyThread_type_lock lock = get_state_sock(ssl_obj)->keylog_lock;
+    assert(lock != NULL);
     if (ssl_obj->ctx->keylog_bio == NULL) {
         return;
     }
-
-    /* Allocate a static lock to synchronize writes to keylog file.
+    /*
      * The lock is neither released on exit nor on fork(). The lock is
      * also shared between all SSLContexts although contexts may write to
      * their own files. IMHO that's good enough for a non-performance
      * critical debug helper.
      */
-    if (lock == NULL) {
-        lock = PyThread_allocate_lock();
-        if (lock == NULL) {
-            PyErr_SetString(PyExc_MemoryError, "Unable to allocate lock");
-            PyErr_Fetch(&ssl_obj->exc_type, &ssl_obj->exc_value,
-                        &ssl_obj->exc_tb);
-            return;
-        }
-    }
 
     PySSL_BEGIN_ALLOW_THREADS
     PyThread_acquire_lock(lock, 1);
@@ -158,7 +147,7 @@ _PySSL_keylog_callback(const SSL *ssl, const char *line)
         errno = e;
         PyErr_SetFromErrnoWithFilenameObject(PyExc_OSError,
                                              ssl_obj->ctx->keylog_filename);
-        PyErr_Fetch(&ssl_obj->exc_type, &ssl_obj->exc_value, &ssl_obj->exc_tb);
+        ssl_obj->exc = PyErr_GetRaisedException();
     }
     PyGILState_Release(threadstate);
 }
@@ -166,8 +155,7 @@ _PySSL_keylog_callback(const SSL *ssl, const char *line)
 static PyObject *
 _PySSLContext_get_keylog_filename(PySSLContext *self, void *c) {
     if (self->keylog_filename != NULL) {
-        Py_INCREF(self->keylog_filename);
-        return self->keylog_filename;
+        return Py_NewRef(self->keylog_filename);
     } else {
         Py_RETURN_NONE;
     }
@@ -203,8 +191,7 @@ _PySSLContext_set_keylog_filename(PySSLContext *self, PyObject *arg, void *c) {
                         "Can't malloc memory for keylog file");
         return -1;
     }
-    Py_INCREF(arg);
-    self->keylog_filename = arg;
+    self->keylog_filename = Py_NewRef(arg);
 
     /* Write a header for seekable, empty files (this excludes pipes). */
     PySSL_BEGIN_ALLOW_THREADS