Brett Randall

Maybe Termux is disallowing some system call made by Gunicorn/Python - do you have a way to see what that might be? Or open a Python interpreter on the platform...

Nice, looks like you've confirmed it's coming from `seccomp` - looks like maybe `setuid`? Termux is known to disallow that. I've not tested this recently, but can you try adding...

@artynet are you seeing a call to `setuid` (or something else) further up your `strace`, before the error report?

@tsaarni agreed. Now that I look at the deprecated `wrap_socket`: https://github.com/python/cpython/blob/ee0ac328d38a86f7907598c94cb88a97635b32f8/Lib/ssl.py#L1421-L1449 ... it is simply chaining to construct a disposable `SSLContext` anyway, so cannot be worse. In future though, without...

@tsaarni I did some ergonomics testing on the new config setting and it highlighted another idea I had earlier ... to test, I took a subset of the functionality in...

@itszn thanks for documenting this. Noting that `underscores_in_headers` default is `off`, and the potential exploit requires it to be `on` - slight mitigation but can be enabled without understanding the...

I can confirm that a single `sync` worker gets blocked as described by the OP, by the `https` request when expecting `http`, but I find that additional workers are not...

I don't suppose you could share a runnable version of your code above which demonstrates the issue - runnable from the command-line, Docker or a patch to `/examples` would be...

Unfortunately there's a CLA-induced fix-abort over in #989.

I've not been able to spot a nice solution to this with the current packaging - they all seem to necessitate weird nested/multiple executions if you want `gradle-wrapper.jar` and `gradlew`,...