bpo-43577: Fix deadlock with SSLContext._msg_callback and sni_callback (GH-24957)

OpenSSL copies the internal message callback from SSL_CTX->msg_callback to SSL->msg_callback. SSL_set_SSL_CTX() does not update SSL->msg_callback to use the callback value of the new context. PySSL_set_context() now resets the callback and _PySSL_msg_callback() resets thread state in error path. Signed-off-by: Christian Heimes <christian@python.org>
2025-12-04 00:30:19 +00:00 · 2021-03-21 16:13:09 +01:00 · 2021-03-21 16:13:09 +01:00 · 77cde5042a
commit 77cde5042a
parent 20a5b7e986
4 changed files with 29 additions and 0 deletions
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@ -2202,6 +2202,11 @@ static int PySSL_set_context(PySSLSocket *self, PyObject *value,
        Py_INCREF(value);
        Py_SETREF(self->ctx, (PySSLContext *)value);
        SSL_set_SSL_CTX(self->ssl, self->ctx->ctx);
+        /* Set SSL* internal msg_callback to state of new context's state */
+        SSL_set_msg_callback(
+            self->ssl,
+            self->ctx->msg_cb ? _PySSL_msg_callback : NULL
+        );
 #endif
    } else {
        PyErr_SetString(PyExc_TypeError, "The value must be a SSLContext");