mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-08-02 16:13:13 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

bpo-43577: Fix deadlock with SSLContext._msg_callback and sni_callback (GH-24957)

Browse source 
OpenSSL copies the internal message callback from SSL_CTX->msg_callback to
SSL->msg_callback. SSL_set_SSL_CTX() does not update SSL->msg_callback
to use the callback value of the new context.

PySSL_set_context() now resets the callback and _PySSL_msg_callback()
resets thread state in error path.

Signed-off-by: Christian Heimes <christian@python.org>
This commit is contained in:
Christian Heimes 2021-03-21 16:13:09 +01:00 committed by GitHub
parent 20a5b7e986
commit 77cde5042a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 29 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

22
Lib/test/test_ssl.py
View file

@ -4764,6 +4764,28 @@ class TestSSLDebug(unittest.TestCase):
msg msg
) )
def test_msg_callback_deadlock_bpo43577(self):
client_context, server_context, hostname = testing_context()
server_context2 = testing_context()[1]
def msg_cb(conn, direction, version, content_type, msg_type, data):
pass
def sni_cb(sock, servername, ctx):
sock.context = server_context2
server_context._msg_callback = msg_cb
server_context.sni_callback = sni_cb
server = ThreadedEchoServer(context=server_context, chatty=False)
with server:
with client_context.wrap_socket(socket.socket(),
server_hostname=hostname) as s:
s.connect((HOST, server.port))
with client_context.wrap_socket(socket.socket(),
server_hostname=hostname) as s:
s.connect((HOST, server.port))
def test_main(verbose=False): def test_main(verbose=False):
if support.verbose: if support.verbose:

1
Misc/NEWS.d/next/Library/2021-03-21-10-13-17.bpo-43577.m7JnAV.rst Normal file
View file

@ -0,0 +1 @@
Fix deadlock when using :class:`ssl.SSLContext` debug callback with :meth:`ssl.SSLContext.sni_callback`.

5
Modules/_ssl.c
View file

@ -2202,6 +2202,11 @@ static int PySSL_set_context(PySSLSocket *self, PyObject *value,
Py_INCREF(value); Py_INCREF(value);
Py_SETREF(self->ctx, (PySSLContext *)value); Py_SETREF(self->ctx, (PySSLContext *)value);
SSL_set_SSL_CTX(self->ssl, self->ctx->ctx); SSL_set_SSL_CTX(self->ssl, self->ctx->ctx);
/* Set SSL* internal msg_callback to state of new context's state */
SSL_set_msg_callback(
self->ssl,
self->ctx->msg_cb ? _PySSL_msg_callback : NULL
);
#endif #endif
} else { } else {
PyErr_SetString(PyExc_TypeError, "The value must be a SSLContext"); PyErr_SetString(PyExc_TypeError, "The value must be a SSLContext");

1
Modules/_ssl/debughelpers.c
View file

@ -23,6 +23,7 @@ _PySSL_msg_callback(int write_p, int version, int content_type,
ssl_obj = (PySSLSocket *)SSL_get_app_data(ssl); ssl_obj = (PySSLSocket *)SSL_get_app_data(ssl);
assert(PySSLSocket_Check(ssl_obj)); assert(PySSLSocket_Check(ssl_obj));
if (ssl_obj->ctx->msg_cb == NULL) { if (ssl_obj->ctx->msg_cb == NULL) {
PyGILState_Release(threadstate);
return; return;
} }