]> granicus.if.org Git - python/commitdiff
projects / python / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3463ee3)
bpo-29781: Fix SSLObject.version before handshake (#3364)
authorChristian Heimes <christian@python.org>
Wed, 6 Sep 2017 04:55:40 +0000 (21:55 -0700)
committerGitHub <noreply@github.com>
Wed, 6 Sep 2017 04:55:40 +0000 (21:55 -0700)
SSLObject.version() now correctly returns None when handshake over BIO has
not been performed yet.

Signed-off-by: Christian Heimes <christian@python.org>
Lib/test/test_ssl.py patch | blob | history
Misc/NEWS.d/next/Security/2017-09-05-15-26-30.bpo-29781.LwYtBP.rst [new file with mode: 0644] patch | blob
Modules/_ssl.c patch | blob | history

diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index a8ffef0944f9f19bf2411af1b082bd0e0cfad21d..16cad9de80bab4e445fb84c60aee31996e9e996e 100644 (file)
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -1746,6 +1746,7 @@ class SimpleBackgroundTests(unittest.TestCase):
         sslobj = ctx.wrap_bio(incoming, outgoing, False, 'localhost')
         self.assertIs(sslobj._sslobj.owner, sslobj)
         self.assertIsNone(sslobj.cipher())
+        self.assertIsNone(sslobj.version())
         self.assertIsNotNone(sslobj.shared_ciphers())
         self.assertRaises(ValueError, sslobj.getpeercert)
         if 'tls-unique' in ssl.CHANNEL_BINDING_TYPES:
@@ -1753,6 +1754,7 @@ class SimpleBackgroundTests(unittest.TestCase):
         self.ssl_io_loop(sock, incoming, outgoing, sslobj.do_handshake)
         self.assertTrue(sslobj.cipher())
         self.assertIsNotNone(sslobj.shared_ciphers())
+        self.assertIsNotNone(sslobj.version())
         self.assertTrue(sslobj.getpeercert())
         if 'tls-unique' in ssl.CHANNEL_BINDING_TYPES:
             self.assertTrue(sslobj.get_channel_binding('tls-unique'))
diff --git a/Misc/NEWS.d/next/Security/2017-09-05-15-26-30.bpo-29781.LwYtBP.rst b/Misc/NEWS.d/next/Security/2017-09-05-15-26-30.bpo-29781.LwYtBP.rst
new file mode 100644 (file)
index 0000000..b9106a5
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2017-09-05-15-26-30.bpo-29781.LwYtBP.rst
@@ -0,0 +1,2 @@
+SSLObject.version() now correctly returns None when handshake over BIO has
+not been performed yet.
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index b001bca99d9e1f951e54838a10542abf420e1d83..2fa6bd28cdc800ec1ababc6a889e0eb5e73e8146 100644 (file)
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -1706,6 +1706,10 @@ _ssl__SSLSocket_version_impl(PySSLSocket *self)
 
     if (self->ssl == NULL)
         Py_RETURN_NONE;
+    if (!SSL_is_init_finished(self->ssl)) {
+        /* handshake not finished */
+        Py_RETURN_NONE;
+    }
     version = SSL_get_version(self->ssl);
     if (!strcmp(version, "unknown"))
         Py_RETURN_NONE;
Unnamed repository; edit this file 'description' to name the repository.