Commit 68771116 authored by Christian Heimes's avatar Christian Heimes Committed by GitHub

bpo-29781: Fix SSLObject.version before handshake (#3364)

SSLObject.version() now correctly returns None when handshake over BIO has
not been performed yet.
Signed-off-by: default avatarChristian Heimes <christian@python.org>
parent 3463ee39
...@@ -1746,6 +1746,7 @@ class SimpleBackgroundTests(unittest.TestCase): ...@@ -1746,6 +1746,7 @@ class SimpleBackgroundTests(unittest.TestCase):
sslobj = ctx.wrap_bio(incoming, outgoing, False, 'localhost') sslobj = ctx.wrap_bio(incoming, outgoing, False, 'localhost')
self.assertIs(sslobj._sslobj.owner, sslobj) self.assertIs(sslobj._sslobj.owner, sslobj)
self.assertIsNone(sslobj.cipher()) self.assertIsNone(sslobj.cipher())
self.assertIsNone(sslobj.version())
self.assertIsNotNone(sslobj.shared_ciphers()) self.assertIsNotNone(sslobj.shared_ciphers())
self.assertRaises(ValueError, sslobj.getpeercert) self.assertRaises(ValueError, sslobj.getpeercert)
if 'tls-unique' in ssl.CHANNEL_BINDING_TYPES: if 'tls-unique' in ssl.CHANNEL_BINDING_TYPES:
...@@ -1753,6 +1754,7 @@ class SimpleBackgroundTests(unittest.TestCase): ...@@ -1753,6 +1754,7 @@ class SimpleBackgroundTests(unittest.TestCase):
self.ssl_io_loop(sock, incoming, outgoing, sslobj.do_handshake) self.ssl_io_loop(sock, incoming, outgoing, sslobj.do_handshake)
self.assertTrue(sslobj.cipher()) self.assertTrue(sslobj.cipher())
self.assertIsNotNone(sslobj.shared_ciphers()) self.assertIsNotNone(sslobj.shared_ciphers())
self.assertIsNotNone(sslobj.version())
self.assertTrue(sslobj.getpeercert()) self.assertTrue(sslobj.getpeercert())
if 'tls-unique' in ssl.CHANNEL_BINDING_TYPES: if 'tls-unique' in ssl.CHANNEL_BINDING_TYPES:
self.assertTrue(sslobj.get_channel_binding('tls-unique')) self.assertTrue(sslobj.get_channel_binding('tls-unique'))
......
SSLObject.version() now correctly returns None when handshake over BIO has
not been performed yet.
...@@ -1706,6 +1706,10 @@ _ssl__SSLSocket_version_impl(PySSLSocket *self) ...@@ -1706,6 +1706,10 @@ _ssl__SSLSocket_version_impl(PySSLSocket *self)
if (self->ssl == NULL) if (self->ssl == NULL)
Py_RETURN_NONE; Py_RETURN_NONE;
if (!SSL_is_init_finished(self->ssl)) {
/* handshake not finished */
Py_RETURN_NONE;
}
version = SSL_get_version(self->ssl); version = SSL_get_version(self->ssl);
if (!strcmp(version, "unknown")) if (!strcmp(version, "unknown"))
Py_RETURN_NONE; Py_RETURN_NONE;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment