Issue #16357: fix calling accept() on a SSLSocket created through SSLContext.wrap_socket().
Original patch by Jeff McNeil.
This commit is contained in:
Antoine Pitrou
commit
73e9bd4d25
15
Lib/ssl.py
15
Lib/ssl.py
|
|
@ -553,16 +553,11 @@ class SSLSocket(socket):
|
||||||
SSL channel, and the address of the remote client."""
|
SSL channel, and the address of the remote client."""
|
||||||
|
|
||||||
newsock, addr = socket.accept(self)
|
newsock, addr = socket.accept(self)
|
||||||
return (SSLSocket(sock=newsock,
|
newsock = self.context.wrap_socket(newsock,
|
||||||
keyfile=self.keyfile, certfile=self.certfile,
|
do_handshake_on_connect=self.do_handshake_on_connect,
|
||||||
server_side=True,
|
suppress_ragged_eofs=self.suppress_ragged_eofs,
|
||||||
cert_reqs=self.cert_reqs,
|
server_side=True)
|
||||||
ssl_version=self.ssl_version,
|
return newsock, addr
|
||||||
ca_certs=self.ca_certs,
|
|
||||||
ciphers=self.ciphers,
|
|
||||||
do_handshake_on_connect=
|
|
||||||
self.do_handshake_on_connect),
|
|
||||||
addr)
|
|
||||||
|
|
||||||
def get_channel_binding(self, cb_type="tls-unique"):
|
def get_channel_binding(self, cb_type="tls-unique"):
|
||||||
"""Get channel binding data for current connection. Raise ValueError
|
"""Get channel binding data for current connection. Raise ValueError
|
||||||
|
|
|
||||||
|
|
@ -1796,6 +1796,42 @@ else:
|
||||||
t.join()
|
t.join()
|
||||||
server.close()
|
server.close()
|
||||||
|
|
||||||
|
def test_server_accept(self):
|
||||||
|
# Issue #16357: accept() on a SSLSocket created through
|
||||||
|
# SSLContext.wrap_socket().
|
||||||
|
context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
|
||||||
|
context.verify_mode = ssl.CERT_REQUIRED
|
||||||
|
context.load_verify_locations(CERTFILE)
|
||||||
|
context.load_cert_chain(CERTFILE)
|
||||||
|
server = socket.socket(socket.AF_INET)
|
||||||
|
host = "127.0.0.1"
|
||||||
|
port = support.bind_port(server)
|
||||||
|
server = context.wrap_socket(server, server_side=True)
|
||||||
|
|
||||||
|
evt = threading.Event()
|
||||||
|
remote = None
|
||||||
|
peer = None
|
||||||
|
def serve():
|
||||||
|
nonlocal remote, peer
|
||||||
|
server.listen(5)
|
||||||
|
# Block on the accept and wait on the connection to close.
|
||||||
|
evt.set()
|
||||||
|
remote, peer = server.accept()
|
||||||
|
remote.recv(1)
|
||||||
|
|
||||||
|
t = threading.Thread(target=serve)
|
||||||
|
t.start()
|
||||||
|
# Client wait until server setup and perform a connect.
|
||||||
|
evt.wait()
|
||||||
|
client = context.wrap_socket(socket.socket())
|
||||||
|
client.connect((host, port))
|
||||||
|
client_addr = client.getsockname()
|
||||||
|
client.close()
|
||||||
|
t.join()
|
||||||
|
# Sanity checks.
|
||||||
|
self.assertIsInstance(remote, ssl.SSLSocket)
|
||||||
|
self.assertEqual(peer, client_addr)
|
||||||
|
|
||||||
def test_default_ciphers(self):
|
def test_default_ciphers(self):
|
||||||
context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
|
context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
|
||||||
try:
|
try:
|
||||||
|
|
|
||||||
|
|
@ -80,6 +80,9 @@ Core and Builtins
|
||||||
Library
|
Library
|
||||||
-------
|
-------
|
||||||
|
|
||||||
|
- Issue #16357: fix calling accept() on a SSLSocket created through
|
||||||
|
SSLContext.wrap_socket(). Original patch by Jeff McNeil.
|
||||||
|
|
||||||
- Issue #16409: The reporthook callback made by the legacy
|
- Issue #16409: The reporthook callback made by the legacy
|
||||||
urllib.request.urlretrieve API now properly supplies a constant non-zero
|
urllib.request.urlretrieve API now properly supplies a constant non-zero
|
||||||
block_size as it did in Python 3.2 and 2.7. This matches the behavior of
|
block_size as it did in Python 3.2 and 2.7. This matches the behavior of
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue