bpo-29781: Fix SSLObject.version before handshake (#3364)

SSLObject.version() now correctly returns None when handshake over BIO has not been performed yet. Signed-off-by: Christian Heimes <christian@python.org>
author: Christian Heimes <christian@python.org> 2017-09-06 04:55:40 (GMT)
committer: GitHub <noreply@github.com> 2017-09-06 04:55:40 (GMT)
commit: 6877111648ac3e042ee5d0458cbeb65dd1a84b2d (patch)
tree: c1e843cdc84d478c6ae396e892c274392e84c95e
parent: 3463ee3972e0d14351ee18bce60ecfbf7ac96772 (diff)
download: cpython-6877111648ac3e042ee5d0458cbeb65dd1a84b2d.zip
cpython-6877111648ac3e042ee5d0458cbeb65dd1a84b2d.tar.gz
cpython-6877111648ac3e042ee5d0458cbeb65dd1a84b2d.tar.bz2
3 files changed, 8 insertions, 0 deletions
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index a8ffef0..16cad9d 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -1746,6 +1746,7 @@ class SimpleBackgroundTests(unittest.TestCase):
         sslobj = ctx.wrap_bio(incoming, outgoing, False, 'localhost')
         self.assertIs(sslobj._sslobj.owner, sslobj)
         self.assertIsNone(sslobj.cipher())
+        self.assertIsNone(sslobj.version())
         self.assertIsNotNone(sslobj.shared_ciphers())
         self.assertRaises(ValueError, sslobj.getpeercert)
         if 'tls-unique' in ssl.CHANNEL_BINDING_TYPES:
@@ -1753,6 +1754,7 @@ class SimpleBackgroundTests(unittest.TestCase):
         self.ssl_io_loop(sock, incoming, outgoing, sslobj.do_handshake)
         self.assertTrue(sslobj.cipher())
         self.assertIsNotNone(sslobj.shared_ciphers())
+        self.assertIsNotNone(sslobj.version())
         self.assertTrue(sslobj.getpeercert())
         if 'tls-unique' in ssl.CHANNEL_BINDING_TYPES:
             self.assertTrue(sslobj.get_channel_binding('tls-unique'))
diff --git a/Misc/NEWS.d/next/Security/2017-09-05-15-26-30.bpo-29781.LwYtBP.rst b/Misc/NEWS.d/next/Security/2017-09-05-15-26-30.bpo-29781.LwYtBP.rst
new file mode 100644
index 0000000..b9106a5
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2017-09-05-15-26-30.bpo-29781.LwYtBP.rst
@@ -0,0 +1,2 @@
+SSLObject.version() now correctly returns None when handshake over BIO has
+not been performed yet.
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index b001bca..2fa6bd2 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -1706,6 +1706,10 @@ _ssl__SSLSocket_version_impl(PySSLSocket *self)
 
     if (self->ssl == NULL)
         Py_RETURN_NONE;
+    if (!SSL_is_init_finished(self->ssl)) {
+        /* handshake not finished */
+        Py_RETURN_NONE;
+    }
     version = SSL_get_version(self->ssl);
     if (!strcmp(version, "unknown"))
         Py_RETURN_NONE;
author	Christian Heimes <christian@python.org>	2017-09-06 04:55:40 (GMT)
committer	GitHub <noreply@github.com>	2017-09-06 04:55:40 (GMT)
commit	6877111648ac3e042ee5d0458cbeb65dd1a84b2d (patch)
tree	c1e843cdc84d478c6ae396e892c274392e84c95e
parent	3463ee3972e0d14351ee18bce60ecfbf7ac96772 (diff)
download	cpython-6877111648ac3e042ee5d0458cbeb65dd1a84b2d.zip cpython-6877111648ac3e042ee5d0458cbeb65dd1a84b2d.tar.gz cpython-6877111648ac3e042ee5d0458cbeb65dd1a84b2d.tar.bz2