diff options
author | Antoine Pitrou <solipsis@pitrou.net> | 2012-11-11 00:28:22 (GMT) |
---|---|---|
committer | Antoine Pitrou <solipsis@pitrou.net> | 2012-11-11 00:28:22 (GMT) |
commit | 5fb7308318d3eeef89979c954592f226d5e7d825 (patch) | |
tree | 0ad500e4dec60acbdb1c2a93287c04a9911d0052 | |
parent | 601c0591c2423b1dae461e3b4f23777ef8af0fce (diff) | |
parent | 73e9bd4d259c3c213347e45d4bb5bf20fb51c7f4 (diff) | |
download | cpython-5fb7308318d3eeef89979c954592f226d5e7d825.zip cpython-5fb7308318d3eeef89979c954592f226d5e7d825.tar.gz cpython-5fb7308318d3eeef89979c954592f226d5e7d825.tar.bz2 |
Issue #16357: fix calling accept() on a SSLSocket created through SSLContext.wrap_socket().
Original patch by Jeff McNeil.
-rw-r--r-- | Lib/ssl.py | 15 | ||||
-rw-r--r-- | Lib/test/test_ssl.py | 36 | ||||
-rw-r--r-- | Misc/NEWS | 3 |
3 files changed, 44 insertions, 10 deletions
@@ -553,16 +553,11 @@ class SSLSocket(socket): SSL channel, and the address of the remote client.""" newsock, addr = socket.accept(self) - return (SSLSocket(sock=newsock, - keyfile=self.keyfile, certfile=self.certfile, - server_side=True, - cert_reqs=self.cert_reqs, - ssl_version=self.ssl_version, - ca_certs=self.ca_certs, - ciphers=self.ciphers, - do_handshake_on_connect= - self.do_handshake_on_connect), - addr) + newsock = self.context.wrap_socket(newsock, + do_handshake_on_connect=self.do_handshake_on_connect, + suppress_ragged_eofs=self.suppress_ragged_eofs, + server_side=True) + return newsock, addr def get_channel_binding(self, cb_type="tls-unique"): """Get channel binding data for current connection. Raise ValueError diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index 4ce98b6..74abbd2 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -1796,6 +1796,42 @@ else: t.join() server.close() + def test_server_accept(self): + # Issue #16357: accept() on a SSLSocket created through + # SSLContext.wrap_socket(). + context = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + context.verify_mode = ssl.CERT_REQUIRED + context.load_verify_locations(CERTFILE) + context.load_cert_chain(CERTFILE) + server = socket.socket(socket.AF_INET) + host = "127.0.0.1" + port = support.bind_port(server) + server = context.wrap_socket(server, server_side=True) + + evt = threading.Event() + remote = None + peer = None + def serve(): + nonlocal remote, peer + server.listen(5) + # Block on the accept and wait on the connection to close. + evt.set() + remote, peer = server.accept() + remote.recv(1) + + t = threading.Thread(target=serve) + t.start() + # Client wait until server setup and perform a connect. + evt.wait() + client = context.wrap_socket(socket.socket()) + client.connect((host, port)) + client_addr = client.getsockname() + client.close() + t.join() + # Sanity checks. + self.assertIsInstance(remote, ssl.SSLSocket) + self.assertEqual(peer, client_addr) + def test_default_ciphers(self): context = ssl.SSLContext(ssl.PROTOCOL_SSLv23) try: @@ -113,6 +113,9 @@ Core and Builtins Library ------- +- Issue #16357: fix calling accept() on a SSLSocket created through + SSLContext.wrap_socket(). Original patch by Jeff McNeil. + - Issue #16409: The reporthook callback made by the legacy urllib.request.urlretrieve API now properly supplies a constant non-zero block_size as it did in Python 3.2 and 2.7. This matches the behavior of |