cpython.git - https://github.com/python/cpython.git

diff options

author	David Benjamin <davidben@google.com>	2024-02-16 00:24:51 (GMT)
committer	GitHub <noreply@github.com>	2024-02-16 00:24:51 (GMT)
commit	bce693111bff906ccf9281c22371331aaff766ab (patch)
tree	adb32926f0d0560e5126a9950a3905ac15ec2646 /Python/sysmodule.c
parent	58cb634632cd4d27e1348320665bcfa010e9cbb2 (diff)
download	cpython-bce693111bff906ccf9281c22371331aaff766ab.zip cpython-bce693111bff906ccf9281c22371331aaff766ab.tar.gz cpython-bce693111bff906ccf9281c22371331aaff766ab.tar.bz2

gh-114572: Fix locking in cert_store_stats and get_ca_certs (#114573)

* gh-114572: Fix locking in cert_store_stats and get_ca_certs cert_store_stats and get_ca_certs query the SSLContext's X509_STORE with X509_STORE_get0_objects, but reading the result requires a lock. See https://github.com/openssl/openssl/pull/23224 for details. Instead, use X509_STORE_get1_objects, newly added in that PR. X509_STORE_get1_objects does not exist in current OpenSSLs, but we can polyfill it with X509_STORE_lock and X509_STORE_unlock. * Work around const-correctness problem * Add missing X509_STORE_get1_objects failure check * Add blurb

Diffstat (limited to 'Python/sysmodule.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: