[Python-checkins] cpython (merge 3.3 -> default): Issue #16357: fix calling accept() on a SSLSocket created through
antoine.pitrou
python-checkins at python.org
Sun Nov 11 01:29:17 CET 2012
http://hg.python.org/cpython/rev/5fc30f0277a5
changeset: 80348:5fc30f0277a5
parent: 80345:dcf9a07830a6
parent: 80347:9510a9641c80
user: Antoine Pitrou <solipsis at pitrou.net>
date: Sun Nov 11 01:28:22 2012 +0100
summary:
Issue #16357: fix calling accept() on a SSLSocket created through SSLContext.wrap_socket().
Original patch by Jeff McNeil.
files:
Lib/ssl.py | 15 ++++--------
Lib/test/test_ssl.py | 36 ++++++++++++++++++++++++++++++++
Misc/NEWS | 3 ++
3 files changed, 44 insertions(+), 10 deletions(-)
diff --git a/Lib/ssl.py b/Lib/ssl.py
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@ -553,16 +553,11 @@
SSL channel, and the address of the remote client."""
newsock, addr = socket.accept(self)
- return (SSLSocket(sock=newsock,
- keyfile=self.keyfile, certfile=self.certfile,
- server_side=True,
- cert_reqs=self.cert_reqs,
- ssl_version=self.ssl_version,
- ca_certs=self.ca_certs,
- ciphers=self.ciphers,
- do_handshake_on_connect=
- self.do_handshake_on_connect),
- addr)
+ newsock = self.context.wrap_socket(newsock,
+ do_handshake_on_connect=self.do_handshake_on_connect,
+ suppress_ragged_eofs=self.suppress_ragged_eofs,
+ server_side=True)
+ return newsock, addr
def get_channel_binding(self, cb_type="tls-unique"):
"""Get channel binding data for current connection. Raise ValueError
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -1796,6 +1796,42 @@
t.join()
server.close()
+ def test_server_accept(self):
+ # Issue #16357: accept() on a SSLSocket created through
+ # SSLContext.wrap_socket().
+ context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ context.verify_mode = ssl.CERT_REQUIRED
+ context.load_verify_locations(CERTFILE)
+ context.load_cert_chain(CERTFILE)
+ server = socket.socket(socket.AF_INET)
+ host = "127.0.0.1"
+ port = support.bind_port(server)
+ server = context.wrap_socket(server, server_side=True)
+
+ evt = threading.Event()
+ remote = None
+ peer = None
+ def serve():
+ nonlocal remote, peer
+ server.listen(5)
+ # Block on the accept and wait on the connection to close.
+ evt.set()
+ remote, peer = server.accept()
+ remote.recv(1)
+
+ t = threading.Thread(target=serve)
+ t.start()
+ # Client wait until server setup and perform a connect.
+ evt.wait()
+ client = context.wrap_socket(socket.socket())
+ client.connect((host, port))
+ client_addr = client.getsockname()
+ client.close()
+ t.join()
+ # Sanity checks.
+ self.assertIsInstance(remote, ssl.SSLSocket)
+ self.assertEqual(peer, client_addr)
+
def test_default_ciphers(self):
context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
try:
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -113,6 +113,9 @@
Library
-------
+- Issue #16357: fix calling accept() on a SSLSocket created through
+ SSLContext.wrap_socket(). Original patch by Jeff McNeil.
+
- Issue #16409: The reporthook callback made by the legacy
urllib.request.urlretrieve API now properly supplies a constant non-zero
block_size as it did in Python 3.2 and 2.7. This matches the behavior of
--
Repository URL: http://hg.python.org/cpython
More information about the Python-checkins
mailing list