[Python-checkins] [3.6] bpo-29781: Fix SSLObject.version before handshake (GH-3364) (#3381)

Christian Heimes webhook-mailer at python.org
Wed Sep 6 09:42:34 EDT 2017 

https://github.com/python/cpython/commit/6da379bde345926e1f7318ead973767f4d791d3e
commit: 6da379bde345926e1f7318ead973767f4d791d3e
branch: 3.6
author: Christian Heimes <christian at python.org>
committer: GitHub <noreply at github.com>
date: 2017-09-06T06:42:30-07:00
summary:

[3.6] bpo-29781: Fix SSLObject.version before handshake (GH-3364) (#3381)

SSLObject.version() now correctly returns None when handshake over BIO has
not been performed yet.

Signed-off-by: Christian Heimes <christian at python.org>
(cherry picked from commit 6877111)

files:
A Misc/NEWS.d/next/Security/2017-09-05-15-26-30.bpo-29781.LwYtBP.rst
M Lib/test/test_ssl.py
M Modules/_ssl.c

diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index 29d4b4083da..4191d9036e4 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -1736,6 +1736,7 @@ def test_bio_handshake(self):
         sslobj = ctx.wrap_bio(incoming, outgoing, False, 'localhost')
         self.assertIs(sslobj._sslobj.owner, sslobj)
         self.assertIsNone(sslobj.cipher())
+        self.assertIsNone(sslobj.version())
         self.assertIsNotNone(sslobj.shared_ciphers())
         self.assertRaises(ValueError, sslobj.getpeercert)
         if 'tls-unique' in ssl.CHANNEL_BINDING_TYPES:
@@ -1743,6 +1744,7 @@ def test_bio_handshake(self):
         self.ssl_io_loop(sock, incoming, outgoing, sslobj.do_handshake)
         self.assertTrue(sslobj.cipher())
         self.assertIsNotNone(sslobj.shared_ciphers())
+        self.assertIsNotNone(sslobj.version())
         self.assertTrue(sslobj.getpeercert())
         if 'tls-unique' in ssl.CHANNEL_BINDING_TYPES:
             self.assertTrue(sslobj.get_channel_binding('tls-unique'))
diff --git a/Misc/NEWS.d/next/Security/2017-09-05-15-26-30.bpo-29781.LwYtBP.rst b/Misc/NEWS.d/next/Security/2017-09-05-15-26-30.bpo-29781.LwYtBP.rst
new file mode 100644
index 00000000000..b9106a5f744
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2017-09-05-15-26-30.bpo-29781.LwYtBP.rst
@@ -0,0 +1,2 @@
+SSLObject.version() now correctly returns None when handshake over BIO has
+not been performed yet.
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index b5eab0f1c4b..25fb8090f43 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -1695,6 +1695,10 @@ _ssl__SSLSocket_version_impl(PySSLSocket *self)
 
     if (self->ssl == NULL)
         Py_RETURN_NONE;
+    if (!SSL_is_init_finished(self->ssl)) {
+        /* handshake not finished */
+        Py_RETURN_NONE;
+    }
     version = SSL_get_version(self->ssl);
     if (!strcmp(version, "unknown"))
         Py_RETURN_NONE;

More information about the Python-checkins mailing list