bpo-43577: Fix deadlock with SSLContext._msg_callback and sni_callback (GH-24957)
OpenSSL copies the internal message callback from SSL_CTX->msg_callback to
SSL->msg_callback. SSL_set_SSL_CTX() does not update SSL->msg_callback
to use the callback value of the new context.
PySSL_set_context() now resets the callback and _PySSL_msg_callback()
resets thread state in error path.
Signed-off-by: Christian Heimes <christian@python.org>
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index ade7ef5..bed0d41 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -4764,6 +4764,28 @@ def msg_cb(conn, direction, version, content_type, msg_type, data):
msg
)
+ def test_msg_callback_deadlock_bpo43577(self):
+ client_context, server_context, hostname = testing_context()
+ server_context2 = testing_context()[1]
+
+ def msg_cb(conn, direction, version, content_type, msg_type, data):
+ pass
+
+ def sni_cb(sock, servername, ctx):
+ sock.context = server_context2
+
+ server_context._msg_callback = msg_cb
+ server_context.sni_callback = sni_cb
+
+ server = ThreadedEchoServer(context=server_context, chatty=False)
+ with server:
+ with client_context.wrap_socket(socket.socket(),
+ server_hostname=hostname) as s:
+ s.connect((HOST, server.port))
+ with client_context.wrap_socket(socket.socket(),
+ server_hostname=hostname) as s:
+ s.connect((HOST, server.port))
+
def test_main(verbose=False):
if support.verbose: