bpo-43577: Fix deadlock with SSLContext._msg_callback and sni_callback (GH-24957) OpenSSL copies the internal message callback from SSL_CTX->msg_callback to SSL->msg_callback. SSL_set_SSL_CTX() does not update SSL->msg_callback to use the callback value of the new context. PySSL_set_context() now resets the callback and _PySSL_msg_callback() resets thread state in error path. Signed-off-by: Christian Heimes <christian@python.org>

commit: 77cde5042a2f1eae489c11a67540afaf43cd5cdf [log] [tgz]
author: Christian Heimes <christian@python.org> Sun Mar 21 16:13:09 2021 +0100
committer: GitHub <noreply@github.com> Sun Mar 21 16:13:09 2021 +0100
tree: e1e273a3a52bf3fb90de8eaab8503cc884db2c13
parent: 20a5b7e986377bdfd929d7e8c4e3db5847dfdb2d [diff] [blame]
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index bea144c..f3c3b20 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c

@@ -2202,6 +2202,11 @@ static int PySSL_set_context(PySSLSocket *self, PyObject *value,
         Py_INCREF(value);
         Py_SETREF(self->ctx, (PySSLContext *)value);
         SSL_set_SSL_CTX(self->ssl, self->ctx->ctx);
+        /* Set SSL* internal msg_callback to state of new context's state */
+        SSL_set_msg_callback(
+            self->ssl,
+            self->ctx->msg_cb ? _PySSL_msg_callback : NULL
+        );
 #endif
     } else {
         PyErr_SetString(PyExc_TypeError, "The value must be a SSLContext");
commit	77cde5042a2f1eae489c11a67540afaf43cd5cdf	[log] [tgz]
author	Christian Heimes <christian@python.org>	Sun Mar 21 16:13:09 2021 +0100
committer	GitHub <noreply@github.com>	Sun Mar 21 16:13:09 2021 +0100
tree	e1e273a3a52bf3fb90de8eaab8503cc884db2c13
parent	20a5b7e986377bdfd929d7e8c4e3db5847dfdb2d [diff] [blame]