commit c8b599ff0a4e4782e97e353a20146d3570845dbc
author Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> Tue Jul 07 21:37:50 2020 -0700
committer GitHub <noreply@github.com> Tue Jul 07 21:37:50 2020 -0700
tree f831341ebdfab7bad093a825188c68ee2b2058a9
parent 730bce3a80819e0b7fa6bfa1e1afcd4c837b62c1

closes bpo-41235: Fix the error handling in SSLContext.load_dh_params() (GH-21385)

(cherry picked from commit aebc0495572c5bb85d2bd97d27cf93ab038b5a6a)

Co-authored-by: Zackery Spytz <zspytz@gmail.com>

Misc/NEWS.d/next/Library/2020-07-07-21-56-26.bpo-41235.H2csMU.rst

diff --git a/Misc/NEWS.d/next/Library/2020-07-07-21-56-26.bpo-41235.H2csMU.rst b/Misc/NEWS.d/next/Library/2020-07-07-21-56-26.bpo-41235.H2csMU.rst
new file mode 100644
index 0000000..c55275b
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2020-07-07-21-56-26.bpo-41235.H2csMU.rst
@@ -0,0 +1 @@
+Fix the error handling in :meth:`ssl.SSLContext.load_dh_params`.

Modules/_ssl.c

diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 9fbaecb..8ee2c17 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -4312,8 +4312,10 @@
         }
         return NULL;
     }
-    if (SSL_CTX_set_tmp_dh(self->ctx, dh) == 0)
-        _setSSLError(NULL, 0, __FILE__, __LINE__);
+    if (!SSL_CTX_set_tmp_dh(self->ctx, dh)) {
+        DH_free(dh);
+        return _setSSLError(NULL, 0, __FILE__, __LINE__);
+    }
     DH_free(dh);
     Py_RETURN_NONE;
 }