summary refs log tree commit diff
path: root/gnu/packages/patches/python2-pyopenssl-openssl-compat.patch
blob: a185f4172d1e17de89909e91bd324e4a9dc3ccdd (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
Adjust for OpenSSL 1.1.1:

  https://github.com/pyca/pyopenssl/issues/1043

Taken from upstream:

  https://github.com/pyca/pyopenssl/commit/cc5c00ae5fd3c19d07fff79b5c4a08f5e58697ad

diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py
index 59f21cec..fcdee047 100644
--- a/src/OpenSSL/SSL.py
+++ b/src/OpenSSL/SSL.py
@@ -1421,6 +1421,12 @@ def set_alpn_protos(self, protos):
             This list should be a Python list of bytestrings representing the
             protocols to offer, e.g. ``[b'http/1.1', b'spdy/2']``.
         """
+        # Different versions of OpenSSL are inconsistent about how they handle empty
+        # proto lists (see #1043), so we avoid the problem entirely by rejecting them
+        # ourselves.
+        if not protos:
+            raise ValueError("at least one protocol must be specified")
+
         # Take the list of protocols and join them together, prefixing them
         # with their lengths.
         protostr = b"".join(
@@ -2449,6 +2455,12 @@ def set_alpn_protos(self, protos):
             This list should be a Python list of bytestrings representing the
             protocols to offer, e.g. ``[b'http/1.1', b'spdy/2']``.
         """
+        # Different versions of OpenSSL are inconsistent about how they handle empty
+        # proto lists (see #1043), so we avoid the problem entirely by rejecting them
+        # ourselves.
+        if not protos:
+            raise ValueError("at least one protocol must be specified")
+
         # Take the list of protocols and join them together, prefixing them
         # with their lengths.
         protostr = b"".join(
diff --git a/tests/test_ssl.py b/tests/test_ssl.py
index ffc505d8..ca363b45 100644
--- a/tests/test_ssl.py
+++ b/tests/test_ssl.py
@@ -1928,7 +1928,7 @@ def test_alpn_call_failure(self):
         protocols list. Ensure that we produce a user-visible error.
         """
         context = Context(SSLv23_METHOD)
-        with pytest.raises(Error):
+        with pytest.raises(ValueError):
             context.set_alpn_protos([])
 
     def test_alpn_set_on_connection(self):