diff options
author | Maximilian Hils <git@maximilianhils.com> | 2021-02-17 20:06:26 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-02-17 13:06:26 -0600 |
commit | 614d6737d84294b038eead384100e2a7a65f717b (patch) | |
tree | 2ce470d6e95682274d762dae0b589ebaebc69ea2 /src | |
parent | d182dab3f7b51c3f3d5c13687f1abba81acd78e4 (diff) | |
download | pyopenssl-git-614d6737d84294b038eead384100e2a7a65f717b.tar.gz |
Check return code of SSL_[CTX_]set_alpn_protos (#993)
* check return code of SSL_CTX_set_alpn_protos, fix #992
* paint it black!
* fix line lengths as well :upside_down_face:
Diffstat (limited to 'src')
-rw-r--r-- | src/OpenSSL/SSL.py | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py index 1900b8c..cd1e9be 100644 --- a/src/OpenSSL/SSL.py +++ b/src/OpenSSL/SSL.py @@ -1375,7 +1375,17 @@ class Context(object): # Build a C string from the list. We don't need to save this off # because OpenSSL immediately copies the data out. input_str = _ffi.new("unsigned char[]", protostr) - _lib.SSL_CTX_set_alpn_protos(self._context, input_str, len(protostr)) + + # https://www.openssl.org/docs/man1.1.0/man3/SSL_CTX_set_alpn_protos.html: + # SSL_CTX_set_alpn_protos() and SSL_set_alpn_protos() + # return 0 on success, and non-0 on failure. + # WARNING: these functions reverse the return value convention. + _openssl_assert( + _lib.SSL_CTX_set_alpn_protos( + self._context, input_str, len(protostr) + ) + == 0 + ) @_requires_alpn def set_alpn_select_callback(self, callback): @@ -2393,7 +2403,14 @@ class Connection(object): # Build a C string from the list. We don't need to save this off # because OpenSSL immediately copies the data out. input_str = _ffi.new("unsigned char[]", protostr) - _lib.SSL_set_alpn_protos(self._ssl, input_str, len(protostr)) + + # https://www.openssl.org/docs/man1.1.0/man3/SSL_CTX_set_alpn_protos.html: + # SSL_CTX_set_alpn_protos() and SSL_set_alpn_protos() + # return 0 on success, and non-0 on failure. + # WARNING: these functions reverse the return value convention. + _openssl_assert( + _lib.SSL_set_alpn_protos(self._ssl, input_str, len(protostr)) == 0 + ) @_requires_alpn def get_alpn_proto_negotiated(self): |