diff options
author | Jean-Paul Calderone <exarkun@twistedmatrix.com> | 2012-02-14 16:51:35 -0500 |
---|---|---|
committer | Jean-Paul Calderone <exarkun@twistedmatrix.com> | 2012-02-14 16:51:35 -0500 |
commit | 5ea41495ab07f449339b03014c1513429b7625ac (patch) | |
tree | ccec7a1e96a54fa718ce2783816c6e18b750c385 | |
parent | fef5c4b8a31f2ed7d641b2e75ad22e2c5920ed32 (diff) | |
download | pyopenssl-5ea41495ab07f449339b03014c1513429b7625ac.tar.gz |
I don't always read OpenSSL source, but when I do I WISH I WERE DEAD
-rwxr-xr-x | OpenSSL/ssl/connection.c | 3 | ||||
-rw-r--r-- | OpenSSL/test/test_ssl.py | 31 |
2 files changed, 33 insertions, 1 deletions
diff --git a/OpenSSL/ssl/connection.c b/OpenSSL/ssl/connection.c index f7994a3..ebbe39f 100755 --- a/OpenSSL/ssl/connection.c +++ b/OpenSSL/ssl/connection.c @@ -1300,7 +1300,8 @@ ssl_Connection_set_session(ssl_ConnectionObj *self, PyObject *args) { } if (SSL_set_session(self->ssl, session->session) == 0) { - /* XXX Under what conditions does this fail? I have no idea. + /* The only case which leads to this seems to be a mismatch, between + * this connection and the session, of the SSL method. */ exception_from_error_queue(ssl_Error); return NULL; diff --git a/OpenSSL/test/test_ssl.py b/OpenSSL/test/test_ssl.py index 87c8fe6..e241112 100644 --- a/OpenSSL/test/test_ssl.py +++ b/OpenSSL/test/test_ssl.py @@ -1544,6 +1544,37 @@ class ConnectionTests(TestCase, _LoopbackMixin): originalServer.master_key(), resumedServer.master_key()) + def test_set_session_wrong_method(self): + """ + """ + key = load_privatekey(FILETYPE_PEM, server_key_pem) + cert = load_certificate(FILETYPE_PEM, server_cert_pem) + ctx = Context(TLSv1_METHOD) + ctx.use_privatekey(key) + ctx.use_certificate(cert) + ctx.set_session_id("unity-test") + + def makeServer(socket): + server = Connection(ctx, socket) + server.set_accept_state() + return server + + originalServer, originalClient = self._loopback( + serverFactory=makeServer) + originalSession = originalClient.get_session() + + def makeClient(socket): + # Intentionally use a different, incompatible method here. + client = Connection(Context(SSLv3_METHOD), socket) + client.set_connect_state() + client.set_session(originalSession) + return client + + self.assertRaises( + Error, + self._loopback, clientFactory=makeClient, serverFactory=makeServer) + + class ConnectionGetCipherListTests(TestCase): """ |