diff options
author | Nathaniel J. Smith <njs@pobox.com> | 2021-10-27 15:37:33 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-10-27 18:37:33 -0400 |
commit | 45c5678e48839e08cd290285c052a65ecb4cac80 (patch) | |
tree | 5896a3d321de29c29fdc49ac1cf005c55b4afa42 /src/OpenSSL/SSL.py | |
parent | 2ea56348beb51d78310a1a34abd7cdace1350794 (diff) | |
download | pyopenssl-git-45c5678e48839e08cd290285c052a65ecb4cac80.tar.gz |
Check for invalid ALPN lists before calling OpenSSL, for consistency (#1056)
* Check for invalid ALPN lists before calling OpenSSL, for consistency
Fixes gh-1043
* Soothe flake8
Diffstat (limited to 'src/OpenSSL/SSL.py')
-rw-r--r-- | src/OpenSSL/SSL.py | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py index 59f21ce..8ed91a2 100644 --- a/src/OpenSSL/SSL.py +++ b/src/OpenSSL/SSL.py @@ -1421,6 +1421,12 @@ class Context(object): This list should be a Python list of bytestrings representing the protocols to offer, e.g. ``[b'http/1.1', b'spdy/2']``. """ + # Different versions of OpenSSL are inconsistent about how they handle + # empty proto lists (see #1043), so we avoid the problem entirely by + # rejecting them ourselves. + if not protos: + raise ValueError("at least one protocol must be specified") + # Take the list of protocols and join them together, prefixing them # with their lengths. protostr = b"".join( @@ -2449,6 +2455,12 @@ class Connection(object): This list should be a Python list of bytestrings representing the protocols to offer, e.g. ``[b'http/1.1', b'spdy/2']``. """ + # Different versions of OpenSSL are inconsistent about how they handle + # empty proto lists (see #1043), so we avoid the problem entirely by + # rejecting them ourselves. + if not protos: + raise ValueError("at least one protocol must be specified") + # Take the list of protocols and join them together, prefixing them # with their lengths. protostr = b"".join( |