diff options
author | Arne Schwabe <arne@rfc2549.org> | 2020-11-27 19:29:49 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-11-27 12:29:49 -0600 |
commit | 3562df8732f66848342874526d0ce12392d7d62e (patch) | |
tree | 8ff18795804fd4a6fe4675d9dfacdd4bb6444d8b /src/OpenSSL/SSL.py | |
parent | f3667e95188e8c14458a7943c7efab3776b04711 (diff) | |
download | pyopenssl-3562df8732f66848342874526d0ce12392d7d62e.tar.gz |
Keep reference to SSL verify_call in Connection object (#956)
* Keep reference to SSL verify_call in Connection object
If a set_verify is used on a context before and after a Connection
the reference in the SSL* object still points to the old _verify_helper
object. Since this object has no longer any references to it, the
callback can result in a segfault.
This commit fixes the issues by ensuring that as long as the
Connection object/SSL* object lives a reference to the callback
function is held.
* Add Unit test for set_verify_callback deference
Diffstat (limited to 'src/OpenSSL/SSL.py')
-rw-r--r-- | src/OpenSSL/SSL.py | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py index 3153426..230b403 100644 --- a/src/OpenSSL/SSL.py +++ b/src/OpenSSL/SSL.py @@ -1485,6 +1485,12 @@ class Connection(object): # avoid them getting freed. self._alpn_select_callback_args = None + # Reference the verify_callback of the Context. This ensures that if + # set_verify is called again after the SSL object has been created we + # do not point to a dangling reference + self._verify_helper = context._verify_helper + self._verify_callback = context._verify_callback + self._reverse_mapping[self._ssl] = self if socket is None: |