Keep reference to SSL verify_call in Connection object (#956)

* Keep reference to SSL verify_call in Connection object If a set_verify is used on a context before and after a Connection the reference in the SSL* object still points to the old _verify_helper object. Since this object has no longer any references to it, the callback can result in a segfault. This commit fixes the issues by ensuring that as long as the Connection object/SSL* object lives a reference to the callback function is held. * Add Unit test for set_verify_callback deference
author: Arne Schwabe <arne@rfc2549.org> 2020-11-27 19:29:49 +0100
committer: GitHub <noreply@github.com> 2020-11-27 12:29:49 -0600
commit: 3562df8732f66848342874526d0ce12392d7d62e (patch)
tree: 8ff18795804fd4a6fe4675d9dfacdd4bb6444d8b /src/OpenSSL/SSL.py
parent: f3667e95188e8c14458a7943c7efab3776b04711 (diff)
download: pyopenssl-3562df8732f66848342874526d0ce12392d7d62e.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py
index 3153426..230b403 100644
--- a/src/OpenSSL/SSL.py
+++ b/src/OpenSSL/SSL.py
@@ -1485,6 +1485,12 @@ class Connection(object):
         # avoid them getting freed.
         self._alpn_select_callback_args = None
 
+        # Reference the verify_callback of the Context. This ensures that if
+        # set_verify is called again after the SSL object has been created we
+        # do not point to a dangling reference
+        self._verify_helper = context._verify_helper
+        self._verify_callback = context._verify_callback
+
         self._reverse_mapping[self._ssl] = self
 
         if socket is None:
author	Arne Schwabe <arne@rfc2549.org>	2020-11-27 19:29:49 +0100
committer	GitHub <noreply@github.com>	2020-11-27 12:29:49 -0600
commit	3562df8732f66848342874526d0ce12392d7d62e (patch)
tree	8ff18795804fd4a6fe4675d9dfacdd4bb6444d8b /src/OpenSSL/SSL.py
parent	f3667e95188e8c14458a7943c7efab3776b04711 (diff)
download	pyopenssl-3562df8732f66848342874526d0ce12392d7d62e.tar.gz