From 45c5678e48839e08cd290285c052a65ecb4cac80 Mon Sep 17 00:00:00 2001
From: "Nathaniel J. Smith" <njs@pobox.com>
Date: Wed, 27 Oct 2021 15:37:33 -0700
Subject: Check for invalid ALPN lists before calling OpenSSL, for consistency
 (#1056)

* Check for invalid ALPN lists before calling OpenSSL, for consistency

Fixes gh-1043

* Soothe flake8
---
 src/OpenSSL/SSL.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'src/OpenSSL/SSL.py')

diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py
index 59f21ce..8ed91a2 100644
--- a/src/OpenSSL/SSL.py
+++ b/src/OpenSSL/SSL.py
@@ -1421,6 +1421,12 @@ class Context(object):
             This list should be a Python list of bytestrings representing the
             protocols to offer, e.g. ``[b'http/1.1', b'spdy/2']``.
         """
+        # Different versions of OpenSSL are inconsistent about how they handle
+        # empty proto lists (see #1043), so we avoid the problem entirely by
+        # rejecting them ourselves.
+        if not protos:
+            raise ValueError("at least one protocol must be specified")
+
         # Take the list of protocols and join them together, prefixing them
         # with their lengths.
         protostr = b"".join(
@@ -2449,6 +2455,12 @@ class Connection(object):
             This list should be a Python list of bytestrings representing the
             protocols to offer, e.g. ``[b'http/1.1', b'spdy/2']``.
         """
+        # Different versions of OpenSSL are inconsistent about how they handle
+        # empty proto lists (see #1043), so we avoid the problem entirely by
+        # rejecting them ourselves.
+        if not protos:
+            raise ValueError("at least one protocol must be specified")
+
         # Take the list of protocols and join them together, prefixing them
         # with their lengths.
         protostr = b"".join(
-- 
cgit v1.2.1