[issue43577] Deadlock when using SSLContext._msg_callback and SSLContext.sni_callback

Sun, 21 Mar 2021 03:22:25 -0700 


Christian Heimes <li...@cheimes.de> added the comment:

Thanks for the excellent bug report and reproducer! I have identified the issue 
and submitted a fix for review. OpenSSL copies the internal msg_callback to SSL 
struct, but SSL_set_SSL_CTX() does not update the msg_callback with value from 
new context.

Could you please open a new bug regarding the issue with SNI and ALPN order? 
This is unrelated. It looks like OpenSSL processes the ALPN extension after the 
SNI extension, 
https://github.com/openssl/openssl/blob/abded2ced44b94d96f08ea5cf01df6519b80f5d3/ssl/ssl_local.h#L740-L769
 . I can see that the state machines fires "final_server_name" first (which 
triggers the SNI callback), then "tls_handle_alpn". This makes sense. This 
allows the new context to select ALPNs.


#0  final_server_name (s=0x8a4080, context=128, sent=1) at 
ssl/statem/extensions.c:925
#1  0x00007fffea3ec146 in tls_parse_all_extensions (x=<optimized out>, 
chainidx=<optimized out>, fin=<optimized out>, exts=<optimized out>, 
context=<optimized out>, 
    s=<optimized out>) at ssl/statem/extensions.c:762
#2  tls_parse_all_extensions (s=0x8a4080, context=128, exts=<optimized out>, 
x=<optimized out>, chainidx=<optimized out>, fin=1) at 
ssl/statem/extensions.c:737
#3  0x00007fffea417db6 in tls_early_post_process_client_hello (s=0x8a4080) at 
ssl/statem/statem_srvr.c:1906
#4  tls_post_process_client_hello (wst=<optimized out>, s=0x8a4080) at 
ssl/statem/statem_srvr.c:2249
#5  ossl_statem_server_post_process_message (s=s@entry=0x8a4080, wst=<optimized 
out>) at ssl/statem/statem_srvr.c:1243
#6  0x00007fffea3fe34c in read_state_machine (s=0x8a4080) at 
ssl/statem/statem.c:664
#7  state_machine (s=0x8a4080, server=<optimized out>) at 
ssl/statem/statem.c:434
#8  0x00007fffea48a9df in _ssl__SSLSocket_do_handshake_impl 
(self=0x7fffe9fe3ed0) at /home/heimes/dev/python/cpython/Modules/_ssl.c:1084
#9  _ssl__SSLSocket_do_handshake (self=0x7fffe9fe3ed0, 
_unused_ignored=<optimized out>) at 
/home/heimes/dev/python/cpython/Modules/clinic/_ssl.c.h:19


#0  tls_handle_alpn (s=0x8a4080) at ssl/statem/statem_srvr.c:2167
#1  0x00007fffea3ec146 in tls_parse_all_extensions (x=<optimized out>, 
chainidx=<optimized out>, fin=<optimized out>, exts=<optimized out>, 
context=<optimized out>, 
    s=<optimized out>) at ssl/statem/extensions.c:762
#2  tls_parse_all_extensions (s=0x8a4080, context=128, exts=<optimized out>, 
x=<optimized out>, chainidx=<optimized out>, fin=1) at 
ssl/statem/extensions.c:737
#3  0x00007fffea417db6 in tls_early_post_process_client_hello (s=0x8a4080) at 
ssl/statem/statem_srvr.c:1906
#4  tls_post_process_client_hello (wst=<optimized out>, s=0x8a4080) at 
ssl/statem/statem_srvr.c:2249
#5  ossl_statem_server_post_process_message (s=s@entry=0x8a4080, wst=<optimized 
out>) at ssl/statem/statem_srvr.c:1243
#6  0x00007fffea3fe34c in read_state_machine (s=0x8a4080) at 
ssl/statem/statem.c:664
#7  state_machine (s=0x8a4080, server=<optimized out>) at 
ssl/statem/statem.c:434
#8  0x00007fffea48a9df in _ssl__SSLSocket_do_handshake_impl 
(self=0x7fffe9fe3ed0) at /home/heimes/dev/python/cpython/Modules/_ssl.c:1084

----------

_______________________________________
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue43577>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Reply via email to