Stowage/cpython
2
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-12-08 06:10:17 +00:00
Code Issues Projects Releases Packages Wiki Activity

[3.9] gh-121227: Disallow setting an empty list for NPN (GH-137161)

Browse source
This commit is contained in:
Stan Ulbrych 2025-10-07 13:09:33 +01:00 committed by GitHub
parent 312de66fb5
commit a2cdbb6e81
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 10 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
Lib/test/test_ssl.py
View file

@ -4219,6 +4219,12 @@ def test_npn_protocols(self):
if len(stats['server_npn_protocols']) else 'nothing'
self.assertEqual(server_result, expected, msg % (server_result, "server"))
def test_empty_npn_protocols(self):
"""npn_protocols cannot be empty, see CVE-2024-5642 & gh-121227"""
client_context, server_context, hostname = testing_context()
with self.assertRaises(ssl.SSLError):
server_context.set_npn_protocols([])
def sni_contexts(self):
server_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
server_context.load_cert_chain(SIGNED_CERTFILE)