guix/gnu/packages/patches/python2-pyopenssl-openssl-compat.patch
Marius Bakke 6f22596b1c
gnu: python-pyopenssl: Update to 22.0.0.
* gnu/packages/python-crypto.scm (python-pyopenssl): Update to 22.0.0.
[arguments]: Respect TESTS? in check phase and rewrite in gexp style.
(python2-pyopenssl): Update to 21.0.0.
[source](patches): New field.
* gnu/packages/patches/python2-pyopenssl-openssl-compat.patch: New file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
2022-02-13 15:15:58 +01:00

51 lines
2 KiB
Diff

Adjust for OpenSSL 1.1.1:
https://github.com/pyca/pyopenssl/issues/1043
Taken from upstream:
https://github.com/pyca/pyopenssl/commit/cc5c00ae5fd3c19d07fff79b5c4a08f5e58697ad
diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py
index 59f21cec..fcdee047 100644
--- a/src/OpenSSL/SSL.py
+++ b/src/OpenSSL/SSL.py
@@ -1421,6 +1421,12 @@ def set_alpn_protos(self, protos):
This list should be a Python list of bytestrings representing the
protocols to offer, e.g. ``[b'http/1.1', b'spdy/2']``.
"""
+ # Different versions of OpenSSL are inconsistent about how they handle empty
+ # proto lists (see #1043), so we avoid the problem entirely by rejecting them
+ # ourselves.
+ if not protos:
+ raise ValueError("at least one protocol must be specified")
+
# Take the list of protocols and join them together, prefixing them
# with their lengths.
protostr = b"".join(
@@ -2449,6 +2455,12 @@ def set_alpn_protos(self, protos):
This list should be a Python list of bytestrings representing the
protocols to offer, e.g. ``[b'http/1.1', b'spdy/2']``.
"""
+ # Different versions of OpenSSL are inconsistent about how they handle empty
+ # proto lists (see #1043), so we avoid the problem entirely by rejecting them
+ # ourselves.
+ if not protos:
+ raise ValueError("at least one protocol must be specified")
+
# Take the list of protocols and join them together, prefixing them
# with their lengths.
protostr = b"".join(
diff --git a/tests/test_ssl.py b/tests/test_ssl.py
index ffc505d8..ca363b45 100644
--- a/tests/test_ssl.py
+++ b/tests/test_ssl.py
@@ -1928,7 +1928,7 @@ def test_alpn_call_failure(self):
protocols list. Ensure that we produce a user-visible error.
"""
context = Context(SSLv23_METHOD)
- with pytest.raises(Error):
+ with pytest.raises(ValueError):
context.set_alpn_protos([])
def test_alpn_set_on_connection(self):