Message389222
Thanks for the excellent bug report and reproducer! I have identified the issue and submitted a fix for review. OpenSSL copies the internal msg_callback to SSL struct, but SSL_set_SSL_CTX() does not update the msg_callback with value from new context.
Could you please open a new bug regarding the issue with SNI and ALPN order? This is unrelated. It looks like OpenSSL processes the ALPN extension after the SNI extension, https://github.com/openssl/openssl/blob/abded2ced44b94d96f08ea5cf01df6519b80f5d3/ssl/ssl_local.h#L740-L769 . I can see that the state machines fires "final_server_name" first (which triggers the SNI callback), then "tls_handle_alpn". This makes sense. This allows the new context to select ALPNs.
#0 final_server_name (s=0x8a4080, context=128, sent=1) at ssl/statem/extensions.c:925
#1 0x00007fffea3ec146 in tls_parse_all_extensions (x=<optimized out>, chainidx=<optimized out>, fin=<optimized out>, exts=<optimized out>, context=<optimized out>,
s=<optimized out>) at ssl/statem/extensions.c:762
#2 tls_parse_all_extensions (s=0x8a4080, context=128, exts=<optimized out>, x=<optimized out>, chainidx=<optimized out>, fin=1) at ssl/statem/extensions.c:737
#3 0x00007fffea417db6 in tls_early_post_process_client_hello (s=0x8a4080) at ssl/statem/statem_srvr.c:1906
#4 tls_post_process_client_hello (wst=<optimized out>, s=0x8a4080) at ssl/statem/statem_srvr.c:2249
#5 ossl_statem_server_post_process_message (s=s@entry=0x8a4080, wst=<optimized out>) at ssl/statem/statem_srvr.c:1243
#6 0x00007fffea3fe34c in read_state_machine (s=0x8a4080) at ssl/statem/statem.c:664
#7 state_machine (s=0x8a4080, server=<optimized out>) at ssl/statem/statem.c:434
#8 0x00007fffea48a9df in _ssl__SSLSocket_do_handshake_impl (self=0x7fffe9fe3ed0) at /home/heimes/dev/python/cpython/Modules/_ssl.c:1084
#9 _ssl__SSLSocket_do_handshake (self=0x7fffe9fe3ed0, _unused_ignored=<optimized out>) at /home/heimes/dev/python/cpython/Modules/clinic/_ssl.c.h:19
#0 tls_handle_alpn (s=0x8a4080) at ssl/statem/statem_srvr.c:2167
#1 0x00007fffea3ec146 in tls_parse_all_extensions (x=<optimized out>, chainidx=<optimized out>, fin=<optimized out>, exts=<optimized out>, context=<optimized out>,
s=<optimized out>) at ssl/statem/extensions.c:762
#2 tls_parse_all_extensions (s=0x8a4080, context=128, exts=<optimized out>, x=<optimized out>, chainidx=<optimized out>, fin=1) at ssl/statem/extensions.c:737
#3 0x00007fffea417db6 in tls_early_post_process_client_hello (s=0x8a4080) at ssl/statem/statem_srvr.c:1906
#4 tls_post_process_client_hello (wst=<optimized out>, s=0x8a4080) at ssl/statem/statem_srvr.c:2249
#5 ossl_statem_server_post_process_message (s=s@entry=0x8a4080, wst=<optimized out>) at ssl/statem/statem_srvr.c:1243
#6 0x00007fffea3fe34c in read_state_machine (s=0x8a4080) at ssl/statem/statem.c:664
#7 state_machine (s=0x8a4080, server=<optimized out>) at ssl/statem/statem.c:434
#8 0x00007fffea48a9df in _ssl__SSLSocket_do_handshake_impl (self=0x7fffe9fe3ed0) at /home/heimes/dev/python/cpython/Modules/_ssl.c:1084 |
|
Date |
User |
Action |
Args |
2021-03-21 10:21:49 | christian.heimes | set | recipients:
+ christian.heimes, theandrew168 |
2021-03-21 10:21:49 | christian.heimes | set | messageid: <1616322109.16.0.882465261864.issue43577@roundup.psfhosted.org> |
2021-03-21 10:21:49 | christian.heimes | link | issue43577 messages |
2021-03-21 10:21:48 | christian.heimes | create | |
|