This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author christian.heimes
Recipients christian.heimes, theandrew168
Date 2021-03-21.10:21:48
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1616322109.16.0.882465261864.issue43577@roundup.psfhosted.org>
In-reply-to
Content
Thanks for the excellent bug report and reproducer! I have identified the issue and submitted a fix for review. OpenSSL copies the internal msg_callback to SSL struct, but SSL_set_SSL_CTX() does not update the msg_callback with value from new context.

Could you please open a new bug regarding the issue with SNI and ALPN order? This is unrelated. It looks like OpenSSL processes the ALPN extension after the SNI extension, https://github.com/openssl/openssl/blob/abded2ced44b94d96f08ea5cf01df6519b80f5d3/ssl/ssl_local.h#L740-L769 . I can see that the state machines fires "final_server_name" first (which triggers the SNI callback), then "tls_handle_alpn". This makes sense. This allows the new context to select ALPNs.


#0  final_server_name (s=0x8a4080, context=128, sent=1) at ssl/statem/extensions.c:925
#1  0x00007fffea3ec146 in tls_parse_all_extensions (x=<optimized out>, chainidx=<optimized out>, fin=<optimized out>, exts=<optimized out>, context=<optimized out>, 
    s=<optimized out>) at ssl/statem/extensions.c:762
#2  tls_parse_all_extensions (s=0x8a4080, context=128, exts=<optimized out>, x=<optimized out>, chainidx=<optimized out>, fin=1) at ssl/statem/extensions.c:737
#3  0x00007fffea417db6 in tls_early_post_process_client_hello (s=0x8a4080) at ssl/statem/statem_srvr.c:1906
#4  tls_post_process_client_hello (wst=<optimized out>, s=0x8a4080) at ssl/statem/statem_srvr.c:2249
#5  ossl_statem_server_post_process_message (s=s@entry=0x8a4080, wst=<optimized out>) at ssl/statem/statem_srvr.c:1243
#6  0x00007fffea3fe34c in read_state_machine (s=0x8a4080) at ssl/statem/statem.c:664
#7  state_machine (s=0x8a4080, server=<optimized out>) at ssl/statem/statem.c:434
#8  0x00007fffea48a9df in _ssl__SSLSocket_do_handshake_impl (self=0x7fffe9fe3ed0) at /home/heimes/dev/python/cpython/Modules/_ssl.c:1084
#9  _ssl__SSLSocket_do_handshake (self=0x7fffe9fe3ed0, _unused_ignored=<optimized out>) at /home/heimes/dev/python/cpython/Modules/clinic/_ssl.c.h:19


#0  tls_handle_alpn (s=0x8a4080) at ssl/statem/statem_srvr.c:2167
#1  0x00007fffea3ec146 in tls_parse_all_extensions (x=<optimized out>, chainidx=<optimized out>, fin=<optimized out>, exts=<optimized out>, context=<optimized out>, 
    s=<optimized out>) at ssl/statem/extensions.c:762
#2  tls_parse_all_extensions (s=0x8a4080, context=128, exts=<optimized out>, x=<optimized out>, chainidx=<optimized out>, fin=1) at ssl/statem/extensions.c:737
#3  0x00007fffea417db6 in tls_early_post_process_client_hello (s=0x8a4080) at ssl/statem/statem_srvr.c:1906
#4  tls_post_process_client_hello (wst=<optimized out>, s=0x8a4080) at ssl/statem/statem_srvr.c:2249
#5  ossl_statem_server_post_process_message (s=s@entry=0x8a4080, wst=<optimized out>) at ssl/statem/statem_srvr.c:1243
#6  0x00007fffea3fe34c in read_state_machine (s=0x8a4080) at ssl/statem/statem.c:664
#7  state_machine (s=0x8a4080, server=<optimized out>) at ssl/statem/statem.c:434
#8  0x00007fffea48a9df in _ssl__SSLSocket_do_handshake_impl (self=0x7fffe9fe3ed0) at /home/heimes/dev/python/cpython/Modules/_ssl.c:1084
History
Date User Action Args
2021-03-21 10:21:49christian.heimessetrecipients: + christian.heimes, theandrew168
2021-03-21 10:21:49christian.heimessetmessageid: <1616322109.16.0.882465261864.issue43577@roundup.psfhosted.org>
2021-03-21 10:21:49christian.heimeslinkissue43577 messages
2021-03-21 10:21:48christian.heimescreate