Adjust for OpenSSL 1.1.1: https://github.com/pyca/pyopenssl/issues/1043 Taken from upstream: https://github.com/pyca/pyopenssl/commit/cc5c00ae5fd3c19d07fff79b5c4a08f5e58697ad diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py index 59f21cec..fcdee047 100644 --- a/src/OpenSSL/SSL.py +++ b/src/OpenSSL/SSL.py @@ -1421,6 +1421,12 @@ def set_alpn_protos(self, protos): This list should be a Python list of bytestrings representing the protocols to offer, e.g. ``[b'http/1.1', b'spdy/2']``. """ + # Different versions of OpenSSL are inconsistent about how they handle empty + # proto lists (see #1043), so we avoid the problem entirely by rejecting them + # ourselves. + if not protos: + raise ValueError("at least one protocol must be specified") + # Take the list of protocols and join them together, prefixing them # with their lengths. protostr = b"".join( @@ -2449,6 +2455,12 @@ def set_alpn_protos(self, protos): This list should be a Python list of bytestrings representing the protocols to offer, e.g. ``[b'http/1.1', b'spdy/2']``. """ + # Different versions of OpenSSL are inconsistent about how they handle empty + # proto lists (see #1043), so we avoid the problem entirely by rejecting them + # ourselves. + if not protos: + raise ValueError("at least one protocol must be specified") + # Take the list of protocols and join them together, prefixing them # with their lengths. protostr = b"".join( diff --git a/tests/test_ssl.py b/tests/test_ssl.py index ffc505d8..ca363b45 100644 --- a/tests/test_ssl.py +++ b/tests/test_ssl.py @@ -1928,7 +1928,7 @@ def test_alpn_call_failure(self): protocols list. Ensure that we produce a user-visible error. """ context = Context(SSLv23_METHOD) - with pytest.raises(Error): + with pytest.raises(ValueError): context.set_alpn_protos([]) def test_alpn_set_on_connection(self):