Handle absence of keylog more gracefully

Author: hyperized

Lib/test/test_ssl.py

@@ -44,6 +44,9 @@
 from ssl import Purpose, TLSVersion, _TLSContentType, _TLSMessageType, _TLSAlertType
 
 Py_DEBUG_WIN32 = support.Py_DEBUG and sys.platform == 'win32'
+HAS_KEYLOG = hasattr(ssl.SSLContext, 'keylog_filename')
+requires_keylog = unittest.skipUnless(
+    HAS_KEYLOG, 'test requires OpenSSL 1.1.1 with keylog callback')
 
 PROTOCOLS = sorted(ssl._PROTOCOL_NAMES)
 HOST = socket_helper.HOST
@@ -1567,6 +1570,7 @@ def msg_cb(conn, direction, version, content_type, msg_type, data, cycle=ctx):
         gc.collect()
         self.assertIs(wr(), None)
 
+    @requires_keylog
     def test_keylog_filename_refcycle(self):
         ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
         ctx.keylog_filename = os_helper.TESTFN
@@ -5282,9 +5286,6 @@ def test_internal_chain_server(self):
                 self.assertEqual(res, b'\x02\n')
 
 
-HAS_KEYLOG = hasattr(ssl.SSLContext, 'keylog_filename')
-requires_keylog = unittest.skipUnless(
-    HAS_KEYLOG, 'test requires OpenSSL 1.1.1 with keylog callback')
 
 class TestSSLDebug(unittest.TestCase):
 
@@ -5294,17 +5295,13 @@ def keylog_lines(self, fname=os_helper.TESTFN):
 
     @requires_keylog
     def test_keylog_defaults(self):
+        os_helper.unlink(os_helper.TESTFN)
         self.addCleanup(os_helper.unlink, os_helper.TESTFN)
         ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
         self.assertEqual(ctx.keylog_filename, None)
 
         self.assertFalse(os.path.isfile(os_helper.TESTFN))
-        try:
-            ctx.keylog_filename = os_helper.TESTFN
-        except RuntimeError:
-            if Py_DEBUG_WIN32:
-                self.skipTest("not supported on Win32 debug build")
-            raise
+        ctx.keylog_filename = os_helper.TESTFN
         self.assertEqual(ctx.keylog_filename, os_helper.TESTFN)
         self.assertTrue(os.path.isfile(os_helper.TESTFN))
         self.assertEqual(self.keylog_lines(), 1)
@@ -5325,12 +5322,7 @@ def test_keylog_filename(self):
         self.addCleanup(os_helper.unlink, os_helper.TESTFN)
         client_context, server_context, hostname = testing_context()
 
-        try:
-            client_context.keylog_filename = os_helper.TESTFN
-        except RuntimeError:
-            if Py_DEBUG_WIN32:
-                self.skipTest("not supported on Win32 debug build")
-            raise
+        client_context.keylog_filename = os_helper.TESTFN
 
         server = ThreadedEchoServer(context=server_context, chatty=False)
         with server:
@@ -5373,12 +5365,7 @@ def test_keylog_env(self):
             ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
             self.assertEqual(ctx.keylog_filename, None)
 
-            try:
-                ctx = ssl.create_default_context()
-            except RuntimeError:
-                if Py_DEBUG_WIN32:
-                    self.skipTest("not supported on Win32 debug build")
-                raise
+            ctx = ssl.create_default_context()
             self.assertEqual(ctx.keylog_filename, os_helper.TESTFN)
 
             ctx = ssl._create_stdlib_context()

Modules/_ssl.c

@@ -316,6 +316,10 @@ enum py_proto_version {
 #define PySSL_CB_MAXLEN 128
 
 
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !(defined(MS_WINDOWS) && defined(Py_DEBUG))
+#  define PY_HAS_KEYLOG 1
+#endif
+
 typedef struct {
     PyObject_HEAD
     SSL_CTX *ctx;
@@ -328,8 +332,10 @@ typedef struct {
     int post_handshake_auth;
 #endif
     PyObject *msg_cb;
+#ifdef PY_HAS_KEYLOG
     PyObject *keylog_filename;
     BIO *keylog_bio;
+#endif
     /* Cached module state, also used in SSLSocket and SSLSession code. */
     _sslmodulestate *state;
 #ifndef OPENSSL_NO_PSK
@@ -355,7 +361,7 @@ typedef struct {
     PyObject_HEAD
     PyObject *Socket; /* weakref to socket on which we're layered */
     SSL *ssl;
-    PySSLContext *ctx; /* weakref to SSL context */
+    PySSLContext *ctx; /* SSL context */
     char shutdown_seen_zero;
     enum py_ssl_server_or_client socket_type;
     PyObject *owner; /* Python level "owner" passed to servername callback */
@@ -2343,7 +2349,8 @@ static int
 _ssl__SSLSocket_context_set_impl(PySSLSocket *self, PyObject *value)
 /*[clinic end generated code: output=6b0a6cc5cf33d9fe input=f7fc1674b660df96]*/
 {
-    if (PyObject_TypeCheck(value, self->ctx->state->PySSLContext_Type)) {
+    _sslmodulestate *state = get_state_obj(self);
+    if (PyObject_TypeCheck(value, state->PySSLContext_Type)) {
         Py_SETREF(self->ctx, (PySSLContext *)Py_NewRef(value));
         SSL_set_SSL_CTX(self->ssl, self->ctx->ctx);
         /* Set SSL* internal msg_callback to state of new context's state */
@@ -3487,8 +3494,10 @@ _ssl__SSLContext_impl(PyTypeObject *type, int proto_version)
     self->ctx = ctx;
     self->protocol = proto_version;
     self->msg_cb = NULL;
+#ifdef PY_HAS_KEYLOG
     self->keylog_filename = NULL;
     self->keylog_bio = NULL;
+#endif
     self->alpn_protocols = NULL;
     self->set_sni_cb = NULL;
     self->state = get_ssl_state(module);
@@ -3599,7 +3608,9 @@ context_traverse(PyObject *op, visitproc visit, void *arg)
     PySSLContext *self = PySSLContext_CAST(op);
     Py_VISIT(self->set_sni_cb);
     Py_VISIT(self->msg_cb);
+#ifdef PY_HAS_KEYLOG
     Py_VISIT(self->keylog_filename);
+#endif
 #ifndef OPENSSL_NO_PSK
     Py_VISIT(self->psk_client_callback);
     Py_VISIT(self->psk_server_callback);
@@ -3614,18 +3625,22 @@ context_clear(PyObject *op)
     PySSLContext *self = PySSLContext_CAST(op);
     Py_CLEAR(self->set_sni_cb);
     Py_CLEAR(self->msg_cb);
+#ifdef PY_HAS_KEYLOG
     Py_CLEAR(self->keylog_filename);
+#endif
 #ifndef OPENSSL_NO_PSK
     Py_CLEAR(self->psk_client_callback);
     Py_CLEAR(self->psk_server_callback);
 #endif
+#ifdef PY_HAS_KEYLOG
     if (self->keylog_bio != NULL) {
         Py_BEGIN_ALLOW_THREADS
         BIO_free_all(self->keylog_bio);
         Py_END_ALLOW_THREADS
         _PySSL_FIX_ERRNO;
         self->keylog_bio = NULL;
     }
+#endif
     return 0;
 }
 
@@ -5680,8 +5695,10 @@ static PyGetSetDef context_getsetlist[] = {
     _SSL__SSLCONTEXT__HOST_FLAGS_GETSETDEF
     _SSL__SSLCONTEXT_MINIMUM_VERSION_GETSETDEF
     _SSL__SSLCONTEXT_MAXIMUM_VERSION_GETSETDEF
+#ifdef PY_HAS_KEYLOG
     {"keylog_filename", _PySSLContext_get_keylog_filename,
                         _PySSLContext_set_keylog_filename, NULL},
+#endif
     {"_msg_callback", _PySSLContext_get_msg_callback,
                       _PySSLContext_set_msg_callback, NULL},
     _SSL__SSLCONTEXT_SNI_CALLBACK_GETSETDEF
@@ -6009,8 +6026,23 @@ PySSLSession_richcompare(PyObject *left, PyObject *right, int op)
         return NULL;
     }
 
+    PySSLSession *left_sess = PySSLSession_CAST(left);
+    PySSLSession *right_sess = PySSLSession_CAST(right);
+
+    if (left_sess->ctx == NULL || right_sess->ctx == NULL) {
+        if (op == Py_EQ) {
+            if (left == right) Py_RETURN_TRUE;
+            Py_RETURN_FALSE;
+        }
+        if (op == Py_NE) {
+            if (left != right) Py_RETURN_TRUE;
+            Py_RETURN_FALSE;
+        }
+        Py_RETURN_NOTIMPLEMENTED;
+    }
+
     int result;
-    PyTypeObject *sesstype = PySSLSession_CAST(left)->ctx->state->PySSLSession_Type;
+    PyTypeObject *sesstype = left_sess->ctx->state->PySSLSession_Type;
 
     if (!Py_IS_TYPE(left, sesstype) || !Py_IS_TYPE(right, sesstype)) {
         Py_RETURN_NOTIMPLEMENTED;

Modules/_ssl/debughelpers.c

@@ -117,6 +117,7 @@ _PySSLContext_set_msg_callback(PyObject *op, PyObject *arg,
     return 0;
 }
 
+#ifdef PY_HAS_KEYLOG
 static void
 _PySSL_keylog_callback(const SSL *ssl, const char *line)
 {
@@ -178,12 +179,6 @@ _PySSLContext_set_keylog_filename(PyObject *op, PyObject *arg,
     PySSLContext *self = PySSLContext_CAST(op);
     FILE *fp;
 
-#if defined(MS_WINDOWS) && defined(Py_DEBUG)
-    PyErr_SetString(PyExc_NotImplementedError,
-                    "set_keylog_filename: unavailable on Windows debug build");
-    return -1;
-#endif
-
     /* Reset variables and callback first */
     SSL_CTX_set_keylog_callback(self->ctx, NULL);
     Py_CLEAR(self->keylog_filename);
@@ -225,3 +220,4 @@ _PySSLContext_set_keylog_filename(PyObject *op, PyObject *arg,
     SSL_CTX_set_keylog_callback(self->ctx, _PySSL_keylog_callback);
     return 0;
 }
+#endif