Check for invalid ALPN lists before calling OpenSSL, for consistency (#1056)

njsmith · web-flow · commit 45c5678e4883 · 2021-10-27T18:37:33.000-04:00
* Check for invalid ALPN lists before calling OpenSSL, for consistency Fixes gh-1043 * Soothe flake8
diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py
@@ -1421,6 +1421,12 @@ def set_alpn_protos(self, protos):
             This list should be a Python list of bytestrings representing the
             protocols to offer, e.g. ``[b'http/1.1', b'spdy/2']``.
         """
+        # Different versions of OpenSSL are inconsistent about how they handle
+        # empty proto lists (see #1043), so we avoid the problem entirely by
+        # rejecting them ourselves.
+        if not protos:
+            raise ValueError("at least one protocol must be specified")
+
         # Take the list of protocols and join them together, prefixing them
         # with their lengths.
         protostr = b"".join(
@@ -2449,6 +2455,12 @@ def set_alpn_protos(self, protos):
             This list should be a Python list of bytestrings representing the
             protocols to offer, e.g. ``[b'http/1.1', b'spdy/2']``.
         """
+        # Different versions of OpenSSL are inconsistent about how they handle
+        # empty proto lists (see #1043), so we avoid the problem entirely by
+        # rejecting them ourselves.
+        if not protos:
+            raise ValueError("at least one protocol must be specified")
+
         # Take the list of protocols and join them together, prefixing them
         # with their lengths.
         protostr = b"".join(
diff --git a/tests/test_ssl.py b/tests/test_ssl.py
@@ -1928,7 +1928,7 @@ def test_alpn_call_failure(self):
         protocols list. Ensure that we produce a user-visible error.
         """
         context = Context(SSLv23_METHOD)
-        with pytest.raises(Error):
+        with pytest.raises(ValueError):
             context.set_alpn_protos([])
 
     def test_alpn_set_on_connection(self):
