Skip to content

Commit 8cb7d7f

Browse files
authored
gh-117310: Remove extra DECREF on "no ciphers" error path in _ssl._SSLContext constructor (#117309)
Remove extra self DECREF on ssl "no ciphers" error path. This doesn't come up in practice because nobody links against a broken OpenSSL library that provides nothing.
1 parent 6c8ac8a commit 8cb7d7f

File tree

2 files changed

+4
-1
lines changed

2 files changed

+4
-1
lines changed
Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
Fixed an unlikely early & extra ``Py_DECREF`` triggered crash in :mod:`ssl`
2+
when creating a new ``_ssl._SSLContext`` if CPython was built implausibly such
3+
that the default cipher list is empty **or** the SSL library it was linked
4+
against reports a failure from its C ``SSL_CTX_set_cipher_list()`` API.

Modules/_ssl.c

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3166,7 +3166,6 @@ _ssl__SSLContext_impl(PyTypeObject *type, int proto_version)
31663166
result = SSL_CTX_set_cipher_list(ctx, "HIGH:!aNULL:!eNULL");
31673167
}
31683168
if (result == 0) {
3169-
Py_DECREF(self);
31703169
ERR_clear_error();
31713170
PyErr_SetString(get_state_ctx(self)->PySSLErrorObject,
31723171
"No cipher can be selected.");

0 commit comments

Comments
 (0)