From 61737c212fc5007381fe087a53830b0677cd5e24 Mon Sep 17 00:00:00 2001 From: Seth Michael Larson Date: Sun, 4 Oct 2020 16:19:25 -0500 Subject: [PATCH] Don't set keylog_filename for empty values --- src/urllib3/util/ssl_.py | 6 ++++-- test/with_dummyserver/test_https.py | 12 ++++++++++++ 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/src/urllib3/util/ssl_.py b/src/urllib3/util/ssl_.py index 8773334067..1cb5e7cdc1 100644 --- a/src/urllib3/util/ssl_.py +++ b/src/urllib3/util/ssl_.py @@ -314,9 +314,11 @@ def create_urllib3_context( context.check_hostname = False # Enable logging of TLS session keys via defacto standard environment variable - # 'SSLKEYLOGFILE', if the feature is available (Python 3.8+). + # 'SSLKEYLOGFILE', if the feature is available (Python 3.8+). Skip empty values. if hasattr(context, "keylog_filename"): - context.keylog_filename = os.environ.get("SSLKEYLOGFILE") + sslkeylogfile = os.environ.get("SSLKEYLOGFILE") + if sslkeylogfile: + context.keylog_filename = sslkeylogfile return context diff --git a/test/with_dummyserver/test_https.py b/test/with_dummyserver/test_https.py index 4c587d3432..40998f0fb8 100644 --- a/test/with_dummyserver/test_https.py +++ b/test/with_dummyserver/test_https.py @@ -719,6 +719,18 @@ def test_sslkeylogfile(self, tmpdir, monkeypatch): keylog_file ) + @pytest.mark.parametrize("sslkeylogfile", [None, ""]) + def test_sslkeylogfile_empty(self, monkeypatch, sslkeylogfile): + # Assert that an HTTPS connection doesn't error out when given + # no SSLKEYLOGFILE or an empty value (ie 'SSLKEYLOGFILE=') + if sslkeylogfile is not None: + monkeypatch.setenv("SSLKEYLOGFILE", sslkeylogfile) + else: + monkeypatch.delenv("SSLKEYLOGFILE", raising=False) + with HTTPSConnectionPool(self.host, self.port, ca_certs=DEFAULT_CA) as pool: + r = pool.request("GET", "/") + assert r.status == 200, r.data + def test_alpn_default(self): """Default ALPN protocols are sent by default.""" if not has_alpn() or not has_alpn(ssl.SSLContext):