12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879 |
- From edd541897b9c28ee0d0f0131746aa5f19665a104 Mon Sep 17 00:00:00 2001
- From: Christian Heimes <christian@python.org>
- Date: Sat, 24 Mar 2018 19:34:15 +0100
- Subject: [PATCH] [2.7] bpo-33127: Compatibility patch for LibreSSL 2.7.0
- (GH-6210) (GH-6215)
- LibreSSL 2.7 introduced OpenSSL 1.1.0 API. The ssl module now detects
- LibreSSL 2.7 and only provides API shims for OpenSSL < 1.1.0 and
- LibreSSL < 2.7.
- Documentation updates and fixes for failing tests will be provided in
- another patch set.
- Signed-off-by: Christian Heimes <christian@python.org>.
- (cherry picked from commit 4ca0739c9d97ac7cd45499e0d31be68dc659d0e1)
- Co-authored-by: Christian Heimes <christian@python.org>
- ---
- .../2018-03-24-15-08-24.bpo-33127.olJmHv.rst | 1 +
- Modules/_ssl.c | 24 ++++++++++++++--------
- Tools/ssl/multissltests.py | 3 ++-
- 3 files changed, 19 insertions(+), 9 deletions(-)
- create mode 100644 Misc/NEWS.d/next/Library/2018-03-24-15-08-24.bpo-33127.olJmHv.rst
- diff --git a/Modules/_ssl.c b/Modules/_ssl.c
- index da8b20f54f..d0ce913d3d 100644
- --- a/Modules/_ssl.c
- +++ b/Modules/_ssl.c
- @@ -102,6 +102,12 @@ struct py_ssl_library_code {
-
- #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)
- # define OPENSSL_VERSION_1_1 1
- +# define PY_OPENSSL_1_1_API 1
- +#endif
- +
- +/* LibreSSL 2.7.0 provides necessary OpenSSL 1.1.0 APIs */
- +#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x2070000fL
- +# define PY_OPENSSL_1_1_API 1
- #endif
-
- /* Openssl comes with TLSv1.1 and TLSv1.2 between 1.0.0h and 1.0.1
- @@ -149,16 +155,18 @@ struct py_ssl_library_code {
- #define INVALID_SOCKET (-1)
- #endif
-
- -#ifdef OPENSSL_VERSION_1_1
- -/* OpenSSL 1.1.0+ */
- -#ifndef OPENSSL_NO_SSL2
- -#define OPENSSL_NO_SSL2
- -#endif
- -#else /* OpenSSL < 1.1.0 */
- -#if defined(WITH_THREAD)
- +/* OpenSSL 1.0.2 and LibreSSL needs extra code for locking */
- +#if !defined(OPENSSL_VERSION_1_1) && defined(WITH_THREAD)
- #define HAVE_OPENSSL_CRYPTO_LOCK
- #endif
-
- +#if defined(OPENSSL_VERSION_1_1) && !defined(OPENSSL_NO_SSL2)
- +#define OPENSSL_NO_SSL2
- +#endif
- +
- +#ifndef PY_OPENSSL_1_1_API
- +/* OpenSSL 1.1 API shims for OpenSSL < 1.1.0 and LibreSSL < 2.7.0 */
- +
- #define TLS_method SSLv23_method
-
- static int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne)
- @@ -201,7 +209,7 @@ static X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *store)
- {
- return store->param;
- }
- -#endif /* OpenSSL < 1.1.0 or LibreSSL */
- +#endif /* OpenSSL < 1.1.0 or LibreSSL < 2.7.0 */
-
-
- enum py_ssl_error {
- --
- 2.16.1
|