Use SSL_CTX_get_max_proto_version instead of SSL_CTX_ctrl #95095
Assignees
Comments
davidben
added a commit
to davidben/cpython
that referenced
this issue
Jul 21, 2022
…ctrl The wrapper macros are more readable and match the form recommended in the OpenSSL documentation. They also slightly less error-prone, as the mapping of arguments to SSL_CTX_ctrl is not always clear. (Though in this case it's straightforward.) https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_get_max_proto_version.html
|
SGTM We used SSL_CTX_ctrl with SSL_CTRL_GET_MAX_PROTO_VERSION because OpenSSL < 1.1.0g did not have the getter macro. Since we no longer support 1.1.0 it is safe to use the macro in 3.10 and newer. |
miss-islington
pushed a commit
that referenced
this issue
Jul 21, 2022
…H-95096) The wrapper macros are more readable and match the form recommended in the OpenSSL documentation. They also slightly less error-prone, as the mapping of arguments to SSL_CTX_ctrl is not always clear. (Though in this case it's straightforward.) https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_get_max_proto_version.html
miss-islington
pushed a commit
to miss-islington/cpython
that referenced
this issue
Jul 21, 2022
…ctrl (pythonGH-95096) The wrapper macros are more readable and match the form recommended in the OpenSSL documentation. They also slightly less error-prone, as the mapping of arguments to SSL_CTX_ctrl is not always clear. (Though in this case it's straightforward.) https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_get_max_proto_version.html (cherry picked from commit 936f71e) Co-authored-by: David Benjamin <davidben@davidben.net>
miss-islington
pushed a commit
to miss-islington/cpython
that referenced
this issue
Jul 21, 2022
…ctrl (pythonGH-95096) The wrapper macros are more readable and match the form recommended in the OpenSSL documentation. They also slightly less error-prone, as the mapping of arguments to SSL_CTX_ctrl is not always clear. (Though in this case it's straightforward.) https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_get_max_proto_version.html (cherry picked from commit 936f71e) Co-authored-by: David Benjamin <davidben@davidben.net>
miss-islington
added a commit
that referenced
this issue
Jul 21, 2022
…H-95096) The wrapper macros are more readable and match the form recommended in the OpenSSL documentation. They also slightly less error-prone, as the mapping of arguments to SSL_CTX_ctrl is not always clear. (Though in this case it's straightforward.) https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_get_max_proto_version.html (cherry picked from commit 936f71e) Co-authored-by: David Benjamin <davidben@davidben.net>
miss-islington
added a commit
that referenced
this issue
Jul 21, 2022
…H-95096) The wrapper macros are more readable and match the form recommended in the OpenSSL documentation. They also slightly less error-prone, as the mapping of arguments to SSL_CTX_ctrl is not always clear. (Though in this case it's straightforward.) https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_get_max_proto_version.html (cherry picked from commit 936f71e) Co-authored-by: David Benjamin <davidben@davidben.net>
|
Thanks David! 👍 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Filing this since the devguide says to attach a GH issue to each PR. I'll upload a PR shortly to goes with it.
CPython uses
SSL_CTX_ctrl(SSL_CTRL_GET_MAX_PROTO_VERSION)to query the maximum version, but it's cleaner to use the wrapper macro,SSL_CTX_get_max_proto_version. This is the version that's documented by OpenSSL and is easier to read.https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_get_max_proto_version.html
The macros are also slightly safer since you're less likely to mess up the
larg/pargcalling convention. If OpenSSL ever does openssl/openssl#1319, it will also be more type-safe. (Also I work on BoringSSL, which has done just that, so fixing this makes life easier for us. But I think this change is good independent of BoringSSL.)The text was updated successfully, but these errors were encountered: