8000 [3.6] bpo-33127: Compatibility patch for LibreSSL 2.7.0 (GH-6210) by tiran · Pull Request #6214 · python/cpython · GitHub
[go: up one dir, main page]
Skip to content

[3.6] bpo-33127: Compatibility patch for LibreSSL 2.7.0 (GH-6210) #6214

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Mar 24, 2018
Merged

[3.6] bpo-33127: Compatibility patch for LibreSSL 2.7.0 (GH-6210) #6214

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions Lib/test/test_ssl.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1687,6 +1687,7 @@ def test_get_ca_certs_capath(self):
self.assertEqual(len(ctx.get_ca_certs()), 1)

@needs_sni
@unittest.skipUnless(hasattr(ssl, "PROTOCOL_TLSv1_2"), "needs TLS 1.2")
def test_context_setget(self):
# Check that the context of a connected socket can be replaced.
ctx1 = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
Expand Down
1 change: 1 addition & 0 deletions Misc/NEWS.d/next/Library/2018-03-24-15-08-24.bpo-33127.olJmHv.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
The ssl module now compiles with LibreSSL 2.7.1.
24 changes: 16 additions & 8 deletions Modules/_ssl.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,12 @@ struct py_ssl_library_code {

#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)
# define OPENSSL_VERSION_1_1 1
# define PY_OPENSSL_1_1_API 1
#endif

/* LibreSSL 2.7.0 provides necessary OpenSSL 1.1.0 APIs */
#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x2070000fL
# define PY_OPENSSL_1_1_API 1
#endif

/* Openssl comes with TLSv1.1 and TLSv1.2 between 1.0.0h and 1.0.1
Expand Down Expand Up @@ -152,16 +158,18 @@ struct py_ssl_library_code {
#define INVALID_SOCKET (-1)
#endif

#ifdef OPENSSL_VERSION_1_1
/* OpenSSL 1.1.0+ */
#ifndef OPENSSL_NO_SSL2
#define OPENSSL_NO_SSL2
#endif
#else /* OpenSSL < 1.1.0 */
#if defined(WITH_THREAD)
/* OpenSSL 1.0.2 and LibreSSL needs extra code for locking */
#if !defined(OPENSSL_VERSION_1_1) && defined(WITH_THREAD)
#define HAVE_OPENSSL_CRYPTO_LOCK
#endif

#if defined(OPENSSL_VERSION_1_1) && !defined(OPENSSL_NO_SSL2)
#define OPENSSL_NO_SSL2
#endif

#ifndef PY_OPENSSL_1_1_API
/* OpenSSL 1.1 API shims for OpenSSL < 1.1.0 and LibreSSL < 2.7.0 */

#define TLS_method SSLv23_method
#define TLS_client_method SSLv23_client_method
#define TLS_server_method SSLv23_server_method
Expand Down Expand Up @@ -227,7 +235,7 @@ SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s)
return s->tlsext_tick_lifetime_hint;
}

#endif /* OpenSSL < 1.1.0 or LibreSSL */
#endif /* OpenSSL < 1.1.0 or LibreSSL < 2.7.0 */


enum py_ssl_error {
Expand Down
3 changes: 2 additions & 1 deletion Tools/ssl/multissltests.py 7F0C
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,8 +57,9 @@
]

LIBRESSL_RECENT_VERSIONS = [
"2.5.3",
"2.5.5",
"2.6.4",
"2.7.1",
]

# store files in ../multissl
Expand Down
0