blob: 67d57d0c138b95da3e69195e36b8416d4a361fa7 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
# From 8d89a385b71a2e4cce0fba0cfc8d91b63485edc5 Mon Sep 17 00:00:00 2001
# From: Christian Heimes <christian@python.org>
# Date: Sat, 24 Mar 2018 18:38:14 +0100
# Subject: [PATCH] [3.6] bpo-33127: Compatibility patch for LibreSSL 2.7.0
# (GH-6210) (GH-6214)
#
# LibreSSL 2.7 introduced OpenSSL 1.1.0 API. The ssl module now detects
# LibreSSL 2.7 and only provides API shims for OpenSSL < 1.1.0 and
# LibreSSL < 2.7.
# Documentation updates and fixes for failing tests will be provided in
# another patch set.
# Signed-off-by: Christian Heimes <christian@python.org>.
# (cherry picked from commit 4ca0739c9d97ac7cd45499e0d31be68dc659d0e1)
# Co-authored-by: Christian Heimes <christian@python.org>
# Patch modified by Aaron Bauman <bman@gentoo.org> for 3.5.5
--- a/Modules/_ssl.c 2018-04-13 18:33:17.397649561 -0400
+++ b/Modules/_ssl.c 2018-04-13 18:40:22.319852014 -0400
@@ -101,6 +101,12 @@
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)
# define OPENSSL_VERSION_1_1 1
+# define PY_OPENSSL_1_1_API 1
+#endif
+
+/* LibreSSL 2.7.0 provides necessary OpenSSL 1.1.0 APIs */
+#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x2070000fL
+# define PY_OPENSSL_1_1_API 1
#endif
/* Openssl comes with TLSv1.1 and TLSv1.2 between 1.0.0h and 1.0.1
@@ -129,16 +135,18 @@
#define INVALID_SOCKET (-1)
#endif
-#ifdef OPENSSL_VERSION_1_1
-/* OpenSSL 1.1.0+ */
-#ifndef OPENSSL_NO_SSL2
-#define OPENSSL_NO_SSL2
-#endif
-#else /* OpenSSL < 1.1.0 */
-#if defined(WITH_THREAD)
+/* OpenSSL 1.0.2 and LibreSSL needs extra code for locking */
+#if !defined(OPENSSL_VERSION_1_1) && defined(WITH_THREAD)
#define HAVE_OPENSSL_CRYPTO_LOCK
#endif
+#if defined(OPENSSL_VERSION_1_1) && !defined(OPENSSL_NO_SSL2)
+#define OPENSSL_NO_SSL2
+#endif
+
+#ifndef PY_OPENSSL_1_1_API
+/* OpenSSL 1.1 API shims for OpenSSL < 1.1.0 and LibreSSL < 2.7.0 */
+
#define TLS_method SSLv23_method
static int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne)
@@ -187,7 +195,7 @@
{
return store->param;
}
-#endif /* OpenSSL < 1.1.0 or LibreSSL */
+#endif /* OpenSSL < 1.1.0 or LibreSSL < 2.7.0 */
enum py_ssl_error {
|
