@ -142,6 +142,24 @@ static void _PySSLFixErrno(void) {
# define PY_OPENSSL_1_1_API 1
# endif
/* OpenSSL API compat */
# ifdef OPENSSL_API_COMPAT
# if OPENSSL_API_COMPAT >= 0x10100000L
/* OpenSSL API 1.1.0+ does not include version methods */
# ifndef OPENSSL_NO_TLS1_METHOD
# define OPENSSL_NO_TLS1_METHOD 1
# endif
# ifndef OPENSSL_NO_TLS1_1_METHOD
# define OPENSSL_NO_TLS1_1_METHOD 1
# endif
# ifndef OPENSSL_NO_TLS1_2_METHOD
# define OPENSSL_NO_TLS1_2_METHOD 1
# endif
# endif /* >= 1.1.0 compcat */
# endif /* OPENSSL_API_COMPAT */
/* LibreSSL 2.7.0 provides necessary OpenSSL 1.1.0 APIs */
# if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x2070000fL
# define PY_OPENSSL_1_1_API 1
@ -201,6 +219,12 @@ static void _PySSLFixErrno(void) {
# define TLS_method SSLv23_method
# define TLS_client_method SSLv23_client_method
# define TLS_server_method SSLv23_server_method
# define ASN1_STRING_get0_data ASN1_STRING_data
# define X509_get0_notBefore X509_get_notBefore
# define X509_get0_notAfter X509_get_notAfter
# define OpenSSL_version_num SSLeay
# define OpenSSL_version SSLeay_version
# define OPENSSL_VERSION SSLEAY_VERSION
static int X509_NAME_ENTRY_set ( const X509_NAME_ENTRY * ne )
{
@ -885,7 +909,7 @@ _ssl_configure_hostname(PySSLSocket *self, const char* server_hostname)
goto error ;
}
} else {
if ( ! X509_VERIFY_PARAM_set1_ip ( param , ASN1_STRING_data ( ip ) ,
if ( ! X509_VERIFY_PARAM_set1_ip ( param , ASN1_STRING_get0_ data ( ip ) ,
ASN1_STRING_length ( ip ) ) ) {
_setSSLError ( NULL , 0 , __FILE__ , __LINE__ ) ;
goto error ;
@ -1361,7 +1385,7 @@ _get_peer_alt_names (X509 *certificate) {
goto fail ;
}
PyTuple_SET_ITEM ( t , 0 , v ) ;
v = PyUnicode_FromStringAndSize ( ( char * ) ASN1_STRING_data ( as ) ,
v = PyUnicode_FromStringAndSize ( ( char * ) ASN1_STRING_get0_ data ( as ) ,
ASN1_STRING_length ( as ) ) ;
if ( v = = NULL ) {
Py_DECREF ( t ) ;
@ -1657,7 +1681,7 @@ _decode_certificate(X509 *certificate) {
ASN1_INTEGER * serialNumber ;
char buf [ 2048 ] ;
int len , result ;
ASN1_TIME * notBefore , * notAfter ;
const ASN1_TIME * notBefore , * notAfter ;
PyObject * pnotBefore , * pnotAfter ;
retval = PyDict_New ( ) ;
@ -1719,7 +1743,7 @@ _decode_certificate(X509 *certificate) {
Py_DECREF ( sn_obj ) ;
( void ) BIO_reset ( biobuf ) ;
notBefore = X509_get_notBefore ( certificate ) ;
notBefore = X509_get0 _notBefore ( certificate ) ;
ASN1_TIME_print ( biobuf , notBefore ) ;
len = BIO_gets ( biobuf , buf , sizeof ( buf ) - 1 ) ;
if ( len < 0 ) {
@ -1736,7 +1760,7 @@ _decode_certificate(X509 *certificate) {
Py_DECREF ( pnotBefore ) ;
( void ) BIO_reset ( biobuf ) ;
notAfter = X509_get_notAfter ( certificate ) ;
notAfter = X509_get0 _notAfter ( certificate ) ;
ASN1_TIME_print ( biobuf , notAfter ) ;
len = BIO_gets ( biobuf , buf , sizeof ( buf ) - 1 ) ;
if ( len < 0 ) {
@ -3079,17 +3103,23 @@ _ssl__SSLContext_impl(PyTypeObject *type, int proto_version)
ctx = SSL_CTX_new ( SSLv3_method ( ) ) ;
break ;
# endif
# if defined(TLS1_VERSION) && !defined(OPENSSL_NO_TLS1)
# if (defined(TLS1_VERSION) && \
! defined ( OPENSSL_NO_TLS1 ) & & \
! defined ( OPENSSL_NO_TLS1_METHOD ) )
case PY_SSL_VERSION_TLS1 :
ctx = SSL_CTX_new ( TLSv1_method ( ) ) ;
break ;
# endif
# if defined(TLS1_1_VERSION) && !defined(OPENSSL_NO_TLS1_1)
# if (defined(TLS1_1_VERSION) && \
! defined ( OPENSSL_NO_TLS1_1 ) & & \
! defined ( OPENSSL_NO_TLS1_1_METHOD ) )
case PY_SSL_VERSION_TLS1_1 :
ctx = SSL_CTX_new ( TLSv1_1_method ( ) ) ;
break ;
# endif
# if defined(TLS1_2_VERSION) && !defined(OPENSSL_NO_TLS1_2)
# if (defined(TLS1_2_VERSION) && \
! defined ( OPENSSL_NO_TLS1_2 ) & & \
! defined ( OPENSSL_NO_TLS1_2_METHOD ) )
case PY_SSL_VERSION_TLS1_2 :
ctx = SSL_CTX_new ( TLSv1_2_method ( ) ) ;
break ;
@ -3207,7 +3237,7 @@ _ssl__SSLContext_impl(PyTypeObject *type, int proto_version)
conservative and assume it wasn ' t fixed until release . We do this check
at runtime to avoid problems from the dynamic linker .
See # 25672 for more on this . */
libver = SSLeay ( ) ;
libver = OpenSSL_version_num ( ) ;
if ( ! ( libver > = 0x10001000UL & & libver < 0x1000108fUL ) & &
! ( libver > = 0x10000000UL & & libver < 0x100000dfUL ) ) {
SSL_CTX_set_mode ( self - > ctx , SSL_MODE_RELEASE_BUFFERS ) ;
@ -5286,7 +5316,11 @@ PySSL_RAND(int len, int pseudo)
if ( bytes = = NULL )
return NULL ;
if ( pseudo ) {
# ifdef PY_OPENSSL_1_1_API
ok = RAND_bytes ( ( unsigned char * ) PyBytes_AS_STRING ( bytes ) , len ) ;
# else
ok = RAND_pseudo_bytes ( ( unsigned char * ) PyBytes_AS_STRING ( bytes ) , len ) ;
# endif
if ( ok = = 0 | | ok = = 1 )
return Py_BuildValue ( " NO " , bytes , ok = = 1 ? Py_True : Py_False ) ;
}
@ -6373,7 +6407,7 @@ PyInit__ssl(void)
/* SSLeay() gives us the version of the library linked against,
which could be different from the headers version .
*/
libver = SSLeay ( ) ;
libver = OpenSSL_version_num ( ) ;
r = PyLong_FromUnsignedLong ( libver ) ;
if ( r = = NULL )
return NULL ;
@ -6383,7 +6417,7 @@ PyInit__ssl(void)
r = Py_BuildValue ( " IIIII " , major , minor , fix , patch , status ) ;
if ( r = = NULL | | PyModule_AddObject ( m , " OPENSSL_VERSION_INFO " , r ) )
return NULL ;
r = PyUnicode_FromString ( SSLeay _version ( SSLEAY _VERSION ) ) ;
r = PyUnicode_FromString ( Open SSL_version( OPEN SSL_VERSION) ) ;
if ( r = = NULL | | PyModule_AddObject ( m , " OPENSSL_VERSION " , r ) )
return NULL ;
Christian Heimes
6 years ago
GitHub