Skip to content

[3.5] bpo-33127: Compatibility patch for LibreSSL 2.7.0 (GH-6210) #10994

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Mar 1, 2019
Merged

[3.5] bpo-33127: Compatibility patch for LibreSSL 2.7.0 (GH-6210) #10994

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
cd4d0ec
bpo-33127: Compatibility patch for LibreSSL 2.7.0 (GH-6210)
tiran Mar 24, 2018
338e031
Merge branch '3.5' into backport-4ca0739-3.5
larryhastings Feb 28, 2019
0945501
Delete multissltests.py
larryhastings Mar 1, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions Misc/NEWS.d/next/Library/2018-03-24-15-08-24.bpo-33127.olJmHv.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
The ssl module now compiles with LibreSSL 2.7.1.
25 changes: 17 additions & 8 deletions Modules/_ssl.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,12 @@ struct py_ssl_library_code {

#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)
# define OPENSSL_VERSION_1_1 1
# define PY_OPENSSL_1_1_API 1
#endif

/* LibreSSL 2.7.0 provides necessary OpenSSL 1.1.0 APIs */
#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x2070000fL
# define PY_OPENSSL_1_1_API 1
#endif

/* Openssl comes with TLSv1.1 and TLSv1.2 between 1.0.0h and 1.0.1
Expand Down Expand Up @@ -129,16 +135,18 @@ struct py_ssl_library_code {
#define INVALID_SOCKET (-1)
#endif

#ifdef OPENSSL_VERSION_1_1
/* OpenSSL 1.1.0+ */
#ifndef OPENSSL_NO_SSL2
#define OPENSSL_NO_SSL2
#endif
#else /* OpenSSL < 1.1.0 */
#if defined(WITH_THREAD)
/* OpenSSL 1.0.2 and LibreSSL needs extra code for locking */
#ifndef OPENSSL_VERSION_1_1
#define HAVE_OPENSSL_CRYPTO_LOCK
#endif

#if defined(OPENSSL_VERSION_1_1) && !defined(OPENSSL_NO_SSL2)
#define OPENSSL_NO_SSL2
#endif

#ifndef PY_OPENSSL_1_1_API
/* OpenSSL 1.1 API shims for OpenSSL < 1.1.0 and LibreSSL < 2.7.0 */

#define TLS_method SSLv23_method

static int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne)
Expand Down Expand Up @@ -187,7 +195,8 @@ static X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *store)
{
return store->param;
}
#endif /* OpenSSL < 1.1.0 or LibreSSL */

#endif /* OpenSSL < 1.1.0 or LibreSSL < 2.7.0 */


enum py_ssl_error {
Expand Down