[3.7] bpo-30622: Improve NPN support detection (GH-5859) (#5860) · python/cpython@01d9c23 (original) (raw)

`@@ -160,6 +160,19 @@ static void _PySSLFixErrno(void) {

160

`# define HAVE_ALPN

161

`#endif

162

163

/* We cannot rely on OPENSSL_NO_NEXTPROTONEG because LibreSSL 2.6.1 dropped

164

NPN support but did not set OPENSSL_NO_NEXTPROTONEG for compatibility

165

reasons. The check for TLSEXT_TYPE_next_proto_neg works with

166

OpenSSL 1.0.1+ and LibreSSL.

167

168

#ifdef OPENSSL_NO_NEXTPROTONEG

169

define HAVE_NPN 0

170

#elif defined(TLSEXT_TYPE_next_proto_neg)

171

define HAVE_NPN 1

172

#else

173

define HAVE_NPN 0

174

endif

175

+

163

176

`#ifndef INVALID_SOCKET /* MS defines this */

164

177

`#define INVALID_SOCKET (-1)

165

178

`#endif

`@@ -328,7 +341,7 @@ static unsigned int _ssl_locks_count = 0;

328

341

`typedef struct {

329

342

`PyObject_HEAD

330

343

`SSL_CTX *ctx;

331

#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)

344

#ifdef HAVE_NPN

332

345

`unsigned char *npn_protocols;

333

346

`int npn_protocols_len;

334

347

`#endif

`@@ -1909,7 +1922,7 @@ _ssl__SSLSocket_version_impl(PySSLSocket *self)

1909

1922

`return PyUnicode_FromString(version);

1910

1923

1911

1924

1912

#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)

1925

#ifdef HAVE_NPN

1913

1926

`/*[clinic input]

1914

1927

`_ssl._SSLSocket.selected_npn_protocol

1915

1928

`[clinic start generated code]*/

`@@ -2874,7 +2887,7 @@ _ssl__SSLContext_impl(PyTypeObject *type, int proto_version)

2874

2887

`self->ctx = ctx;

2875

2888

`self->hostflags = X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS;

2876

2889

`self->protocol = proto_version;

2877

#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)

2890

#ifdef HAVE_NPN

2878

2891

`self->npn_protocols = NULL;

2879

2892

`#endif

2880

2893

`#ifdef HAVE_ALPN

`@@ -3013,7 +3026,7 @@ context_dealloc(PySSLContext *self)

3013

3026

`PyObject_GC_UnTrack(self);

3014

3027

`context_clear(self);

3015

3028

`SSL_CTX_free(self->ctx);

3016

#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)

3029

#ifdef HAVE_NPN

3017

3030

`PyMem_FREE(self->npn_protocols);

3018

3031

`#endif

3019

3032

`#ifdef HAVE_ALPN

`@@ -3091,7 +3104,7 @@ _ssl__SSLContext_get_ciphers_impl(PySSLContext *self)

3091

3104

`#endif

3092

3105

3093

3106

3094

#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) || defined(HAVE_ALPN)

3107

#if defined(HAVE_NPN) || defined(HAVE_ALPN)

3095

3108

`static int

3096

3109

`do_protocol_selection(int alpn, unsigned char **out, unsigned char *outlen,

3097

3110

`const unsigned char *server_protocols, unsigned int server_protocols_len,

`@@ -3117,7 +3130,7 @@ do_protocol_selection(int alpn, unsigned char **out, unsigned char *outlen,

3117

3130

3118

3131

`#endif

3119

3132

3120

#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)

3133

#ifdef HAVE_NPN

3121

3134

`/* this callback gets passed to SSL_CTX_set_next_protos_advertise_cb */

3122

3135

`static int

3123

3136

`_advertiseNPN_cb(SSL *s,

`@@ -3160,7 +3173,7 @@ _ssl__SSLContext__set_npn_protocols_impl(PySSLContext *self,

3160

3173

`Py_buffer *protos)

3161

3174

`/[clinic end generated code: output=72b002c3324390c6 input=319fcb66abf95bd7]/

3162

3175

3163

#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)

3176

#ifdef HAVE_NPN

3164

3177

`PyMem_Free(self->npn_protocols);

3165

3178

`self->npn_protocols = PyMem_Malloc(protos->len);

3166

3179

`if (self->npn_protocols == NULL)

`@@ -5705,7 +5718,7 @@ PyInit__ssl(void)

5705

5718

`Py_INCREF(r);

5706

5719

`PyModule_AddObject(m, "HAS_ECDH", r);

5707

5720

5708

#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)

5721

#ifdef HAVE_NPN

5709

5722

`r = Py_True;

5710

5723

`#else

5711

5724

`r = Py_False;