[2.7] bpo-30622: Improve NPN support detection (GH-5859) (#5863) · python/cpython@3d87f4c (original) (raw)

`@@ -127,6 +127,19 @@ struct py_ssl_library_code {

`

127

127

`# define HAVE_ALPN

`

128

128

`#endif

`

129

129

``

``

130

`+

/* We cannot rely on OPENSSL_NO_NEXTPROTONEG because LibreSSL 2.6.1 dropped

`

``

131

`+

`

``

132

`+

`

``

133

`+

`

``

134

`+

*/

`

``

135

`+

#ifdef OPENSSL_NO_NEXTPROTONEG

`

``

136

`+

define HAVE_NPN 0

`

``

137

`+

#elif defined(TLSEXT_TYPE_next_proto_neg)

`

``

138

`+

define HAVE_NPN 1

`

``

139

`+

#else

`

``

140

`+

define HAVE_NPN 0

`

``

141

`+

endif

`

``

142

+

130

143

`#ifndef INVALID_SOCKET /* MS defines this */

`

131

144

`#define INVALID_SOCKET (-1)

`

132

145

`#endif

`

`@@ -285,7 +298,7 @@ static unsigned int _ssl_locks_count = 0;

`

285

298

`typedef struct {

`

286

299

`PyObject_HEAD

`

287

300

`SSL_CTX *ctx;

`

288

``

`-

#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)

`

``

301

`+

#ifdef HAVE_NPN

`

289

302

`unsigned char *npn_protocols;

`

290

303

`int npn_protocols_len;

`

291

304

`#endif

`

`@@ -2195,7 +2208,7 @@ context_new(PyTypeObject *type, PyObject *args, PyObject *kwds)

`

2195

2208

`return NULL;

`

2196

2209

` }

`

2197

2210

`self->ctx = ctx;

`

2198

``

`-

#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)

`

``

2211

`+

#ifdef HAVE_NPN

`

2199

2212

`self->npn_protocols = NULL;

`

2200

2213

`#endif

`

2201

2214

`#ifdef HAVE_ALPN

`

`@@ -2273,7 +2286,7 @@ context_dealloc(PySSLContext *self)

`

2273

2286

`PyObject_GC_UnTrack(self);

`

2274

2287

`context_clear(self);

`

2275

2288

`SSL_CTX_free(self->ctx);

`

2276

``

`-

#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)

`

``

2289

`+

#ifdef HAVE_NPN

`

2277

2290

`PyMem_FREE(self->npn_protocols);

`

2278

2291

`#endif

`

2279

2292

`#ifdef HAVE_ALPN

`

`@@ -2303,7 +2316,7 @@ set_ciphers(PySSLContext *self, PyObject *args)

`

2303

2316

`Py_RETURN_NONE;

`

2304

2317

`}

`

2305

2318

``

2306

``

`-

#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) || defined(HAVE_ALPN)

`

``

2319

`+

#if defined(HAVE_NPN) || defined(HAVE_ALPN)

`

2307

2320

`static int

`

2308

2321

`do_protocol_selection(int alpn, unsigned char **out, unsigned char *outlen,

`

2309

2322

`const unsigned char *server_protocols, unsigned int server_protocols_len,

`

`@@ -2329,7 +2342,7 @@ do_protocol_selection(int alpn, unsigned char **out, unsigned char *outlen,

`

2329

2342

`}

`

2330

2343

`#endif

`

2331

2344

``

2332

``

`-

#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)

`

``

2345

`+

#ifdef HAVE_NPN

`

2333

2346

`/* this callback gets passed to SSL_CTX_set_next_protos_advertise_cb */

`

2334

2347

`static int

`

2335

2348

`_advertiseNPN_cb(SSL *s,

`

`@@ -2364,7 +2377,7 @@ _selectNPN_cb(SSL *s,

`

2364

2377

`static PyObject *

`

2365

2378

`_set_npn_protocols(PySSLContext *self, PyObject *args)

`

2366

2379

`{

`

2367

``

`-

#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)

`

``

2380

`+

#ifdef HAVE_NPN

`

2368

2381

`Py_buffer protos;

`

2369

2382

``

2370

2383

`if (!PyArg_ParseTuple(args, "s*:set_npn_protocols", &protos))

`

`@@ -4373,7 +4386,7 @@ init_ssl(void)

`

4373

4386

`Py_INCREF(r);

`

4374

4387

`PyModule_AddObject(m, "HAS_ECDH", r);

`

4375

4388

``

4376

``

`-

#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)

`

``

4389

`+

#ifdef HAVE_NPN

`

4377

4390

`r = Py_True;

`

4378

4391

`#else

`

4379

4392

`r = Py_False;

`