[3.6] bpo-33127: Compatibility patch for LibreSSL 2.7.0 (GH-6210) (GH… · python/cpython@f5befbb (original) (raw)

4 files changed

lines changed

Original file line number	Diff line number	Diff line change
@@ -1687,6 +1687,7 @@ def test_get_ca_certs_capath(self):
1687	1687	self.assertEqual(len(ctx.get_ca_certs()), 1)
1688	1688
1689	1689	@needs_sni
	1690	+@unittest.skipUnless(hasattr(ssl, "PROTOCOL_TLSv1_2"), "needs TLS 1.2")
1690	1691	def test_context_setget(self):
1691	1692	# Check that the context of a connected socket can be replaced.
1692	1693	ctx1 = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)

Original file line number	Diff line number	Diff line change
@@ -0,0 +1 @@
	1	+The ssl module now compiles with LibreSSL 2.7.1.

Original file line number	Diff line number	Diff line change
@@ -106,6 +106,12 @@ struct py_ssl_library_code {
106	106
107	107	#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)
108	108	# define OPENSSL_VERSION_1_1 1
	109	+# define PY_OPENSSL_1_1_API 1
	110	+#endif
	111	+
	112	+/* LibreSSL 2.7.0 provides necessary OpenSSL 1.1.0 APIs */
	113	+#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x2070000fL
	114	+# define PY_OPENSSL_1_1_API 1
109	115	#endif
110	116
111	117	/* Openssl comes with TLSv1.1 and TLSv1.2 between 1.0.0h and 1.0.1
@@ -152,16 +158,18 @@ struct py_ssl_library_code {
152	158	#define INVALID_SOCKET (-1)
153	159	#endif
154	160
155		-#ifdef OPENSSL_VERSION_1_1
156		-/* OpenSSL 1.1.0+ */
157		-#ifndef OPENSSL_NO_SSL2
158		-#define OPENSSL_NO_SSL2
159		-#endif
160		-#else /* OpenSSL < 1.1.0 */
161		-#if defined(WITH_THREAD)
	161	+/* OpenSSL 1.0.2 and LibreSSL needs extra code for locking */
	162	+#if !defined(OPENSSL_VERSION_1_1) && defined(WITH_THREAD)
162	163	#define HAVE_OPENSSL_CRYPTO_LOCK
163	164	#endif
164	165
	166	+#if defined(OPENSSL_VERSION_1_1) && !defined(OPENSSL_NO_SSL2)
	167	+#define OPENSSL_NO_SSL2
	168	+#endif
	169	+
	170	+#ifndef PY_OPENSSL_1_1_API
	171	+/* OpenSSL 1.1 API shims for OpenSSL < 1.1.0 and LibreSSL < 2.7.0 */
	172	+
165	173	#define TLS_method SSLv23_method
166	174	#define TLS_client_method SSLv23_client_method
167	175	#define TLS_server_method SSLv23_server_method
@@ -227,7 +235,7 @@ SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s)
227	235	return s->tlsext_tick_lifetime_hint;
228	236	}
229	237
230		-#endif /* OpenSSL < 1.1.0 or LibreSSL */
	238	+#endif /* OpenSSL < 1.1.0 or LibreSSL < 2.7.0 */
231	239
232	240
233	241	enum py_ssl_error {

Original file line number	Diff line number	Diff line change
@@ -57,8 +57,9 @@
57	57	]
58	58
59	59	LIBRESSL_RECENT_VERSIONS = [
60		-"2.5.3",
61	60	"2.5.5",
	61	+"2.6.4",
	62	+"2.7.1",
62	63	]
63	64
64	65	# store files in ../multissl