Lines 90-95
Link Here
|
90 |
/* Include generated data (error codes) */ |
90 |
/* Include generated data (error codes) */ |
91 |
#include "_ssl_data.h" |
91 |
#include "_ssl_data.h" |
92 |
|
92 |
|
|
|
93 |
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER) |
94 |
# define OPENSSL_VERSION_1_1 1 |
95 |
#endif |
96 |
|
93 |
/* Openssl comes with TLSv1.1 and TLSv1.2 between 1.0.0h and 1.0.1 |
97 |
/* Openssl comes with TLSv1.1 and TLSv1.2 between 1.0.0h and 1.0.1 |
94 |
http://www.openssl.org/news/changelog.html |
98 |
http://www.openssl.org/news/changelog.html |
95 |
*/ |
99 |
*/ |
Lines 203-208
Link Here
|
203 |
# define HAVE_OPENSSL_VERIFY_PARAM |
207 |
# define HAVE_OPENSSL_VERIFY_PARAM |
204 |
#endif |
208 |
#endif |
205 |
|
209 |
|
|
|
210 |
#ifndef OPENSSL_VERSION_1_1 |
211 |
/* OpenSSL 1.1.0+ */ |
212 |
#ifndef OPENSSL_NO_SSL2 |
213 |
#define OPENSSL_NO_SSL2 |
214 |
#endif |
215 |
#if defined(WITH_THREAD) |
216 |
#define HAVE_OPENSSL_CRYPTO_LOCK |
217 |
#endif |
218 |
#endif |
219 |
|
220 |
#ifndef OPENSSL_VERSION_1_1 |
221 |
#define TLS_method SSLv23_method |
222 |
#define TLS_client_method SSLv23_client_method |
223 |
#define TLS_server_method SSLv23_server_method |
224 |
#define X509_get0_notBefore X509_get_notBefore |
225 |
#define X509_get0_notAfter X509_get_notAfter |
226 |
#define ASN1_STRING_get0_data ASN1_STRING_data |
227 |
#define OpenSSL_version_num SSLeay |
228 |
#define OpenSSL_version SSLeay_version |
229 |
#define OPENSSL_VERSION SSLEAY_VERSION |
230 |
#endif |
206 |
|
231 |
|
207 |
typedef struct { |
232 |
typedef struct { |
208 |
PyObject_HEAD |
233 |
PyObject_HEAD |
Lines 691-697
Link Here
|
691 |
|
716 |
|
692 |
/* check to see if we've gotten to a new RDN */ |
717 |
/* check to see if we've gotten to a new RDN */ |
693 |
if (rdn_level >= 0) { |
718 |
if (rdn_level >= 0) { |
694 |
if (rdn_level != entry->set) { |
719 |
if (rdn_level != X509_NAME_ENTRY_set(entry)) { |
695 |
/* yes, new RDN */ |
720 |
/* yes, new RDN */ |
696 |
/* add old RDN to DN */ |
721 |
/* add old RDN to DN */ |
697 |
rdnt = PyList_AsTuple(rdn); |
722 |
rdnt = PyList_AsTuple(rdn); |
Lines 708-714
Link Here
|
708 |
goto fail0; |
733 |
goto fail0; |
709 |
} |
734 |
} |
710 |
} |
735 |
} |
711 |
rdn_level = entry->set; |
736 |
rdn_level = X509_NAME_ENTRY_set(entry); |
712 |
|
737 |
|
713 |
/* now add this attribute to the current RDN */ |
738 |
/* now add this attribute to the current RDN */ |
714 |
name = X509_NAME_ENTRY_get_object(entry); |
739 |
name = X509_NAME_ENTRY_get_object(entry); |
Lines 811-828
Link Here
|
811 |
goto fail; |
836 |
goto fail; |
812 |
} |
837 |
} |
813 |
|
838 |
|
814 |
p = ext->value->data; |
839 |
p = X509_EXTENSION_get_data(ext)->data; |
815 |
if (method->it) |
840 |
if (method->it) |
816 |
names = (GENERAL_NAMES*) |
841 |
names = (GENERAL_NAMES*) |
817 |
(ASN1_item_d2i(NULL, |
842 |
(ASN1_item_d2i(NULL, |
818 |
&p, |
843 |
&p, |
819 |
ext->value->length, |
844 |
X509_EXTENSION_get_data(ext)->length, |
820 |
ASN1_ITEM_ptr(method->it))); |
845 |
ASN1_ITEM_ptr(method->it))); |
821 |
else |
846 |
else |
822 |
names = (GENERAL_NAMES*) |
847 |
names = (GENERAL_NAMES*) |
823 |
(method->d2i(NULL, |
848 |
(method->d2i(NULL, |
824 |
&p, |
849 |
&p, |
825 |
ext->value->length)); |
850 |
X509_EXTENSION_get_data(ext)->length)); |
826 |
|
851 |
|
827 |
for(j = 0; j < sk_GENERAL_NAME_num(names); j++) { |
852 |
for(j = 0; j < sk_GENERAL_NAME_num(names); j++) { |
828 |
/* get a rendering of each name in the set of names */ |
853 |
/* get a rendering of each name in the set of names */ |
Lines 883-889
Link Here
|
883 |
goto fail; |
908 |
goto fail; |
884 |
} |
909 |
} |
885 |
PyTuple_SET_ITEM(t, 0, v); |
910 |
PyTuple_SET_ITEM(t, 0, v); |
886 |
v = PyUnicode_FromStringAndSize((char *)ASN1_STRING_data(as), |
911 |
v = PyUnicode_FromStringAndSize((char *)ASN1_STRING_get0_data(as), |
887 |
ASN1_STRING_length(as)); |
912 |
ASN1_STRING_length(as)); |
888 |
if (v == NULL) { |
913 |
if (v == NULL) { |
889 |
Py_DECREF(t); |
914 |
Py_DECREF(t); |
Lines 1033-1045
Link Here
|
1033 |
int i, j; |
1058 |
int i, j; |
1034 |
PyObject *lst, *res = NULL; |
1059 |
PyObject *lst, *res = NULL; |
1035 |
|
1060 |
|
1036 |
#if OPENSSL_VERSION_NUMBER < 0x10001000L |
|
|
1037 |
dps = X509_get_ext_d2i(certificate, NID_crl_distribution_points, NULL, NULL); |
1061 |
dps = X509_get_ext_d2i(certificate, NID_crl_distribution_points, NULL, NULL); |
1038 |
#else |
|
|
1039 |
/* Calls x509v3_cache_extensions and sets up crldp */ |
1040 |
X509_check_ca(certificate); |
1041 |
dps = certificate->crldp; |
1042 |
#endif |
1043 |
|
1062 |
|
1044 |
if (dps == NULL) |
1063 |
if (dps == NULL) |
1045 |
return Py_None; |
1064 |
return Py_None; |
Lines 1161-1167
Link Here
|
1161 |
Py_DECREF(sn_obj); |
1180 |
Py_DECREF(sn_obj); |
1162 |
|
1181 |
|
1163 |
(void) BIO_reset(biobuf); |
1182 |
(void) BIO_reset(biobuf); |
1164 |
notBefore = X509_get_notBefore(certificate); |
1183 |
notBefore = X509_get0_notBefore(certificate); |
1165 |
ASN1_TIME_print(biobuf, notBefore); |
1184 |
ASN1_TIME_print(biobuf, notBefore); |
1166 |
len = BIO_gets(biobuf, buf, sizeof(buf)-1); |
1185 |
len = BIO_gets(biobuf, buf, sizeof(buf)-1); |
1167 |
if (len < 0) { |
1186 |
if (len < 0) { |
Lines 1178-1184
Link Here
|
1178 |
Py_DECREF(pnotBefore); |
1197 |
Py_DECREF(pnotBefore); |
1179 |
|
1198 |
|
1180 |
(void) BIO_reset(biobuf); |
1199 |
(void) BIO_reset(biobuf); |
1181 |
notAfter = X509_get_notAfter(certificate); |
1200 |
notAfter = X509_get0_notAfter(certificate); |
1182 |
ASN1_TIME_print(biobuf, notAfter); |
1201 |
ASN1_TIME_print(biobuf, notAfter); |
1183 |
len = BIO_gets(biobuf, buf, sizeof(buf)-1); |
1202 |
len = BIO_gets(biobuf, buf, sizeof(buf)-1); |
1184 |
if (len < 0) { |
1203 |
if (len < 0) { |
Lines 1427-1435
Link Here
|
1427 |
if (self->ssl == NULL) |
1446 |
if (self->ssl == NULL) |
1428 |
Py_RETURN_NONE; |
1447 |
Py_RETURN_NONE; |
1429 |
comp_method = SSL_get_current_compression(self->ssl); |
1448 |
comp_method = SSL_get_current_compression(self->ssl); |
1430 |
if (comp_method == NULL || comp_method->type == NID_undef) |
1449 |
if (comp_method == NULL || COMP_get_type(comp_method) == NID_undef) |
1431 |
Py_RETURN_NONE; |
1450 |
Py_RETURN_NONE; |
1432 |
short_name = OBJ_nid2sn(comp_method->type); |
1451 |
short_name = OBJ_nid2sn(COMP_get_type(comp_method)); |
1433 |
if (short_name == NULL) |
1452 |
if (short_name == NULL) |
1434 |
Py_RETURN_NONE; |
1453 |
Py_RETURN_NONE; |
1435 |
return PyUnicode_DecodeFSDefault(short_name); |
1454 |
return PyUnicode_DecodeFSDefault(short_name); |
Lines 1987-2010
Link Here
|
1987 |
return NULL; |
2006 |
return NULL; |
1988 |
|
2007 |
|
1989 |
PySSL_BEGIN_ALLOW_THREADS |
2008 |
PySSL_BEGIN_ALLOW_THREADS |
1990 |
if (proto_version == PY_SSL_VERSION_TLS1) |
2009 |
if (proto_version == PY_SSL_VERSION_TLS1) { |
|
|
2010 |
#ifdef OPENSSL_VERSION_1_1 |
2011 |
ctx = SSL_CTX_new(TLS_method()); |
2012 |
SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION); |
2013 |
#else |
1991 |
ctx = SSL_CTX_new(TLSv1_method()); |
2014 |
ctx = SSL_CTX_new(TLSv1_method()); |
|
|
2015 |
#endif |
2016 |
} |
1992 |
#if HAVE_TLSv1_2 |
2017 |
#if HAVE_TLSv1_2 |
1993 |
else if (proto_version == PY_SSL_VERSION_TLS1_1) |
2018 |
else if (proto_version == PY_SSL_VERSION_TLS1_1) { |
|
|
2019 |
#ifdef OPENSSL_VERSION_1_1 |
2020 |
ctx = SSL_CTX_new(TLS_method()); |
2021 |
SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION); |
2022 |
#else |
1994 |
ctx = SSL_CTX_new(TLSv1_1_method()); |
2023 |
ctx = SSL_CTX_new(TLSv1_1_method()); |
1995 |
else if (proto_version == PY_SSL_VERSION_TLS1_2) |
2024 |
#endif |
|
|
2025 |
} |
2026 |
else if (proto_version == PY_SSL_VERSION_TLS1_2) { |
2027 |
#ifdef OPENSSL_VERSION_1_1 |
2028 |
ctx = SSL_CTX_new(TLS_method()); |
2029 |
SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION); |
2030 |
#else |
1996 |
ctx = SSL_CTX_new(TLSv1_2_method()); |
2031 |
ctx = SSL_CTX_new(TLSv1_2_method()); |
1997 |
#endif |
2032 |
#endif |
|
|
2033 |
} |
2034 |
#endif |
1998 |
#ifndef OPENSSL_NO_SSL3 |
2035 |
#ifndef OPENSSL_NO_SSL3 |
1999 |
else if (proto_version == PY_SSL_VERSION_SSL3) |
2036 |
else if (proto_version == PY_SSL_VERSION_SSL3) { |
|
|
2037 |
#ifdef OPENSSL_VERSION_1_1 |
2038 |
ctx = SSL_CTX_new(TLS_method()); |
2039 |
SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION); |
2040 |
#else |
2000 |
ctx = SSL_CTX_new(SSLv3_method()); |
2041 |
ctx = SSL_CTX_new(SSLv3_method()); |
2001 |
#endif |
2042 |
#endif |
|
|
2043 |
} |
2044 |
#endif |
2002 |
#ifndef OPENSSL_NO_SSL2 |
2045 |
#ifndef OPENSSL_NO_SSL2 |
2003 |
else if (proto_version == PY_SSL_VERSION_SSL2) |
2046 |
else if (proto_version == PY_SSL_VERSION_SSL2) { |
|
|
2047 |
#ifdef OPENSSL_VERSION_1_1 |
2048 |
ctx = SSL_CTX_new(TLS_method()); |
2049 |
SSL_CTX_set_min_proto_version(ctx, SSL2_VERSION); |
2050 |
#else |
2004 |
ctx = SSL_CTX_new(SSLv2_method()); |
2051 |
ctx = SSL_CTX_new(SSLv2_method()); |
2005 |
#endif |
2052 |
#endif |
|
|
2053 |
} |
2054 |
#endif |
2006 |
else if (proto_version == PY_SSL_VERSION_SSL23) |
2055 |
else if (proto_version == PY_SSL_VERSION_SSL23) |
2007 |
ctx = SSL_CTX_new(SSLv23_method()); |
2056 |
ctx = SSL_CTX_new(TLS_method()); |
2008 |
else |
2057 |
else |
2009 |
proto_version = -1; |
2058 |
proto_version = -1; |
2010 |
PySSL_END_ALLOW_THREADS |
2059 |
PySSL_END_ALLOW_THREADS |
Lines 2259-2268
Link Here
|
2259 |
get_verify_flags(PySSLContext *self, void *c) |
2308 |
get_verify_flags(PySSLContext *self, void *c) |
2260 |
{ |
2309 |
{ |
2261 |
X509_STORE *store; |
2310 |
X509_STORE *store; |
|
|
2311 |
X509_VERIFY_PARAM *param; |
2262 |
unsigned long flags; |
2312 |
unsigned long flags; |
2263 |
|
2313 |
|
2264 |
store = SSL_CTX_get_cert_store(self->ctx); |
2314 |
store = SSL_CTX_get_cert_store(self->ctx); |
2265 |
flags = X509_VERIFY_PARAM_get_flags(store->param); |
2315 |
param = X509_STORE_get0_param(store); |
|
|
2316 |
flags = X509_VERIFY_PARAM_get_flags(param); |
2266 |
return PyLong_FromUnsignedLong(flags); |
2317 |
return PyLong_FromUnsignedLong(flags); |
2267 |
} |
2318 |
} |
2268 |
|
2319 |
|
Lines 2270-2291
Link Here
|
2270 |
set_verify_flags(PySSLContext *self, PyObject *arg, void *c) |
2321 |
set_verify_flags(PySSLContext *self, PyObject *arg, void *c) |
2271 |
{ |
2322 |
{ |
2272 |
X509_STORE *store; |
2323 |
X509_STORE *store; |
|
|
2324 |
X509_VERIFY_PARAM *param; |
2273 |
unsigned long new_flags, flags, set, clear; |
2325 |
unsigned long new_flags, flags, set, clear; |
2274 |
|
2326 |
|
2275 |
if (!PyArg_Parse(arg, "k", &new_flags)) |
2327 |
if (!PyArg_Parse(arg, "k", &new_flags)) |
2276 |
return -1; |
2328 |
return -1; |
2277 |
store = SSL_CTX_get_cert_store(self->ctx); |
2329 |
store = SSL_CTX_get_cert_store(self->ctx); |
2278 |
flags = X509_VERIFY_PARAM_get_flags(store->param); |
2330 |
param = X509_STORE_get0_param(store); |
|
|
2331 |
flags = X509_VERIFY_PARAM_get_flags(param); |
2279 |
clear = flags & ~new_flags; |
2332 |
clear = flags & ~new_flags; |
2280 |
set = ~flags & new_flags; |
2333 |
set = ~flags & new_flags; |
2281 |
if (clear) { |
2334 |
if (clear) { |
2282 |
if (!X509_VERIFY_PARAM_clear_flags(store->param, clear)) { |
2335 |
if (!X509_VERIFY_PARAM_clear_flags(param, clear)) { |
2283 |
_setSSLError(NULL, 0, __FILE__, __LINE__); |
2336 |
_setSSLError(NULL, 0, __FILE__, __LINE__); |
2284 |
return -1; |
2337 |
return -1; |
2285 |
} |
2338 |
} |
2286 |
} |
2339 |
} |
2287 |
if (set) { |
2340 |
if (set) { |
2288 |
if (!X509_VERIFY_PARAM_set_flags(store->param, set)) { |
2341 |
if (!X509_VERIFY_PARAM_set_flags(param, set)) { |
2289 |
_setSSLError(NULL, 0, __FILE__, __LINE__); |
2342 |
_setSSLError(NULL, 0, __FILE__, __LINE__); |
2290 |
return -1; |
2343 |
return -1; |
2291 |
} |
2344 |
} |
Lines 2455-2462
Link Here
|
2455 |
char *kwlist[] = {"certfile", "keyfile", "password", NULL}; |
2508 |
char *kwlist[] = {"certfile", "keyfile", "password", NULL}; |
2456 |
PyObject *certfile, *keyfile = NULL, *password = NULL; |
2509 |
PyObject *certfile, *keyfile = NULL, *password = NULL; |
2457 |
PyObject *certfile_bytes = NULL, *keyfile_bytes = NULL; |
2510 |
PyObject *certfile_bytes = NULL, *keyfile_bytes = NULL; |
2458 |
pem_password_cb *orig_passwd_cb = self->ctx->default_passwd_callback; |
2511 |
pem_password_cb *orig_passwd_cb = SSL_CTX_get_default_passwd_cb(self->ctx); |
2459 |
void *orig_passwd_userdata = self->ctx->default_passwd_callback_userdata; |
2512 |
void *orig_passwd_userdata = SSL_CTX_get_default_passwd_cb_userdata(self->ctx); |
2460 |
_PySSLPasswordInfo pw_info = { NULL, NULL, NULL, 0, 0 }; |
2513 |
_PySSLPasswordInfo pw_info = { NULL, NULL, NULL, 0, 0 }; |
2461 |
int r; |
2514 |
int r; |
2462 |
|
2515 |
|
Lines 2587-2594
Link Here
|
2587 |
cert = d2i_X509_bio(biobuf, NULL); |
2640 |
cert = d2i_X509_bio(biobuf, NULL); |
2588 |
} else { |
2641 |
} else { |
2589 |
cert = PEM_read_bio_X509(biobuf, NULL, |
2642 |
cert = PEM_read_bio_X509(biobuf, NULL, |
2590 |
self->ctx->default_passwd_callback, |
2643 |
SSL_CTX_get_default_passwd_cb(self->ctx), |
2591 |
self->ctx->default_passwd_callback_userdata); |
2644 |
SSL_CTX_get_default_passwd_cb_userdata(self->ctx) |
|
|
2645 |
); |
2592 |
} |
2646 |
} |
2593 |
if (cert == NULL) { |
2647 |
if (cert == NULL) { |
2594 |
break; |
2648 |
break; |
Lines 3036-3060
Link Here
|
3036 |
cert_store_stats(PySSLContext *self) |
3090 |
cert_store_stats(PySSLContext *self) |
3037 |
{ |
3091 |
{ |
3038 |
X509_STORE *store; |
3092 |
X509_STORE *store; |
|
|
3093 |
STACK_OF(X509_OBJECT) *objs; |
3039 |
X509_OBJECT *obj; |
3094 |
X509_OBJECT *obj; |
3040 |
int x509 = 0, crl = 0, pkey = 0, ca = 0, i; |
3095 |
int x509 = 0, crl = 0, ca = 0, i; |
3041 |
|
3096 |
|
3042 |
store = SSL_CTX_get_cert_store(self->ctx); |
3097 |
store = SSL_CTX_get_cert_store(self->ctx); |
3043 |
for (i = 0; i < sk_X509_OBJECT_num(store->objs); i++) { |
3098 |
objs = X509_STORE_get0_objects(store); |
3044 |
obj = sk_X509_OBJECT_value(store->objs, i); |
3099 |
for (i = 0; i < sk_X509_OBJECT_num(objs); i++) { |
3045 |
switch (obj->type) { |
3100 |
obj = sk_X509_OBJECT_value(objs, i); |
|
|
3101 |
switch (X509_OBJECT_get_type(obj)) { |
3046 |
case X509_LU_X509: |
3102 |
case X509_LU_X509: |
3047 |
x509++; |
3103 |
x509++; |
3048 |
if (X509_check_ca(obj->data.x509)) { |
3104 |
if (X509_check_ca(X509_OBJECT_get0_X509(obj))) { |
3049 |
ca++; |
3105 |
ca++; |
3050 |
} |
3106 |
} |
3051 |
break; |
3107 |
break; |
3052 |
case X509_LU_CRL: |
3108 |
case X509_LU_CRL: |
3053 |
crl++; |
3109 |
crl++; |
3054 |
break; |
3110 |
break; |
3055 |
case X509_LU_PKEY: |
|
|
3056 |
pkey++; |
3057 |
break; |
3058 |
default: |
3111 |
default: |
3059 |
/* Ignore X509_LU_FAIL, X509_LU_RETRY, X509_LU_PKEY. |
3112 |
/* Ignore X509_LU_FAIL, X509_LU_RETRY, X509_LU_PKEY. |
3060 |
* As far as I can tell they are internal states and never |
3113 |
* As far as I can tell they are internal states and never |
Lines 3079-3084
Link Here
|
3079 |
{ |
3132 |
{ |
3080 |
char *kwlist[] = {"binary_form", NULL}; |
3133 |
char *kwlist[] = {"binary_form", NULL}; |
3081 |
X509_STORE *store; |
3134 |
X509_STORE *store; |
|
|
3135 |
STACK_OF(X509_OBJECT) *objs; |
3082 |
PyObject *ci = NULL, *rlist = NULL; |
3136 |
PyObject *ci = NULL, *rlist = NULL; |
3083 |
int i; |
3137 |
int i; |
3084 |
int binary_mode = 0; |
3138 |
int binary_mode = 0; |
Lines 3093-3109
Link Here
|
3093 |
} |
3147 |
} |
3094 |
|
3148 |
|
3095 |
store = SSL_CTX_get_cert_store(self->ctx); |
3149 |
store = SSL_CTX_get_cert_store(self->ctx); |
3096 |
for (i = 0; i < sk_X509_OBJECT_num(store->objs); i++) { |
3150 |
objs = X509_STORE_get0_objects(store); |
|
|
3151 |
for (i = 0; i < sk_X509_OBJECT_num(objs); i++) { |
3097 |
X509_OBJECT *obj; |
3152 |
X509_OBJECT *obj; |
3098 |
X509 *cert; |
3153 |
X509 *cert; |
3099 |
|
3154 |
|
3100 |
obj = sk_X509_OBJECT_value(store->objs, i); |
3155 |
obj = sk_X509_OBJECT_value(objs, i); |
3101 |
if (obj->type != X509_LU_X509) { |
3156 |
if (X509_OBJECT_get_type(obj) != X509_LU_X509) { |
3102 |
/* not a x509 cert */ |
3157 |
/* not a x509 cert */ |
3103 |
continue; |
3158 |
continue; |
3104 |
} |
3159 |
} |
3105 |
/* CA for any purpose */ |
3160 |
/* CA for any purpose */ |
3106 |
cert = obj->data.x509; |
3161 |
cert = X509_OBJECT_get0_X509(obj); |
3107 |
if (!X509_check_ca(cert)) { |
3162 |
if (!X509_check_ca(cert)) { |
3108 |
continue; |
3163 |
continue; |
3109 |
} |
3164 |
} |
Lines 3262-3268
Link Here
|
3262 |
if (bytes == NULL) |
3317 |
if (bytes == NULL) |
3263 |
return NULL; |
3318 |
return NULL; |
3264 |
if (pseudo) { |
3319 |
if (pseudo) { |
|
|
3320 |
#ifdef OPENSSL_VERSION_1_1 |
3321 |
ok = RAND_bytes((unsigned char*)PyBytes_AS_STRING(bytes), len); |
3322 |
#else |
3265 |
ok = RAND_pseudo_bytes((unsigned char*)PyBytes_AS_STRING(bytes), len); |
3323 |
ok = RAND_pseudo_bytes((unsigned char*)PyBytes_AS_STRING(bytes), len); |
|
|
3324 |
#endif |
3266 |
if (ok == 0 || ok == 1) |
3325 |
if (ok == 0 || ok == 1) |
3267 |
return Py_BuildValue("NO", bytes, ok == 1 ? Py_True : Py_False); |
3326 |
return Py_BuildValue("NO", bytes, ok == 1 ? Py_True : Py_False); |
3268 |
} |
3327 |
} |
Lines 3776-3782
Link Here
|
3776 |
}; |
3835 |
}; |
3777 |
|
3836 |
|
3778 |
|
3837 |
|
3779 |
#ifdef WITH_THREAD |
3838 |
#ifdef HAVE_OPENSSL_CRYPTO_LOCK |
3780 |
|
3839 |
|
3781 |
/* an implementation of OpenSSL threading operations in terms |
3840 |
/* an implementation of OpenSSL threading operations in terms |
3782 |
of the Python C thread library */ |
3841 |
of the Python C thread library */ |
Lines 3860-3866
Link Here
|
3860 |
return 1; |
3919 |
return 1; |
3861 |
} |
3920 |
} |
3862 |
|
3921 |
|
3863 |
#endif /* def HAVE_THREAD */ |
3922 |
#endif /* HAVE_OPENSSL_CRYPTO_LOCK for WITH_THREAD && OpenSSL < 1.1.0 */ |
3864 |
|
3923 |
|
3865 |
PyDoc_STRVAR(module_doc, |
3924 |
PyDoc_STRVAR(module_doc, |
3866 |
"Implementation module for SSL socket operations. See the socket module\n\ |
3925 |
"Implementation module for SSL socket operations. See the socket module\n\ |
Lines 3924-3939
Link Here
|
3924 |
PySocketModule = *socket_api; |
3983 |
PySocketModule = *socket_api; |
3925 |
|
3984 |
|
3926 |
/* Init OpenSSL */ |
3985 |
/* Init OpenSSL */ |
|
|
3986 |
#ifdef OPENSSL_VERSION_1_1 |
3987 |
OPENSSL_init_ssl(0, NULL); |
3988 |
#else |
3927 |
SSL_load_error_strings(); |
3989 |
SSL_load_error_strings(); |
3928 |
SSL_library_init(); |
3990 |
SSL_library_init(); |
|
|
3991 |
#endif |
3929 |
#ifdef WITH_THREAD |
3992 |
#ifdef WITH_THREAD |
|
|
3993 |
#ifdef HAVE_OPENSSL_CRYPTO_LOCK |
3930 |
/* note that this will start threading if not already started */ |
3994 |
/* note that this will start threading if not already started */ |
3931 |
if (!_setup_ssl_threads()) { |
3995 |
if (!_setup_ssl_threads()) { |
3932 |
return NULL; |
3996 |
return NULL; |
3933 |
} |
3997 |
} |
|
|
3998 |
#elif OPENSSL_VERSION_1_1 && defined(OPENSSL_THREADS) |
3999 |
/* OpenSSL 1.1.0 builtin thread support is enabled */ |
4000 |
_ssl_locks_count++; |
3934 |
#endif |
4001 |
#endif |
|
|
4002 |
#endif /* WITH_THREAD */ |
4003 |
#ifndef OPENSSL_VERSION_1_1 |
3935 |
OpenSSL_add_all_algorithms(); |
4004 |
OpenSSL_add_all_algorithms(); |
3936 |
|
4005 |
#endif |
3937 |
/* Add symbols to module dict */ |
4006 |
/* Add symbols to module dict */ |
3938 |
sslerror_type_slots[0].pfunc = PyExc_OSError; |
4007 |
sslerror_type_slots[0].pfunc = PyExc_OSError; |
3939 |
PySSLErrorObject = PyType_FromSpec(&sslerror_type_spec); |
4008 |
PySSLErrorObject = PyType_FromSpec(&sslerror_type_spec); |
Lines 4183-4192
Link Here
|
4183 |
return NULL; |
4252 |
return NULL; |
4184 |
|
4253 |
|
4185 |
/* OpenSSL version */ |
4254 |
/* OpenSSL version */ |
4186 |
/* SSLeay() gives us the version of the library linked against, |
4255 |
/* OpenSSL_version_num() gives us the version of the library linked against, |
4187 |
which could be different from the headers version. |
4256 |
which could be different from the headers version. |
4188 |
*/ |
4257 |
*/ |
4189 |
libver = SSLeay(); |
4258 |
libver = OpenSSL_version_num(); |
4190 |
r = PyLong_FromUnsignedLong(libver); |
4259 |
r = PyLong_FromUnsignedLong(libver); |
4191 |
if (r == NULL) |
4260 |
if (r == NULL) |
4192 |
return NULL; |
4261 |
return NULL; |
Lines 4196-4202
Link Here
|
4196 |
r = Py_BuildValue("IIIII", major, minor, fix, patch, status); |
4265 |
r = Py_BuildValue("IIIII", major, minor, fix, patch, status); |
4197 |
if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION_INFO", r)) |
4266 |
if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION_INFO", r)) |
4198 |
return NULL; |
4267 |
return NULL; |
4199 |
r = PyUnicode_FromString(SSLeay_version(SSLEAY_VERSION)); |
4268 |
r = PyUnicode_FromString(OpenSSL_version(OPENSSL_VERSION)); |
4200 |
if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION", r)) |
4269 |
if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION", r)) |
4201 |
return NULL; |
4270 |
return NULL; |
4202 |
|
4271 |
|