Lines 139-147
Link Here
|
139 |
#define HAVE_OPENSSL_CRYPTO_LOCK |
139 |
#define HAVE_OPENSSL_CRYPTO_LOCK |
140 |
#endif |
140 |
#endif |
141 |
|
141 |
|
|
|
142 |
#ifndef OPENSSL_VERSION_1_1 |
142 |
#define TLS_method SSLv23_method |
143 |
#define TLS_method SSLv23_method |
143 |
#define TLS_client_method SSLv23_client_method |
144 |
#define TLS_client_method SSLv23_client_method |
144 |
#define TLS_server_method SSLv23_server_method |
145 |
#define TLS_server_method SSLv23_server_method |
|
|
146 |
#define X509_get0_notBefore X509_get_notBefore |
147 |
#define X509_get0_notAfter X509_get_notAfter |
148 |
#define ASN1_STRING_get0_data ASN1_STRING_data |
149 |
#define OpenSSL_version_num SSLeay |
150 |
#define OpenSSL_version SSLeay_version |
151 |
#define OPENSSL_VERSION SSLEAY_VERSION |
152 |
#endif |
145 |
|
153 |
|
146 |
static int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne) |
154 |
static int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne) |
147 |
{ |
155 |
{ |
Lines 1062-1068
Link Here
|
1062 |
goto fail; |
1070 |
goto fail; |
1063 |
} |
1071 |
} |
1064 |
PyTuple_SET_ITEM(t, 0, v); |
1072 |
PyTuple_SET_ITEM(t, 0, v); |
1065 |
v = PyUnicode_FromStringAndSize((char *)ASN1_STRING_data(as), |
1073 |
v = PyUnicode_FromStringAndSize((char *)ASN1_STRING_get0_data(as), |
1066 |
ASN1_STRING_length(as)); |
1074 |
ASN1_STRING_length(as)); |
1067 |
if (v == NULL) { |
1075 |
if (v == NULL) { |
1068 |
Py_DECREF(t); |
1076 |
Py_DECREF(t); |
Lines 1365-1371
Link Here
|
1365 |
Py_DECREF(sn_obj); |
1373 |
Py_DECREF(sn_obj); |
1366 |
|
1374 |
|
1367 |
(void) BIO_reset(biobuf); |
1375 |
(void) BIO_reset(biobuf); |
1368 |
notBefore = X509_get_notBefore(certificate); |
1376 |
notBefore = X509_get0_notBefore(certificate); |
1369 |
ASN1_TIME_print(biobuf, notBefore); |
1377 |
ASN1_TIME_print(biobuf, notBefore); |
1370 |
len = BIO_gets(biobuf, buf, sizeof(buf)-1); |
1378 |
len = BIO_gets(biobuf, buf, sizeof(buf)-1); |
1371 |
if (len < 0) { |
1379 |
if (len < 0) { |
Lines 1382-1388
Link Here
|
1382 |
Py_DECREF(pnotBefore); |
1390 |
Py_DECREF(pnotBefore); |
1383 |
|
1391 |
|
1384 |
(void) BIO_reset(biobuf); |
1392 |
(void) BIO_reset(biobuf); |
1385 |
notAfter = X509_get_notAfter(certificate); |
1393 |
notAfter = X509_get0_notAfter(certificate); |
1386 |
ASN1_TIME_print(biobuf, notAfter); |
1394 |
ASN1_TIME_print(biobuf, notAfter); |
1387 |
len = BIO_gets(biobuf, buf, sizeof(buf)-1); |
1395 |
len = BIO_gets(biobuf, buf, sizeof(buf)-1); |
1388 |
if (len < 0) { |
1396 |
if (len < 0) { |
Lines 2648-2669
Link Here
|
2648 |
#endif |
2656 |
#endif |
2649 |
|
2657 |
|
2650 |
PySSL_BEGIN_ALLOW_THREADS |
2658 |
PySSL_BEGIN_ALLOW_THREADS |
2651 |
if (proto_version == PY_SSL_VERSION_TLS1) |
2659 |
if (proto_version == PY_SSL_VERSION_TLS1) { |
|
|
2660 |
#ifdef OPENSSL_VERSION_1_1 |
2661 |
ctx = SSL_CTX_new(TLS_method()); |
2662 |
SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION); |
2663 |
#else |
2652 |
ctx = SSL_CTX_new(TLSv1_method()); |
2664 |
ctx = SSL_CTX_new(TLSv1_method()); |
|
|
2665 |
#endif |
2666 |
} |
2653 |
#if HAVE_TLSv1_2 |
2667 |
#if HAVE_TLSv1_2 |
2654 |
else if (proto_version == PY_SSL_VERSION_TLS1_1) |
2668 |
else if (proto_version == PY_SSL_VERSION_TLS1_1) { |
|
|
2669 |
#ifdef OPENSSL_VERSION_1_1 |
2670 |
ctx = SSL_CTX_new(TLS_method()); |
2671 |
SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION); |
2672 |
#else |
2655 |
ctx = SSL_CTX_new(TLSv1_1_method()); |
2673 |
ctx = SSL_CTX_new(TLSv1_1_method()); |
2656 |
else if (proto_version == PY_SSL_VERSION_TLS1_2) |
2674 |
#endif |
|
|
2675 |
} |
2676 |
else if (proto_version == PY_SSL_VERSION_TLS1_2) { |
2677 |
#ifdef OPENSSL_VERSION_1_1 |
2678 |
ctx = SSL_CTX_new(TLS_method()); |
2679 |
SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION); |
2680 |
#else |
2657 |
ctx = SSL_CTX_new(TLSv1_2_method()); |
2681 |
ctx = SSL_CTX_new(TLSv1_2_method()); |
2658 |
#endif |
2682 |
#endif |
|
|
2683 |
} |
2684 |
#endif |
2659 |
#ifndef OPENSSL_NO_SSL3 |
2685 |
#ifndef OPENSSL_NO_SSL3 |
2660 |
else if (proto_version == PY_SSL_VERSION_SSL3) |
2686 |
else if (proto_version == PY_SSL_VERSION_SSL3) { |
|
|
2687 |
#ifdef OPENSSL_VERSION_1_1 |
2688 |
ctx = SSL_CTX_new(TLS_method()); |
2689 |
SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION); |
2690 |
#else |
2661 |
ctx = SSL_CTX_new(SSLv3_method()); |
2691 |
ctx = SSL_CTX_new(SSLv3_method()); |
2662 |
#endif |
2692 |
#endif |
|
|
2693 |
} |
2694 |
#endif |
2663 |
#ifndef OPENSSL_NO_SSL2 |
2695 |
#ifndef OPENSSL_NO_SSL2 |
2664 |
else if (proto_version == PY_SSL_VERSION_SSL2) |
2696 |
else if (proto_version == PY_SSL_VERSION_SSL2) { |
|
|
2697 |
#ifdef OPENSSL_VERSION_1_1 |
2698 |
ctx = SSL_CTX_new(TLS_method()); |
2699 |
SSL_CTX_set_min_proto_version(ctx, SSL2_VERSION); |
2700 |
#else |
2665 |
ctx = SSL_CTX_new(SSLv2_method()); |
2701 |
ctx = SSL_CTX_new(SSLv2_method()); |
2666 |
#endif |
2702 |
#endif |
|
|
2703 |
} |
2704 |
#endif |
2667 |
else if (proto_version == PY_SSL_VERSION_TLS) /* SSLv23 */ |
2705 |
else if (proto_version == PY_SSL_VERSION_TLS) /* SSLv23 */ |
2668 |
ctx = SSL_CTX_new(TLS_method()); |
2706 |
ctx = SSL_CTX_new(TLS_method()); |
2669 |
else if (proto_version == PY_SSL_VERSION_TLS_CLIENT) |
2707 |
else if (proto_version == PY_SSL_VERSION_TLS_CLIENT) |
Lines 2760-2766
Link Here
|
2760 |
conservative and assume it wasn't fixed until release. We do this check |
2798 |
conservative and assume it wasn't fixed until release. We do this check |
2761 |
at runtime to avoid problems from the dynamic linker. |
2799 |
at runtime to avoid problems from the dynamic linker. |
2762 |
See #25672 for more on this. */ |
2800 |
See #25672 for more on this. */ |
2763 |
libver = SSLeay(); |
2801 |
libver = OpenSSL_version_num(); |
2764 |
if (!(libver >= 0x10001000UL && libver < 0x1000108fUL) && |
2802 |
if (!(libver >= 0x10001000UL && libver < 0x1000108fUL) && |
2765 |
!(libver >= 0x10000000UL && libver < 0x100000dfUL)) { |
2803 |
!(libver >= 0x10000000UL && libver < 0x100000dfUL)) { |
2766 |
SSL_CTX_set_mode(self->ctx, SSL_MODE_RELEASE_BUFFERS); |
2804 |
SSL_CTX_set_mode(self->ctx, SSL_MODE_RELEASE_BUFFERS); |
Lines 4572-4578
Link Here
|
4572 |
if (bytes == NULL) |
4610 |
if (bytes == NULL) |
4573 |
return NULL; |
4611 |
return NULL; |
4574 |
if (pseudo) { |
4612 |
if (pseudo) { |
|
|
4613 |
#ifdef OPENSSL_VERSION_1_1 |
4614 |
ok = RAND_bytes((unsigned char*)PyBytes_AS_STRING(bytes), len); |
4615 |
#else |
4575 |
ok = RAND_pseudo_bytes((unsigned char*)PyBytes_AS_STRING(bytes), len); |
4616 |
ok = RAND_pseudo_bytes((unsigned char*)PyBytes_AS_STRING(bytes), len); |
|
|
4617 |
#endif |
4576 |
if (ok == 0 || ok == 1) |
4618 |
if (ok == 0 || ok == 1) |
4577 |
return Py_BuildValue("NO", bytes, ok == 1 ? Py_True : Py_False); |
4619 |
return Py_BuildValue("NO", bytes, ok == 1 ? Py_True : Py_False); |
4578 |
} |
4620 |
} |
Lines 5212-5218
Link Here
|
5212 |
return NULL; |
5254 |
return NULL; |
5213 |
PySocketModule = *socket_api; |
5255 |
PySocketModule = *socket_api; |
5214 |
|
5256 |
|
5215 |
#ifndef OPENSSL_VERSION_1_1 |
5257 |
#ifdef OPENSSL_VERSION_1_1 |
|
|
5258 |
OPENSSL_init_ssl(0, NULL); |
5259 |
#else |
5216 |
/* Load all algorithms and initialize cpuid */ |
5260 |
/* Load all algorithms and initialize cpuid */ |
5217 |
OPENSSL_add_all_algorithms_noconf(); |
5261 |
OPENSSL_add_all_algorithms_noconf(); |
5218 |
/* Init OpenSSL */ |
5262 |
/* Init OpenSSL */ |
Lines 5512-5521
Link Here
|
5512 |
return NULL; |
5556 |
return NULL; |
5513 |
|
5557 |
|
5514 |
/* OpenSSL version */ |
5558 |
/* OpenSSL version */ |
5515 |
/* SSLeay() gives us the version of the library linked against, |
5559 |
/* OpenSSL_version_num() gives us the version of the library linked against, |
5516 |
which could be different from the headers version. |
5560 |
which could be different from the headers version. |
5517 |
*/ |
5561 |
*/ |
5518 |
libver = SSLeay(); |
5562 |
libver = OpenSSL_version_num(); |
5519 |
r = PyLong_FromUnsignedLong(libver); |
5563 |
r = PyLong_FromUnsignedLong(libver); |
5520 |
if (r == NULL) |
5564 |
if (r == NULL) |
5521 |
return NULL; |
5565 |
return NULL; |
Lines 5525-5531
Link Here
|
5525 |
r = Py_BuildValue("IIIII", major, minor, fix, patch, status); |
5569 |
r = Py_BuildValue("IIIII", major, minor, fix, patch, status); |
5526 |
if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION_INFO", r)) |
5570 |
if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION_INFO", r)) |
5527 |
return NULL; |
5571 |
return NULL; |
5528 |
r = PyUnicode_FromString(SSLeay_version(SSLEAY_VERSION)); |
5572 |
r = PyUnicode_FromString(OpenSSL_version(OPENSSL_VERSION)); |
5529 |
if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION", r)) |
5573 |
if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION", r)) |
5530 |
return NULL; |
5574 |
return NULL; |
5531 |
|
5575 |
|