Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 498224 Details for
Bug 592480
dev-lang/python fails to build with >=dev-libs/openssl-1.1.0
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
python-3.6.3-openssl-1.1.0.patch
python-3.6.3-openssl-1.1.0.patch (text/plain), 5.85 KB, created by
Mark Wright
on 2017-10-09 14:11:36 UTC
(
hide
)
Description:
python-3.6.3-openssl-1.1.0.patch
Filename:
MIME Type:
Creator:
Mark Wright
Created:
2017-10-09 14:11:36 UTC
Size:
5.85 KB
patch
obsolete
>--- Python-3.6.3-orig/Modules/_ssl.c 2017-10-03 16:52:02.000000000 +1100 >+++ Python-3.6.3/Modules/_ssl.c 2017-10-09 23:59:08.326937271 +1100 >@@ -139,9 +139,17 @@ > #define HAVE_OPENSSL_CRYPTO_LOCK > #endif > >+#ifndef OPENSSL_VERSION_1_1 > #define TLS_method SSLv23_method > #define TLS_client_method SSLv23_client_method > #define TLS_server_method SSLv23_server_method >+#define X509_get0_notBefore X509_get_notBefore >+#define X509_get0_notAfter X509_get_notAfter >+#define ASN1_STRING_get0_data ASN1_STRING_data >+#define OpenSSL_version_num SSLeay >+#define OpenSSL_version SSLeay_version >+#define OPENSSL_VERSION SSLEAY_VERSION >+#endif > > static int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne) > { >@@ -1062,7 +1070,7 @@ > goto fail; > } > PyTuple_SET_ITEM(t, 0, v); >- v = PyUnicode_FromStringAndSize((char *)ASN1_STRING_data(as), >+ v = PyUnicode_FromStringAndSize((char *)ASN1_STRING_get0_data(as), > ASN1_STRING_length(as)); > if (v == NULL) { > Py_DECREF(t); >@@ -1365,7 +1373,7 @@ > Py_DECREF(sn_obj); > > (void) BIO_reset(biobuf); >- notBefore = X509_get_notBefore(certificate); >+ notBefore = X509_get0_notBefore(certificate); > ASN1_TIME_print(biobuf, notBefore); > len = BIO_gets(biobuf, buf, sizeof(buf)-1); > if (len < 0) { >@@ -1382,7 +1390,7 @@ > Py_DECREF(pnotBefore); > > (void) BIO_reset(biobuf); >- notAfter = X509_get_notAfter(certificate); >+ notAfter = X509_get0_notAfter(certificate); > ASN1_TIME_print(biobuf, notAfter); > len = BIO_gets(biobuf, buf, sizeof(buf)-1); > if (len < 0) { >@@ -2648,22 +2656,52 @@ > #endif > > PySSL_BEGIN_ALLOW_THREADS >- if (proto_version == PY_SSL_VERSION_TLS1) >+ if (proto_version == PY_SSL_VERSION_TLS1) { >+#ifdef OPENSSL_VERSION_1_1 >+ ctx = SSL_CTX_new(TLS_method()); >+ SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION); >+#else > ctx = SSL_CTX_new(TLSv1_method()); >+#endif >+ } > #if HAVE_TLSv1_2 >- else if (proto_version == PY_SSL_VERSION_TLS1_1) >+ else if (proto_version == PY_SSL_VERSION_TLS1_1) { >+#ifdef OPENSSL_VERSION_1_1 >+ ctx = SSL_CTX_new(TLS_method()); >+ SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION); >+#else > ctx = SSL_CTX_new(TLSv1_1_method()); >- else if (proto_version == PY_SSL_VERSION_TLS1_2) >+#endif >+ } >+ else if (proto_version == PY_SSL_VERSION_TLS1_2) { >+#ifdef OPENSSL_VERSION_1_1 >+ ctx = SSL_CTX_new(TLS_method()); >+ SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION); >+#else > ctx = SSL_CTX_new(TLSv1_2_method()); > #endif >+ } >+#endif > #ifndef OPENSSL_NO_SSL3 >- else if (proto_version == PY_SSL_VERSION_SSL3) >+ else if (proto_version == PY_SSL_VERSION_SSL3) { >+#ifdef OPENSSL_VERSION_1_1 >+ ctx = SSL_CTX_new(TLS_method()); >+ SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION); >+#else > ctx = SSL_CTX_new(SSLv3_method()); > #endif >+ } >+#endif > #ifndef OPENSSL_NO_SSL2 >- else if (proto_version == PY_SSL_VERSION_SSL2) >+ else if (proto_version == PY_SSL_VERSION_SSL2) { >+#ifdef OPENSSL_VERSION_1_1 >+ ctx = SSL_CTX_new(TLS_method()); >+ SSL_CTX_set_min_proto_version(ctx, SSL2_VERSION); >+#else > ctx = SSL_CTX_new(SSLv2_method()); > #endif >+ } >+#endif > else if (proto_version == PY_SSL_VERSION_TLS) /* SSLv23 */ > ctx = SSL_CTX_new(TLS_method()); > else if (proto_version == PY_SSL_VERSION_TLS_CLIENT) >@@ -2760,7 +2798,7 @@ > conservative and assume it wasn't fixed until release. We do this check > at runtime to avoid problems from the dynamic linker. > See #25672 for more on this. */ >- libver = SSLeay(); >+ libver = OpenSSL_version_num(); > if (!(libver >= 0x10001000UL && libver < 0x1000108fUL) && > !(libver >= 0x10000000UL && libver < 0x100000dfUL)) { > SSL_CTX_set_mode(self->ctx, SSL_MODE_RELEASE_BUFFERS); >@@ -4572,7 +4610,11 @@ > if (bytes == NULL) > return NULL; > if (pseudo) { >+#ifdef OPENSSL_VERSION_1_1 >+ ok = RAND_bytes((unsigned char*)PyBytes_AS_STRING(bytes), len); >+#else > ok = RAND_pseudo_bytes((unsigned char*)PyBytes_AS_STRING(bytes), len); >+#endif > if (ok == 0 || ok == 1) > return Py_BuildValue("NO", bytes, ok == 1 ? Py_True : Py_False); > } >@@ -5212,7 +5254,9 @@ > return NULL; > PySocketModule = *socket_api; > >-#ifndef OPENSSL_VERSION_1_1 >+#ifdef OPENSSL_VERSION_1_1 >+ OPENSSL_init_ssl(0, NULL); >+#else > /* Load all algorithms and initialize cpuid */ > OPENSSL_add_all_algorithms_noconf(); > /* Init OpenSSL */ >@@ -5512,10 +5556,10 @@ > return NULL; > > /* OpenSSL version */ >- /* SSLeay() gives us the version of the library linked against, >+ /* OpenSSL_version_num() gives us the version of the library linked against, > which could be different from the headers version. > */ >- libver = SSLeay(); >+ libver = OpenSSL_version_num(); > r = PyLong_FromUnsignedLong(libver); > if (r == NULL) > return NULL; >@@ -5525,7 +5569,7 @@ > r = Py_BuildValue("IIIII", major, minor, fix, patch, status); > if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION_INFO", r)) > return NULL; >- r = PyUnicode_FromString(SSLeay_version(SSLEAY_VERSION)); >+ r = PyUnicode_FromString(OpenSSL_version(OPENSSL_VERSION)); > if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION", r)) > return NULL; > >--- Python-3.6.3-orig/Modules/_hashopenssl.c 2017-10-03 16:52:02.000000000 +1100 >+++ Python-3.6.3/Modules/_hashopenssl.c 2017-10-09 16:00:57.460136998 +1100 >@@ -1022,7 +1022,7 @@ > { > PyObject *m, *openssl_md_meth_names; > >-#ifndef OPENSSL_VERSION_1_1 >+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) > /* Load all digest algorithms and initialize cpuid */ > OPENSSL_add_all_algorithms_noconf(); > ERR_load_crypto_strings();
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 592480
:
444486
|
498216
|
498218
|
498220
|
498224
|
498594
|
498596
|
498600
|
498602
|
498604
|
498606
|
498608
|
498610
|
498612
|
562840