Lines 55-60
Link Here
|
55 |
#include <sys/poll.h> |
55 |
#include <sys/poll.h> |
56 |
#endif |
56 |
#endif |
57 |
|
57 |
|
|
|
58 |
/* Don't warn about deprecated functions */ |
59 |
#ifdef __GNUC__ |
60 |
#pragma GCC diagnostic ignored "-Wdeprecated-declarations" |
61 |
#endif |
62 |
#ifdef __clang__ |
63 |
#pragma clang diagnostic ignored "-Wdeprecated-declarations" |
64 |
#endif |
65 |
|
58 |
/* Include OpenSSL header files */ |
66 |
/* Include OpenSSL header files */ |
59 |
#include "openssl/rsa.h" |
67 |
#include "openssl/rsa.h" |
60 |
#include "openssl/crypto.h" |
68 |
#include "openssl/crypto.h" |
Lines 90-95
Link Here
|
90 |
/* Include generated data (error codes) */ |
98 |
/* Include generated data (error codes) */ |
91 |
#include "_ssl_data.h" |
99 |
#include "_ssl_data.h" |
92 |
|
100 |
|
|
|
101 |
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER) |
102 |
# define OPENSSL_VERSION_1_1 1 |
103 |
#endif |
104 |
|
93 |
/* Openssl comes with TLSv1.1 and TLSv1.2 between 1.0.0h and 1.0.1 |
105 |
/* Openssl comes with TLSv1.1 and TLSv1.2 between 1.0.0h and 1.0.1 |
94 |
http://www.openssl.org/news/changelog.html |
106 |
http://www.openssl.org/news/changelog.html |
95 |
*/ |
107 |
*/ |
Lines 108-113
Link Here
|
108 |
# define HAVE_SNI 0 |
120 |
# define HAVE_SNI 0 |
109 |
#endif |
121 |
#endif |
110 |
|
122 |
|
|
|
123 |
#ifdef OPENSSL_VERSION_1_1 |
124 |
/* OpenSSL 1.1.0+ */ |
125 |
#ifndef OPENSSL_NO_SSL2 |
126 |
#define OPENSSL_NO_SSL2 |
127 |
#endif |
128 |
#else /* OpenSSL < 1.1.0 */ |
129 |
#if defined(WITH_THREAD) |
130 |
#define HAVE_OPENSSL_CRYPTO_LOCK |
131 |
#endif |
132 |
|
133 |
#define TLS_method SSLv23_method |
134 |
|
135 |
static int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne) |
136 |
{ |
137 |
return ne->set; |
138 |
} |
139 |
|
140 |
#ifndef OPENSSL_NO_COMP |
141 |
static int COMP_get_type(const COMP_METHOD *meth) |
142 |
{ |
143 |
return meth->type; |
144 |
} |
145 |
|
146 |
static const char *COMP_get_name(const COMP_METHOD *meth) |
147 |
{ |
148 |
return meth->name; |
149 |
} |
150 |
#endif |
151 |
|
152 |
static pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx) |
153 |
{ |
154 |
return ctx->default_passwd_callback; |
155 |
} |
156 |
|
157 |
static void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx) |
158 |
{ |
159 |
return ctx->default_passwd_callback_userdata; |
160 |
} |
161 |
|
162 |
static int X509_OBJECT_get_type(X509_OBJECT *x) |
163 |
{ |
164 |
return x->type; |
165 |
} |
166 |
|
167 |
static X509 *X509_OBJECT_get0_X509(X509_OBJECT *x) |
168 |
{ |
169 |
return x->data.x509; |
170 |
} |
171 |
|
172 |
static int BIO_up_ref(BIO *b) |
173 |
{ |
174 |
CRYPTO_add(&b->references, 1, CRYPTO_LOCK_BIO); |
175 |
return 1; |
176 |
} |
177 |
|
178 |
static STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *store) { |
179 |
return store->objs; |
180 |
} |
181 |
|
182 |
static X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *store) |
183 |
{ |
184 |
return store->param; |
185 |
} |
186 |
#endif /* OpenSSL < 1.1.0 or LibreSSL */ |
187 |
|
188 |
|
111 |
enum py_ssl_error { |
189 |
enum py_ssl_error { |
112 |
/* these mirror ssl.h */ |
190 |
/* these mirror ssl.h */ |
113 |
PY_SSL_ERROR_NONE, |
191 |
PY_SSL_ERROR_NONE, |
Lines 138-144
Link Here
|
138 |
enum py_ssl_version { |
216 |
enum py_ssl_version { |
139 |
PY_SSL_VERSION_SSL2, |
217 |
PY_SSL_VERSION_SSL2, |
140 |
PY_SSL_VERSION_SSL3=1, |
218 |
PY_SSL_VERSION_SSL3=1, |
141 |
PY_SSL_VERSION_SSL23, |
219 |
PY_SSL_VERSION_TLS, |
142 |
#if HAVE_TLSv1_2 |
220 |
#if HAVE_TLSv1_2 |
143 |
PY_SSL_VERSION_TLS1, |
221 |
PY_SSL_VERSION_TLS1, |
144 |
PY_SSL_VERSION_TLS1_1, |
222 |
PY_SSL_VERSION_TLS1_1, |
Lines 691-697
Link Here
|
691 |
|
769 |
|
692 |
/* check to see if we've gotten to a new RDN */ |
770 |
/* check to see if we've gotten to a new RDN */ |
693 |
if (rdn_level >= 0) { |
771 |
if (rdn_level >= 0) { |
694 |
if (rdn_level != entry->set) { |
772 |
if (rdn_level != X509_NAME_ENTRY_set(entry)) { |
695 |
/* yes, new RDN */ |
773 |
/* yes, new RDN */ |
696 |
/* add old RDN to DN */ |
774 |
/* add old RDN to DN */ |
697 |
rdnt = PyList_AsTuple(rdn); |
775 |
rdnt = PyList_AsTuple(rdn); |
Lines 708-714
Link Here
|
708 |
goto fail0; |
786 |
goto fail0; |
709 |
} |
787 |
} |
710 |
} |
788 |
} |
711 |
rdn_level = entry->set; |
789 |
rdn_level = X509_NAME_ENTRY_set(entry); |
712 |
|
790 |
|
713 |
/* now add this attribute to the current RDN */ |
791 |
/* now add this attribute to the current RDN */ |
714 |
name = X509_NAME_ENTRY_get_object(entry); |
792 |
name = X509_NAME_ENTRY_get_object(entry); |
Lines 811-828
Link Here
|
811 |
goto fail; |
889 |
goto fail; |
812 |
} |
890 |
} |
813 |
|
891 |
|
814 |
p = ext->value->data; |
892 |
p = X509_EXTENSION_get_data(ext)->data; |
815 |
if (method->it) |
893 |
if (method->it) |
816 |
names = (GENERAL_NAMES*) |
894 |
names = (GENERAL_NAMES*) |
817 |
(ASN1_item_d2i(NULL, |
895 |
(ASN1_item_d2i(NULL, |
818 |
&p, |
896 |
&p, |
819 |
ext->value->length, |
897 |
X509_EXTENSION_get_data(ext)->length, |
820 |
ASN1_ITEM_ptr(method->it))); |
898 |
ASN1_ITEM_ptr(method->it))); |
821 |
else |
899 |
else |
822 |
names = (GENERAL_NAMES*) |
900 |
names = (GENERAL_NAMES*) |
823 |
(method->d2i(NULL, |
901 |
(method->d2i(NULL, |
824 |
&p, |
902 |
&p, |
825 |
ext->value->length)); |
903 |
X509_EXTENSION_get_data(ext)->length)); |
826 |
|
904 |
|
827 |
for(j = 0; j < sk_GENERAL_NAME_num(names); j++) { |
905 |
for(j = 0; j < sk_GENERAL_NAME_num(names); j++) { |
828 |
/* get a rendering of each name in the set of names */ |
906 |
/* get a rendering of each name in the set of names */ |
Lines 1033-1045
Link Here
|
1033 |
int i, j; |
1111 |
int i, j; |
1034 |
PyObject *lst, *res = NULL; |
1112 |
PyObject *lst, *res = NULL; |
1035 |
|
1113 |
|
1036 |
#if OPENSSL_VERSION_NUMBER < 0x10001000L |
1114 |
#if OPENSSL_VERSION_NUMBER >= 0x10001000L |
1037 |
dps = X509_get_ext_d2i(certificate, NID_crl_distribution_points, NULL, NULL); |
|
|
1038 |
#else |
1039 |
/* Calls x509v3_cache_extensions and sets up crldp */ |
1115 |
/* Calls x509v3_cache_extensions and sets up crldp */ |
1040 |
X509_check_ca(certificate); |
1116 |
X509_check_ca(certificate); |
1041 |
dps = certificate->crldp; |
|
|
1042 |
#endif |
1117 |
#endif |
|
|
1118 |
dps = X509_get_ext_d2i(certificate, NID_crl_distribution_points, NULL, NULL); |
1043 |
|
1119 |
|
1044 |
if (dps == NULL) |
1120 |
if (dps == NULL) |
1045 |
return Py_None; |
1121 |
return Py_None; |
Lines 1427-1435
Link Here
|
1427 |
if (self->ssl == NULL) |
1503 |
if (self->ssl == NULL) |
1428 |
Py_RETURN_NONE; |
1504 |
Py_RETURN_NONE; |
1429 |
comp_method = SSL_get_current_compression(self->ssl); |
1505 |
comp_method = SSL_get_current_compression(self->ssl); |
1430 |
if (comp_method == NULL || comp_method->type == NID_undef) |
1506 |
if (comp_method == NULL || COMP_get_type(comp_method) == NID_undef) |
1431 |
Py_RETURN_NONE; |
1507 |
Py_RETURN_NONE; |
1432 |
short_name = OBJ_nid2sn(comp_method->type); |
1508 |
short_name = COMP_get_name(comp_method); |
1433 |
if (short_name == NULL) |
1509 |
if (short_name == NULL) |
1434 |
Py_RETURN_NONE; |
1510 |
Py_RETURN_NONE; |
1435 |
return PyUnicode_DecodeFSDefault(short_name); |
1511 |
return PyUnicode_DecodeFSDefault(short_name); |
Lines 2003-2010
Link Here
|
2003 |
else if (proto_version == PY_SSL_VERSION_SSL2) |
2079 |
else if (proto_version == PY_SSL_VERSION_SSL2) |
2004 |
ctx = SSL_CTX_new(SSLv2_method()); |
2080 |
ctx = SSL_CTX_new(SSLv2_method()); |
2005 |
#endif |
2081 |
#endif |
2006 |
else if (proto_version == PY_SSL_VERSION_SSL23) |
2082 |
else if (proto_version == PY_SSL_VERSION_TLS) |
2007 |
ctx = SSL_CTX_new(SSLv23_method()); |
2083 |
ctx = SSL_CTX_new(TLS_method()); |
2008 |
else |
2084 |
else |
2009 |
proto_version = -1; |
2085 |
proto_version = -1; |
2010 |
PySSL_END_ALLOW_THREADS |
2086 |
PySSL_END_ALLOW_THREADS |
Lines 2047-2054
Link Here
|
2047 |
#ifndef OPENSSL_NO_ECDH |
2123 |
#ifndef OPENSSL_NO_ECDH |
2048 |
/* Allow automatic ECDH curve selection (on OpenSSL 1.0.2+), or use |
2124 |
/* Allow automatic ECDH curve selection (on OpenSSL 1.0.2+), or use |
2049 |
prime256v1 by default. This is Apache mod_ssl's initialization |
2125 |
prime256v1 by default. This is Apache mod_ssl's initialization |
2050 |
policy, so we should be safe. */ |
2126 |
policy, so we should be safe. OpenSSL 1.1 has it enabled by default. |
2051 |
#if defined(SSL_CTX_set_ecdh_auto) |
2127 |
*/ |
|
|
2128 |
#if defined(SSL_CTX_set_ecdh_auto) && !defined(OPENSSL_VERSION_1_1) |
2052 |
SSL_CTX_set_ecdh_auto(self->ctx, 1); |
2129 |
SSL_CTX_set_ecdh_auto(self->ctx, 1); |
2053 |
#else |
2130 |
#else |
2054 |
{ |
2131 |
{ |
Lines 2259-2268
Link Here
|
2259 |
get_verify_flags(PySSLContext *self, void *c) |
2336 |
get_verify_flags(PySSLContext *self, void *c) |
2260 |
{ |
2337 |
{ |
2261 |
X509_STORE *store; |
2338 |
X509_STORE *store; |
|
|
2339 |
X509_VERIFY_PARAM *param; |
2262 |
unsigned long flags; |
2340 |
unsigned long flags; |
2263 |
|
2341 |
|
2264 |
store = SSL_CTX_get_cert_store(self->ctx); |
2342 |
store = SSL_CTX_get_cert_store(self->ctx); |
2265 |
flags = X509_VERIFY_PARAM_get_flags(store->param); |
2343 |
param = X509_STORE_get0_param(store); |
|
|
2344 |
flags = X509_VERIFY_PARAM_get_flags(param); |
2266 |
return PyLong_FromUnsignedLong(flags); |
2345 |
return PyLong_FromUnsignedLong(flags); |
2267 |
} |
2346 |
} |
2268 |
|
2347 |
|
Lines 2270-2291
Link Here
|
2270 |
set_verify_flags(PySSLContext *self, PyObject *arg, void *c) |
2349 |
set_verify_flags(PySSLContext *self, PyObject *arg, void *c) |
2271 |
{ |
2350 |
{ |
2272 |
X509_STORE *store; |
2351 |
X509_STORE *store; |
|
|
2352 |
X509_VERIFY_PARAM *param; |
2273 |
unsigned long new_flags, flags, set, clear; |
2353 |
unsigned long new_flags, flags, set, clear; |
2274 |
|
2354 |
|
2275 |
if (!PyArg_Parse(arg, "k", &new_flags)) |
2355 |
if (!PyArg_Parse(arg, "k", &new_flags)) |
2276 |
return -1; |
2356 |
return -1; |
2277 |
store = SSL_CTX_get_cert_store(self->ctx); |
2357 |
store = SSL_CTX_get_cert_store(self->ctx); |
2278 |
flags = X509_VERIFY_PARAM_get_flags(store->param); |
2358 |
param = X509_STORE_get0_param(store); |
|
|
2359 |
flags = X509_VERIFY_PARAM_get_flags(param); |
2279 |
clear = flags & ~new_flags; |
2360 |
clear = flags & ~new_flags; |
2280 |
set = ~flags & new_flags; |
2361 |
set = ~flags & new_flags; |
2281 |
if (clear) { |
2362 |
if (clear) { |
2282 |
if (!X509_VERIFY_PARAM_clear_flags(store->param, clear)) { |
2363 |
if (!X509_VERIFY_PARAM_clear_flags(param, clear)) { |
2283 |
_setSSLError(NULL, 0, __FILE__, __LINE__); |
2364 |
_setSSLError(NULL, 0, __FILE__, __LINE__); |
2284 |
return -1; |
2365 |
return -1; |
2285 |
} |
2366 |
} |
2286 |
} |
2367 |
} |
2287 |
if (set) { |
2368 |
if (set) { |
2288 |
if (!X509_VERIFY_PARAM_set_flags(store->param, set)) { |
2369 |
if (!X509_VERIFY_PARAM_set_flags(param, set)) { |
2289 |
_setSSLError(NULL, 0, __FILE__, __LINE__); |
2370 |
_setSSLError(NULL, 0, __FILE__, __LINE__); |
2290 |
return -1; |
2371 |
return -1; |
2291 |
} |
2372 |
} |
Lines 2455-2462
Link Here
|
2455 |
char *kwlist[] = {"certfile", "keyfile", "password", NULL}; |
2536 |
char *kwlist[] = {"certfile", "keyfile", "password", NULL}; |
2456 |
PyObject *certfile, *keyfile = NULL, *password = NULL; |
2537 |
PyObject *certfile, *keyfile = NULL, *password = NULL; |
2457 |
PyObject *certfile_bytes = NULL, *keyfile_bytes = NULL; |
2538 |
PyObject *certfile_bytes = NULL, *keyfile_bytes = NULL; |
2458 |
pem_password_cb *orig_passwd_cb = self->ctx->default_passwd_callback; |
2539 |
pem_password_cb *orig_passwd_cb = SSL_CTX_get_default_passwd_cb(self->ctx); |
2459 |
void *orig_passwd_userdata = self->ctx->default_passwd_callback_userdata; |
2540 |
void *orig_passwd_userdata = SSL_CTX_get_default_passwd_cb_userdata(self->ctx); |
2460 |
_PySSLPasswordInfo pw_info = { NULL, NULL, NULL, 0, 0 }; |
2541 |
_PySSLPasswordInfo pw_info = { NULL, NULL, NULL, 0, 0 }; |
2461 |
int r; |
2542 |
int r; |
2462 |
|
2543 |
|
Lines 2587-2594
Link Here
|
2587 |
cert = d2i_X509_bio(biobuf, NULL); |
2668 |
cert = d2i_X509_bio(biobuf, NULL); |
2588 |
} else { |
2669 |
} else { |
2589 |
cert = PEM_read_bio_X509(biobuf, NULL, |
2670 |
cert = PEM_read_bio_X509(biobuf, NULL, |
2590 |
self->ctx->default_passwd_callback, |
2671 |
SSL_CTX_get_default_passwd_cb(self->ctx), |
2591 |
self->ctx->default_passwd_callback_userdata); |
2672 |
SSL_CTX_get_default_passwd_cb_userdata(self->ctx) |
|
|
2673 |
); |
2592 |
} |
2674 |
} |
2593 |
if (cert == NULL) { |
2675 |
if (cert == NULL) { |
2594 |
break; |
2676 |
break; |
Lines 3036-3060
Link Here
|
3036 |
cert_store_stats(PySSLContext *self) |
3118 |
cert_store_stats(PySSLContext *self) |
3037 |
{ |
3119 |
{ |
3038 |
X509_STORE *store; |
3120 |
X509_STORE *store; |
|
|
3121 |
STACK_OF(X509_OBJECT) *objs; |
3039 |
X509_OBJECT *obj; |
3122 |
X509_OBJECT *obj; |
3040 |
int x509 = 0, crl = 0, pkey = 0, ca = 0, i; |
3123 |
int x509 = 0, crl = 0, ca = 0, i; |
3041 |
|
3124 |
|
3042 |
store = SSL_CTX_get_cert_store(self->ctx); |
3125 |
store = SSL_CTX_get_cert_store(self->ctx); |
3043 |
for (i = 0; i < sk_X509_OBJECT_num(store->objs); i++) { |
3126 |
objs = X509_STORE_get0_objects(store); |
3044 |
obj = sk_X509_OBJECT_value(store->objs, i); |
3127 |
for (i = 0; i < sk_X509_OBJECT_num(objs); i++) { |
3045 |
switch (obj->type) { |
3128 |
obj = sk_X509_OBJECT_value(objs, i); |
|
|
3129 |
switch (X509_OBJECT_get_type(obj)) { |
3046 |
case X509_LU_X509: |
3130 |
case X509_LU_X509: |
3047 |
x509++; |
3131 |
x509++; |
3048 |
if (X509_check_ca(obj->data.x509)) { |
3132 |
if (X509_check_ca(X509_OBJECT_get0_X509(obj))) { |
3049 |
ca++; |
3133 |
ca++; |
3050 |
} |
3134 |
} |
3051 |
break; |
3135 |
break; |
3052 |
case X509_LU_CRL: |
3136 |
case X509_LU_CRL: |
3053 |
crl++; |
3137 |
crl++; |
3054 |
break; |
3138 |
break; |
3055 |
case X509_LU_PKEY: |
|
|
3056 |
pkey++; |
3057 |
break; |
3058 |
default: |
3139 |
default: |
3059 |
/* Ignore X509_LU_FAIL, X509_LU_RETRY, X509_LU_PKEY. |
3140 |
/* Ignore X509_LU_FAIL, X509_LU_RETRY, X509_LU_PKEY. |
3060 |
* As far as I can tell they are internal states and never |
3141 |
* As far as I can tell they are internal states and never |
Lines 3079-3084
Link Here
|
3079 |
{ |
3160 |
{ |
3080 |
char *kwlist[] = {"binary_form", NULL}; |
3161 |
char *kwlist[] = {"binary_form", NULL}; |
3081 |
X509_STORE *store; |
3162 |
X509_STORE *store; |
|
|
3163 |
STACK_OF(X509_OBJECT) *objs; |
3082 |
PyObject *ci = NULL, *rlist = NULL; |
3164 |
PyObject *ci = NULL, *rlist = NULL; |
3083 |
int i; |
3165 |
int i; |
3084 |
int binary_mode = 0; |
3166 |
int binary_mode = 0; |
Lines 3093-3109
Link Here
|
3093 |
} |
3175 |
} |
3094 |
|
3176 |
|
3095 |
store = SSL_CTX_get_cert_store(self->ctx); |
3177 |
store = SSL_CTX_get_cert_store(self->ctx); |
3096 |
for (i = 0; i < sk_X509_OBJECT_num(store->objs); i++) { |
3178 |
objs = X509_STORE_get0_objects(store); |
|
|
3179 |
for (i = 0; i < sk_X509_OBJECT_num(objs); i++) { |
3097 |
X509_OBJECT *obj; |
3180 |
X509_OBJECT *obj; |
3098 |
X509 *cert; |
3181 |
X509 *cert; |
3099 |
|
3182 |
|
3100 |
obj = sk_X509_OBJECT_value(store->objs, i); |
3183 |
obj = sk_X509_OBJECT_value(objs, i); |
3101 |
if (obj->type != X509_LU_X509) { |
3184 |
if (X509_OBJECT_get_type(obj) != X509_LU_X509) { |
3102 |
/* not a x509 cert */ |
3185 |
/* not a x509 cert */ |
3103 |
continue; |
3186 |
continue; |
3104 |
} |
3187 |
} |
3105 |
/* CA for any purpose */ |
3188 |
/* CA for any purpose */ |
3106 |
cert = obj->data.x509; |
3189 |
cert = X509_OBJECT_get0_X509(obj); |
3107 |
if (!X509_check_ca(cert)) { |
3190 |
if (!X509_check_ca(cert)) { |
3108 |
continue; |
3191 |
continue; |
3109 |
} |
3192 |
} |
Lines 3776-3785
Link Here
|
3776 |
}; |
3859 |
}; |
3777 |
|
3860 |
|
3778 |
|
3861 |
|
3779 |
#ifdef WITH_THREAD |
3862 |
#ifdef HAVE_OPENSSL_CRYPTO_LOCK |
3780 |
|
3863 |
|
3781 |
/* an implementation of OpenSSL threading operations in terms |
3864 |
/* an implementation of OpenSSL threading operations in terms |
3782 |
of the Python C thread library */ |
3865 |
* of the Python C thread library |
|
|
3866 |
* Only used up to 1.0.2. OpenSSL 1.1.0+ has its own locking code. |
3867 |
*/ |
3783 |
|
3868 |
|
3784 |
static PyThread_type_lock *_ssl_locks = NULL; |
3869 |
static PyThread_type_lock *_ssl_locks = NULL; |
3785 |
|
3870 |
|
Lines 3860-3866
Link Here
|
3860 |
return 1; |
3945 |
return 1; |
3861 |
} |
3946 |
} |
3862 |
|
3947 |
|
3863 |
#endif /* def HAVE_THREAD */ |
3948 |
#endif /* HAVE_OPENSSL_CRYPTO_LOCK for WITH_THREAD && OpenSSL < 1.1.0 */ |
3864 |
|
3949 |
|
3865 |
PyDoc_STRVAR(module_doc, |
3950 |
PyDoc_STRVAR(module_doc, |
3866 |
"Implementation module for SSL socket operations. See the socket module\n\ |
3951 |
"Implementation module for SSL socket operations. See the socket module\n\ |
Lines 3927-3937
Link Here
|
3927 |
SSL_load_error_strings(); |
4012 |
SSL_load_error_strings(); |
3928 |
SSL_library_init(); |
4013 |
SSL_library_init(); |
3929 |
#ifdef WITH_THREAD |
4014 |
#ifdef WITH_THREAD |
|
|
4015 |
#ifdef HAVE_OPENSSL_CRYPTO_LOCK |
3930 |
/* note that this will start threading if not already started */ |
4016 |
/* note that this will start threading if not already started */ |
3931 |
if (!_setup_ssl_threads()) { |
4017 |
if (!_setup_ssl_threads()) { |
3932 |
return NULL; |
4018 |
return NULL; |
3933 |
} |
4019 |
} |
|
|
4020 |
#elif OPENSSL_VERSION_1_1 && defined(OPENSSL_THREADS) |
4021 |
/* OpenSSL 1.1.0 builtin thread support is enabled */ |
4022 |
_ssl_locks_count++; |
3934 |
#endif |
4023 |
#endif |
|
|
4024 |
#endif /* WITH_THREAD */ |
3935 |
OpenSSL_add_all_algorithms(); |
4025 |
OpenSSL_add_all_algorithms(); |
3936 |
|
4026 |
|
3937 |
/* Add symbols to module dict */ |
4027 |
/* Add symbols to module dict */ |
Lines 4075-4081
Link Here
|
4075 |
PY_SSL_VERSION_SSL3); |
4165 |
PY_SSL_VERSION_SSL3); |
4076 |
#endif |
4166 |
#endif |
4077 |
PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", |
4167 |
PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", |
4078 |
PY_SSL_VERSION_SSL23); |
4168 |
PY_SSL_VERSION_TLS); |
|
|
4169 |
PyModule_AddIntConstant(m, "PROTOCOL_TLS", |
4170 |
PY_SSL_VERSION_TLS); |
4079 |
PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", |
4171 |
PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", |
4080 |
PY_SSL_VERSION_TLS1); |
4172 |
PY_SSL_VERSION_TLS1); |
4081 |
#if HAVE_TLSv1_2 |
4173 |
#if HAVE_TLSv1_2 |