|
Lines 2056-2061
Link Here
|
| 2056 |
int proto_version = PY_SSL_VERSION_SSL23; |
2056 |
int proto_version = PY_SSL_VERSION_SSL23; |
| 2057 |
long options; |
2057 |
long options; |
| 2058 |
SSL_CTX *ctx = NULL; |
2058 |
SSL_CTX *ctx = NULL; |
|
|
2059 |
int result = 0; |
| 2059 |
|
2060 |
|
| 2060 |
if (!PyArg_ParseTupleAndKeywords( |
2061 |
if (!PyArg_ParseTupleAndKeywords( |
| 2061 |
args, kwds, "i:_SSLContext", kwlist, |
2062 |
args, kwds, "i:_SSLContext", kwlist, |
|
Lines 2063-2091
Link Here
|
| 2063 |
return NULL; |
2064 |
return NULL; |
| 2064 |
|
2065 |
|
| 2065 |
PySSL_BEGIN_ALLOW_THREADS |
2066 |
PySSL_BEGIN_ALLOW_THREADS |
| 2066 |
if (proto_version == PY_SSL_VERSION_TLS1) |
2067 |
switch (proto_version) { |
|
|
2068 |
#ifndef OPENSSL_VERSION_1_1 |
| 2069 |
/* OpenSSL < 1.1 */ |
| 2070 |
#ifndef OPENSSL_NO_SSL2 |
| 2071 |
case PY_SSL_VERSION_SSL2: |
| 2072 |
ctx = SSL_CTX_new(SSLv2_method()); |
| 2073 |
break; |
| 2074 |
#endif |
| 2075 |
#ifndef OPENSSL_NO_SSL3 |
| 2076 |
case PY_SSL_VERSION_SSL3: |
| 2077 |
ctx = SSL_CTX_new(SSLv3_method()); |
| 2078 |
break; |
| 2079 |
#endif |
| 2080 |
#ifndef OPENSSL_NO_TLS1 |
| 2081 |
case PY_SSL_VERSION_TLS1: |
| 2067 |
ctx = SSL_CTX_new(TLSv1_method()); |
2082 |
ctx = SSL_CTX_new(TLSv1_method()); |
| 2068 |
#if HAVE_TLSv1_2 |
2083 |
break; |
| 2069 |
else if (proto_version == PY_SSL_VERSION_TLS1_1) |
2084 |
#endif |
|
|
2085 |
#if !defined(OPENSSL_NO_TLS1_1) && HAVE_TLSv1_2 |
| 2086 |
case PY_SSL_VERSION_TLS1_1: |
| 2070 |
ctx = SSL_CTX_new(TLSv1_1_method()); |
2087 |
ctx = SSL_CTX_new(TLSv1_1_method()); |
| 2071 |
else if (proto_version == PY_SSL_VERSION_TLS1_2) |
2088 |
break; |
|
|
2089 |
#endif |
| 2090 |
#if !defined(OPENSSL_NO_TLS1_2) && HAVE_TLSv1_2 |
| 2091 |
case PY_SSL_VERSION_TLS1_2: |
| 2072 |
ctx = SSL_CTX_new(TLSv1_2_method()); |
2092 |
ctx = SSL_CTX_new(TLSv1_2_method()); |
|
|
2093 |
break; |
| 2073 |
#endif |
2094 |
#endif |
|
|
2095 |
#else |
| 2096 |
/* OpenSSL >= 1.1 |
| 2097 |
* create context with TLS_method for all protocols |
| 2098 |
* no SSLv2_method in OpenSSL 1.1. |
| 2099 |
*/ |
| 2074 |
#ifndef OPENSSL_NO_SSL3 |
2100 |
#ifndef OPENSSL_NO_SSL3 |
| 2075 |
else if (proto_version == PY_SSL_VERSION_SSL3) |
2101 |
case PY_SSL_VERSION_SSL3: /* fallthrough */ |
| 2076 |
ctx = SSL_CTX_new(SSLv3_method()); |
|
|
| 2077 |
#endif |
2102 |
#endif |
| 2078 |
#ifndef OPENSSL_NO_SSL2 |
2103 |
#ifndef OPENSSL_NO_TLS1 |
| 2079 |
else if (proto_version == PY_SSL_VERSION_SSL2) |
2104 |
case PY_SSL_VERSION_TLS1: /* fallthrough */ |
| 2080 |
ctx = SSL_CTX_new(SSLv2_method()); |
2105 |
#endif |
|
|
2106 |
#if !defined(OPENSSL_NO_TLS1_1) && HAVE_TLSv1_2 |
| 2107 |
case PY_SSL_VERSION_TLS1_1: /* fallthrough */ |
| 2108 |
#endif |
| 2109 |
#if !defined(OPENSSL_NO_TLS1_2) && HAVE_TLSv1_2 |
| 2110 |
case PY_SSL_VERSION_TLS1_2: /* fallthrough */ |
| 2081 |
#endif |
2111 |
#endif |
| 2082 |
else if (proto_version == PY_SSL_VERSION_TLS) |
2112 |
#endif /* OpenSSL >= 1.1 */ |
|
|
2113 |
case PY_SSL_VERSION_TLS: |
| 2114 |
/* SSLv23 */ |
| 2083 |
ctx = SSL_CTX_new(TLS_method()); |
2115 |
ctx = SSL_CTX_new(TLS_method()); |
| 2084 |
else |
2116 |
break; |
| 2085 |
proto_version = -1; |
2117 |
default: |
|
|
2118 |
result = -1; |
| 2119 |
break; |
| 2120 |
} |
| 2086 |
PySSL_END_ALLOW_THREADS |
2121 |
PySSL_END_ALLOW_THREADS |
| 2087 |
|
2122 |
|
| 2088 |
if (proto_version == -1) { |
2123 |
if (result == -1) { |
| 2089 |
PyErr_SetString(PyExc_ValueError, |
2124 |
PyErr_SetString(PyExc_ValueError, |
| 2090 |
"invalid protocol version"); |
2125 |
"invalid protocol version"); |
| 2091 |
return NULL; |
2126 |
return NULL; |
|
Lines 2096-2101
Link Here
|
| 2096 |
return NULL; |
2131 |
return NULL; |
| 2097 |
} |
2132 |
} |
| 2098 |
|
2133 |
|
|
|
2134 |
#ifdef OPENSSL_VERSION_1_1 |
| 2135 |
/* Emulate version specific methods with set min/max proto version */ |
| 2136 |
switch (proto_version) { |
| 2137 |
case PY_SSL_VERSION_SSL3: |
| 2138 |
/* OpenSSL 1.1.0 sets SSL_OP_NO_SSLv3 for TLS_method by default */ |
| 2139 |
SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3); |
| 2140 |
if (!SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION)) |
| 2141 |
result = -1; |
| 2142 |
if (!SSL_CTX_set_max_proto_version(ctx, SSL3_VERSION)) |
| 2143 |
result = -1; |
| 2144 |
break; |
| 2145 |
case PY_SSL_VERSION_TLS1: |
| 2146 |
if (!SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION)) |
| 2147 |
result = -1; |
| 2148 |
if (!SSL_CTX_set_max_proto_version(ctx, TLS1_VERSION)) |
| 2149 |
result = -1; |
| 2150 |
break; |
| 2151 |
case PY_SSL_VERSION_TLS1_1: |
| 2152 |
if (!SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION)) |
| 2153 |
result = -1; |
| 2154 |
if (!SSL_CTX_set_max_proto_version(ctx, TLS1_1_VERSION)) |
| 2155 |
result = -1; |
| 2156 |
break; |
| 2157 |
case PY_SSL_VERSION_TLS1_2: |
| 2158 |
if (!SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION)) |
| 2159 |
result = -1; |
| 2160 |
if (!SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION)) |
| 2161 |
result = -1; |
| 2162 |
break; |
| 2163 |
default: |
| 2164 |
break; |
| 2165 |
} |
| 2166 |
if (result == -1) { |
| 2167 |
SSL_CTX_free(ctx); |
| 2168 |
_setSSLError(NULL, 0, __FILE__, __LINE__); |
| 2169 |
return NULL; |
| 2170 |
} |
| 2171 |
#endif |
| 2172 |
|
| 2099 |
assert(type != NULL && type->tp_alloc != NULL); |
2173 |
assert(type != NULL && type->tp_alloc != NULL); |
| 2100 |
self = (PySSLContext *) type->tp_alloc(type, 0); |
2174 |
self = (PySSLContext *) type->tp_alloc(type, 0); |
| 2101 |
if (self == NULL) { |
2175 |
if (self == NULL) { |
