Lines 2056-2061
Link Here
|
2056 |
int proto_version = PY_SSL_VERSION_SSL23; |
2056 |
int proto_version = PY_SSL_VERSION_SSL23; |
2057 |
long options; |
2057 |
long options; |
2058 |
SSL_CTX *ctx = NULL; |
2058 |
SSL_CTX *ctx = NULL; |
|
|
2059 |
int result = 0; |
2059 |
|
2060 |
|
2060 |
if (!PyArg_ParseTupleAndKeywords( |
2061 |
if (!PyArg_ParseTupleAndKeywords( |
2061 |
args, kwds, "i:_SSLContext", kwlist, |
2062 |
args, kwds, "i:_SSLContext", kwlist, |
Lines 2063-2091
Link Here
|
2063 |
return NULL; |
2064 |
return NULL; |
2064 |
|
2065 |
|
2065 |
PySSL_BEGIN_ALLOW_THREADS |
2066 |
PySSL_BEGIN_ALLOW_THREADS |
2066 |
if (proto_version == PY_SSL_VERSION_TLS1) |
2067 |
switch (proto_version) { |
|
|
2068 |
#ifndef OPENSSL_VERSION_1_1 |
2069 |
/* OpenSSL < 1.1 */ |
2070 |
#ifndef OPENSSL_NO_SSL2 |
2071 |
case PY_SSL_VERSION_SSL2: |
2072 |
ctx = SSL_CTX_new(SSLv2_method()); |
2073 |
break; |
2074 |
#endif |
2075 |
#ifndef OPENSSL_NO_SSL3 |
2076 |
case PY_SSL_VERSION_SSL3: |
2077 |
ctx = SSL_CTX_new(SSLv3_method()); |
2078 |
break; |
2079 |
#endif |
2080 |
#ifndef OPENSSL_NO_TLS1 |
2081 |
case PY_SSL_VERSION_TLS1: |
2067 |
ctx = SSL_CTX_new(TLSv1_method()); |
2082 |
ctx = SSL_CTX_new(TLSv1_method()); |
2068 |
#if HAVE_TLSv1_2 |
2083 |
break; |
2069 |
else if (proto_version == PY_SSL_VERSION_TLS1_1) |
2084 |
#endif |
|
|
2085 |
#if !defined(OPENSSL_NO_TLS1_1) && HAVE_TLSv1_2 |
2086 |
case PY_SSL_VERSION_TLS1_1: |
2070 |
ctx = SSL_CTX_new(TLSv1_1_method()); |
2087 |
ctx = SSL_CTX_new(TLSv1_1_method()); |
2071 |
else if (proto_version == PY_SSL_VERSION_TLS1_2) |
2088 |
break; |
|
|
2089 |
#endif |
2090 |
#if !defined(OPENSSL_NO_TLS1_2) && HAVE_TLSv1_2 |
2091 |
case PY_SSL_VERSION_TLS1_2: |
2072 |
ctx = SSL_CTX_new(TLSv1_2_method()); |
2092 |
ctx = SSL_CTX_new(TLSv1_2_method()); |
|
|
2093 |
break; |
2073 |
#endif |
2094 |
#endif |
|
|
2095 |
#else |
2096 |
/* OpenSSL >= 1.1 |
2097 |
* create context with TLS_method for all protocols |
2098 |
* no SSLv2_method in OpenSSL 1.1. |
2099 |
*/ |
2074 |
#ifndef OPENSSL_NO_SSL3 |
2100 |
#ifndef OPENSSL_NO_SSL3 |
2075 |
else if (proto_version == PY_SSL_VERSION_SSL3) |
2101 |
case PY_SSL_VERSION_SSL3: /* fallthrough */ |
2076 |
ctx = SSL_CTX_new(SSLv3_method()); |
|
|
2077 |
#endif |
2102 |
#endif |
2078 |
#ifndef OPENSSL_NO_SSL2 |
2103 |
#ifndef OPENSSL_NO_TLS1 |
2079 |
else if (proto_version == PY_SSL_VERSION_SSL2) |
2104 |
case PY_SSL_VERSION_TLS1: /* fallthrough */ |
2080 |
ctx = SSL_CTX_new(SSLv2_method()); |
2105 |
#endif |
|
|
2106 |
#if !defined(OPENSSL_NO_TLS1_1) && HAVE_TLSv1_2 |
2107 |
case PY_SSL_VERSION_TLS1_1: /* fallthrough */ |
2108 |
#endif |
2109 |
#if !defined(OPENSSL_NO_TLS1_2) && HAVE_TLSv1_2 |
2110 |
case PY_SSL_VERSION_TLS1_2: /* fallthrough */ |
2081 |
#endif |
2111 |
#endif |
2082 |
else if (proto_version == PY_SSL_VERSION_TLS) |
2112 |
#endif /* OpenSSL >= 1.1 */ |
|
|
2113 |
case PY_SSL_VERSION_TLS: |
2114 |
/* SSLv23 */ |
2083 |
ctx = SSL_CTX_new(TLS_method()); |
2115 |
ctx = SSL_CTX_new(TLS_method()); |
2084 |
else |
2116 |
break; |
2085 |
proto_version = -1; |
2117 |
default: |
|
|
2118 |
result = -1; |
2119 |
break; |
2120 |
} |
2086 |
PySSL_END_ALLOW_THREADS |
2121 |
PySSL_END_ALLOW_THREADS |
2087 |
|
2122 |
|
2088 |
if (proto_version == -1) { |
2123 |
if (result == -1) { |
2089 |
PyErr_SetString(PyExc_ValueError, |
2124 |
PyErr_SetString(PyExc_ValueError, |
2090 |
"invalid protocol version"); |
2125 |
"invalid protocol version"); |
2091 |
return NULL; |
2126 |
return NULL; |
Lines 2096-2101
Link Here
|
2096 |
return NULL; |
2131 |
return NULL; |
2097 |
} |
2132 |
} |
2098 |
|
2133 |
|
|
|
2134 |
#ifdef OPENSSL_VERSION_1_1 |
2135 |
/* Emulate version specific methods with set min/max proto version */ |
2136 |
switch (proto_version) { |
2137 |
case PY_SSL_VERSION_SSL3: |
2138 |
/* OpenSSL 1.1.0 sets SSL_OP_NO_SSLv3 for TLS_method by default */ |
2139 |
SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3); |
2140 |
if (!SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION)) |
2141 |
result = -1; |
2142 |
if (!SSL_CTX_set_max_proto_version(ctx, SSL3_VERSION)) |
2143 |
result = -1; |
2144 |
break; |
2145 |
case PY_SSL_VERSION_TLS1: |
2146 |
if (!SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION)) |
2147 |
result = -1; |
2148 |
if (!SSL_CTX_set_max_proto_version(ctx, TLS1_VERSION)) |
2149 |
result = -1; |
2150 |
break; |
2151 |
case PY_SSL_VERSION_TLS1_1: |
2152 |
if (!SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION)) |
2153 |
result = -1; |
2154 |
if (!SSL_CTX_set_max_proto_version(ctx, TLS1_1_VERSION)) |
2155 |
result = -1; |
2156 |
break; |
2157 |
case PY_SSL_VERSION_TLS1_2: |
2158 |
if (!SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION)) |
2159 |
result = -1; |
2160 |
if (!SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION)) |
2161 |
result = -1; |
2162 |
break; |
2163 |
default: |
2164 |
break; |
2165 |
} |
2166 |
if (result == -1) { |
2167 |
SSL_CTX_free(ctx); |
2168 |
_setSSLError(NULL, 0, __FILE__, __LINE__); |
2169 |
return NULL; |
2170 |
} |
2171 |
#endif |
2172 |
|
2099 |
assert(type != NULL && type->tp_alloc != NULL); |
2173 |
assert(type != NULL && type->tp_alloc != NULL); |
2100 |
self = (PySSLContext *) type->tp_alloc(type, 0); |
2174 |
self = (PySSLContext *) type->tp_alloc(type, 0); |
2101 |
if (self == NULL) { |
2175 |
if (self == NULL) { |