Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 498602 Details for
Bug 592480
dev-lang/python fails to build with >=dev-libs/openssl-1.1.0
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
python-3.4.6-p2-emulate-TLS-methods.patch
python-3.4.6-p2-emulate-TLS-methods.patch (text/plain), 4.06 KB, created by
Mark Wright
on 2017-10-14 01:25:40 UTC
(
hide
)
Description:
python-3.4.6-p2-emulate-TLS-methods.patch
Filename:
MIME Type:
Creator:
Mark Wright
Created:
2017-10-14 01:25:40 UTC
Size:
4.06 KB
patch
obsolete
>--- Python-3.4.6-orig/Modules/_ssl.c 2017-10-12 16:32:53.000000000 +1100 >+++ Python-3.4.6/Modules/_ssl.c 2017-10-13 14:59:37.118231718 +1100 >@@ -2056,6 +2056,7 @@ > int proto_version = PY_SSL_VERSION_SSL23; > long options; > SSL_CTX *ctx = NULL; >+ int result = 0; > > if (!PyArg_ParseTupleAndKeywords( > args, kwds, "i:_SSLContext", kwlist, >@@ -2063,29 +2064,63 @@ > return NULL; > > PySSL_BEGIN_ALLOW_THREADS >- if (proto_version == PY_SSL_VERSION_TLS1) >+ switch (proto_version) { >+#ifndef OPENSSL_VERSION_1_1 >+ /* OpenSSL < 1.1 */ >+#ifndef OPENSSL_NO_SSL2 >+ case PY_SSL_VERSION_SSL2: >+ ctx = SSL_CTX_new(SSLv2_method()); >+ break; >+#endif >+#ifndef OPENSSL_NO_SSL3 >+ case PY_SSL_VERSION_SSL3: >+ ctx = SSL_CTX_new(SSLv3_method()); >+ break; >+#endif >+#ifndef OPENSSL_NO_TLS1 >+ case PY_SSL_VERSION_TLS1: > ctx = SSL_CTX_new(TLSv1_method()); >-#if HAVE_TLSv1_2 >- else if (proto_version == PY_SSL_VERSION_TLS1_1) >+ break; >+#endif >+#if !defined(OPENSSL_NO_TLS1_1) && HAVE_TLSv1_2 >+ case PY_SSL_VERSION_TLS1_1: > ctx = SSL_CTX_new(TLSv1_1_method()); >- else if (proto_version == PY_SSL_VERSION_TLS1_2) >+ break; >+#endif >+#if !defined(OPENSSL_NO_TLS1_2) && HAVE_TLSv1_2 >+ case PY_SSL_VERSION_TLS1_2: > ctx = SSL_CTX_new(TLSv1_2_method()); >+ break; > #endif >+#else >+ /* OpenSSL >= 1.1 >+ * create context with TLS_method for all protocols >+ * no SSLv2_method in OpenSSL 1.1. >+ */ > #ifndef OPENSSL_NO_SSL3 >- else if (proto_version == PY_SSL_VERSION_SSL3) >- ctx = SSL_CTX_new(SSLv3_method()); >+ case PY_SSL_VERSION_SSL3: /* fallthrough */ > #endif >-#ifndef OPENSSL_NO_SSL2 >- else if (proto_version == PY_SSL_VERSION_SSL2) >- ctx = SSL_CTX_new(SSLv2_method()); >+#ifndef OPENSSL_NO_TLS1 >+ case PY_SSL_VERSION_TLS1: /* fallthrough */ >+#endif >+#if !defined(OPENSSL_NO_TLS1_1) && HAVE_TLSv1_2 >+ case PY_SSL_VERSION_TLS1_1: /* fallthrough */ >+#endif >+#if !defined(OPENSSL_NO_TLS1_2) && HAVE_TLSv1_2 >+ case PY_SSL_VERSION_TLS1_2: /* fallthrough */ > #endif >- else if (proto_version == PY_SSL_VERSION_TLS) >+#endif /* OpenSSL >= 1.1 */ >+ case PY_SSL_VERSION_TLS: >+ /* SSLv23 */ > ctx = SSL_CTX_new(TLS_method()); >- else >- proto_version = -1; >+ break; >+ default: >+ result = -1; >+ break; >+ } > PySSL_END_ALLOW_THREADS > >- if (proto_version == -1) { >+ if (result == -1) { > PyErr_SetString(PyExc_ValueError, > "invalid protocol version"); > return NULL; >@@ -2096,6 +2131,45 @@ > return NULL; > } > >+#ifdef OPENSSL_VERSION_1_1 >+ /* Emulate version specific methods with set min/max proto version */ >+ switch (proto_version) { >+ case PY_SSL_VERSION_SSL3: >+ /* OpenSSL 1.1.0 sets SSL_OP_NO_SSLv3 for TLS_method by default */ >+ SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3); >+ if (!SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION)) >+ result = -1; >+ if (!SSL_CTX_set_max_proto_version(ctx, SSL3_VERSION)) >+ result = -1; >+ break; >+ case PY_SSL_VERSION_TLS1: >+ if (!SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION)) >+ result = -1; >+ if (!SSL_CTX_set_max_proto_version(ctx, TLS1_VERSION)) >+ result = -1; >+ break; >+ case PY_SSL_VERSION_TLS1_1: >+ if (!SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION)) >+ result = -1; >+ if (!SSL_CTX_set_max_proto_version(ctx, TLS1_1_VERSION)) >+ result = -1; >+ break; >+ case PY_SSL_VERSION_TLS1_2: >+ if (!SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION)) >+ result = -1; >+ if (!SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION)) >+ result = -1; >+ break; >+ default: >+ break; >+ } >+ if (result == -1) { >+ SSL_CTX_free(ctx); >+ _setSSLError(NULL, 0, __FILE__, __LINE__); >+ return NULL; >+ } >+#endif >+ > assert(type != NULL && type->tp_alloc != NULL); > self = (PySSLContext *) type->tp_alloc(type, 0); > if (self == NULL) {
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 592480
:
444486
|
498216
|
498218
|
498220
|
498224
|
498594
|
498596
|
498600
| 498602 |
498604
|
498606
|
498608
|
498610
|
498612
|
562840