Lines 2330-2363
Link Here
|
2330 |
PySSLContext *self; |
2330 |
PySSLContext *self; |
2331 |
long options; |
2331 |
long options; |
2332 |
SSL_CTX *ctx = NULL; |
2332 |
SSL_CTX *ctx = NULL; |
|
|
2333 |
int result = 0; |
2333 |
#if defined(SSL_MODE_RELEASE_BUFFERS) |
2334 |
#if defined(SSL_MODE_RELEASE_BUFFERS) |
2334 |
unsigned long libver; |
2335 |
unsigned long libver; |
2335 |
#endif |
2336 |
#endif |
2336 |
|
2337 |
|
2337 |
PySSL_BEGIN_ALLOW_THREADS |
2338 |
PySSL_BEGIN_ALLOW_THREADS |
2338 |
if (proto_version == PY_SSL_VERSION_TLS1) |
2339 |
switch (proto_version) { |
|
|
2340 |
#ifndef OPENSSL_VERSION_1_1 |
2341 |
/* OpenSSL < 1.1 */ |
2342 |
#ifndef OPENSSL_NO_SSL2 |
2343 |
case PY_SSL_VERSION_SSL2: |
2344 |
ctx = SSL_CTX_new(SSLv2_method()); |
2345 |
break; |
2346 |
#endif |
2347 |
#ifndef OPENSSL_NO_SSL3 |
2348 |
case PY_SSL_VERSION_SSL3: |
2349 |
ctx = SSL_CTX_new(SSLv3_method()); |
2350 |
break; |
2351 |
#endif |
2352 |
#ifndef OPENSSL_NO_TLS1 |
2353 |
case PY_SSL_VERSION_TLS1: |
2339 |
ctx = SSL_CTX_new(TLSv1_method()); |
2354 |
ctx = SSL_CTX_new(TLSv1_method()); |
2340 |
#if HAVE_TLSv1_2 |
2355 |
break; |
2341 |
else if (proto_version == PY_SSL_VERSION_TLS1_1) |
2356 |
#endif |
|
|
2357 |
#if !defined(OPENSSL_NO_TLS1_1) && HAVE_TLSv1_2 |
2358 |
case PY_SSL_VERSION_TLS1_1: |
2342 |
ctx = SSL_CTX_new(TLSv1_1_method()); |
2359 |
ctx = SSL_CTX_new(TLSv1_1_method()); |
2343 |
else if (proto_version == PY_SSL_VERSION_TLS1_2) |
2360 |
break; |
|
|
2361 |
#endif |
2362 |
#if !defined(OPENSSL_NO_TLS1_2) && HAVE_TLSv1_2 |
2363 |
case PY_SSL_VERSION_TLS1_2: |
2344 |
ctx = SSL_CTX_new(TLSv1_2_method()); |
2364 |
ctx = SSL_CTX_new(TLSv1_2_method()); |
|
|
2365 |
break; |
2345 |
#endif |
2366 |
#endif |
|
|
2367 |
#else |
2368 |
/* OpenSSL >= 1.1 |
2369 |
* create context with TLS_method for all protocols |
2370 |
* no SSLv2_method in OpenSSL 1.1. |
2371 |
*/ |
2346 |
#ifndef OPENSSL_NO_SSL3 |
2372 |
#ifndef OPENSSL_NO_SSL3 |
2347 |
else if (proto_version == PY_SSL_VERSION_SSL3) |
2373 |
case PY_SSL_VERSION_SSL3: /* fallthrough */ |
2348 |
ctx = SSL_CTX_new(SSLv3_method()); |
|
|
2349 |
#endif |
2374 |
#endif |
2350 |
#ifndef OPENSSL_NO_SSL2 |
2375 |
#ifndef OPENSSL_NO_TLS1 |
2351 |
else if (proto_version == PY_SSL_VERSION_SSL2) |
2376 |
case PY_SSL_VERSION_TLS1: /* fallthrough */ |
2352 |
ctx = SSL_CTX_new(SSLv2_method()); |
2377 |
#endif |
|
|
2378 |
#if !defined(OPENSSL_NO_TLS1_1) && HAVE_TLSv1_2 |
2379 |
case PY_SSL_VERSION_TLS1_1: /* fallthrough */ |
2380 |
#endif |
2381 |
#if !defined(OPENSSL_NO_TLS1_2) && HAVE_TLSv1_2 |
2382 |
case PY_SSL_VERSION_TLS1_2: /* fallthrough */ |
2353 |
#endif |
2383 |
#endif |
2354 |
else if (proto_version == PY_SSL_VERSION_TLS) |
2384 |
#endif /* OpenSSL >= 1.1 */ |
|
|
2385 |
case PY_SSL_VERSION_TLS: |
2386 |
/* SSLv23 */ |
2355 |
ctx = SSL_CTX_new(TLS_method()); |
2387 |
ctx = SSL_CTX_new(TLS_method()); |
2356 |
else |
2388 |
break; |
2357 |
proto_version = -1; |
2389 |
default: |
|
|
2390 |
result = -1; |
2391 |
break; |
2392 |
} |
2358 |
PySSL_END_ALLOW_THREADS |
2393 |
PySSL_END_ALLOW_THREADS |
2359 |
|
2394 |
|
2360 |
if (proto_version == -1) { |
2395 |
if (result == -1) { |
2361 |
PyErr_SetString(PyExc_ValueError, |
2396 |
PyErr_SetString(PyExc_ValueError, |
2362 |
"invalid protocol version"); |
2397 |
"invalid protocol version"); |
2363 |
return NULL; |
2398 |
return NULL; |
Lines 2368-2373
Link Here
|
2368 |
return NULL; |
2403 |
return NULL; |
2369 |
} |
2404 |
} |
2370 |
|
2405 |
|
|
|
2406 |
#ifdef OPENSSL_VERSION_1_1 |
2407 |
/* Emulate version specific methods with set min/max proto version */ |
2408 |
switch (proto_version) { |
2409 |
case PY_SSL_VERSION_SSL3: |
2410 |
/* OpenSSL 1.1.0 sets SSL_OP_NO_SSLv3 for TLS_method by default */ |
2411 |
SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3); |
2412 |
if (!SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION)) |
2413 |
result = -1; |
2414 |
if (!SSL_CTX_set_max_proto_version(ctx, SSL3_VERSION)) |
2415 |
result = -1; |
2416 |
break; |
2417 |
case PY_SSL_VERSION_TLS1: |
2418 |
if (!SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION)) |
2419 |
result = -1; |
2420 |
if (!SSL_CTX_set_max_proto_version(ctx, TLS1_VERSION)) |
2421 |
result = -1; |
2422 |
break; |
2423 |
case PY_SSL_VERSION_TLS1_1: |
2424 |
if (!SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION)) |
2425 |
result = -1; |
2426 |
if (!SSL_CTX_set_max_proto_version(ctx, TLS1_1_VERSION)) |
2427 |
result = -1; |
2428 |
break; |
2429 |
case PY_SSL_VERSION_TLS1_2: |
2430 |
if (!SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION)) |
2431 |
result = -1; |
2432 |
if (!SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION)) |
2433 |
result = -1; |
2434 |
break; |
2435 |
default: |
2436 |
break; |
2437 |
} |
2438 |
if (result == -1) { |
2439 |
SSL_CTX_free(ctx); |
2440 |
_setSSLError(NULL, 0, __FILE__, __LINE__); |
2441 |
return NULL; |
2442 |
} |
2443 |
#endif |
2444 |
|
2371 |
assert(type != NULL && type->tp_alloc != NULL); |
2445 |
assert(type != NULL && type->tp_alloc != NULL); |
2372 |
self = (PySSLContext *) type->tp_alloc(type, 0); |
2446 |
self = (PySSLContext *) type->tp_alloc(type, 0); |
2373 |
if (self == NULL) { |
2447 |
if (self == NULL) { |