Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 498606 Details for
Bug 592480
dev-lang/python fails to build with >=dev-libs/openssl-1.1.0
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
python-3.5.4-p1-emulate-TLS-methods.patch
python-3.5.4-p1-emulate-TLS-methods.patch (text/plain), 3.98 KB, created by
Mark Wright
on 2017-10-14 01:31:30 UTC
(
hide
)
Description:
python-3.5.4-p1-emulate-TLS-methods.patch
Filename:
MIME Type:
Creator:
Mark Wright
Created:
2017-10-14 01:31:30 UTC
Size:
3.98 KB
patch
obsolete
>--- Python-3.5.4-orig/Modules/_ssl.c 2017-08-07 17:59:11.000000000 +1000 >+++ Python-3.5.4/Modules/_ssl.c 2017-10-13 21:21:00.465671119 +1100 >@@ -2330,34 +2330,69 @@ > PySSLContext *self; > long options; > SSL_CTX *ctx = NULL; >+ int result = 0; > #if defined(SSL_MODE_RELEASE_BUFFERS) > unsigned long libver; > #endif > > PySSL_BEGIN_ALLOW_THREADS >- if (proto_version == PY_SSL_VERSION_TLS1) >+ switch (proto_version) { >+#ifndef OPENSSL_VERSION_1_1 >+ /* OpenSSL < 1.1 */ >+#ifndef OPENSSL_NO_SSL2 >+ case PY_SSL_VERSION_SSL2: >+ ctx = SSL_CTX_new(SSLv2_method()); >+ break; >+#endif >+#ifndef OPENSSL_NO_SSL3 >+ case PY_SSL_VERSION_SSL3: >+ ctx = SSL_CTX_new(SSLv3_method()); >+ break; >+#endif >+#ifndef OPENSSL_NO_TLS1 >+ case PY_SSL_VERSION_TLS1: > ctx = SSL_CTX_new(TLSv1_method()); >-#if HAVE_TLSv1_2 >- else if (proto_version == PY_SSL_VERSION_TLS1_1) >+ break; >+#endif >+#if !defined(OPENSSL_NO_TLS1_1) && HAVE_TLSv1_2 >+ case PY_SSL_VERSION_TLS1_1: > ctx = SSL_CTX_new(TLSv1_1_method()); >- else if (proto_version == PY_SSL_VERSION_TLS1_2) >+ break; >+#endif >+#if !defined(OPENSSL_NO_TLS1_2) && HAVE_TLSv1_2 >+ case PY_SSL_VERSION_TLS1_2: > ctx = SSL_CTX_new(TLSv1_2_method()); >+ break; > #endif >+#else >+ /* OpenSSL >= 1.1 >+ * create context with TLS_method for all protocols >+ * no SSLv2_method in OpenSSL 1.1. >+ */ > #ifndef OPENSSL_NO_SSL3 >- else if (proto_version == PY_SSL_VERSION_SSL3) >- ctx = SSL_CTX_new(SSLv3_method()); >+ case PY_SSL_VERSION_SSL3: /* fallthrough */ > #endif >-#ifndef OPENSSL_NO_SSL2 >- else if (proto_version == PY_SSL_VERSION_SSL2) >- ctx = SSL_CTX_new(SSLv2_method()); >+#ifndef OPENSSL_NO_TLS1 >+ case PY_SSL_VERSION_TLS1: /* fallthrough */ >+#endif >+#if !defined(OPENSSL_NO_TLS1_1) && HAVE_TLSv1_2 >+ case PY_SSL_VERSION_TLS1_1: /* fallthrough */ >+#endif >+#if !defined(OPENSSL_NO_TLS1_2) && HAVE_TLSv1_2 >+ case PY_SSL_VERSION_TLS1_2: /* fallthrough */ > #endif >- else if (proto_version == PY_SSL_VERSION_TLS) >+#endif /* OpenSSL >= 1.1 */ >+ case PY_SSL_VERSION_TLS: >+ /* SSLv23 */ > ctx = SSL_CTX_new(TLS_method()); >- else >- proto_version = -1; >+ break; >+ default: >+ result = -1; >+ break; >+ } > PySSL_END_ALLOW_THREADS > >- if (proto_version == -1) { >+ if (result == -1) { > PyErr_SetString(PyExc_ValueError, > "invalid protocol version"); > return NULL; >@@ -2368,6 +2403,45 @@ > return NULL; > } > >+#ifdef OPENSSL_VERSION_1_1 >+ /* Emulate version specific methods with set min/max proto version */ >+ switch (proto_version) { >+ case PY_SSL_VERSION_SSL3: >+ /* OpenSSL 1.1.0 sets SSL_OP_NO_SSLv3 for TLS_method by default */ >+ SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3); >+ if (!SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION)) >+ result = -1; >+ if (!SSL_CTX_set_max_proto_version(ctx, SSL3_VERSION)) >+ result = -1; >+ break; >+ case PY_SSL_VERSION_TLS1: >+ if (!SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION)) >+ result = -1; >+ if (!SSL_CTX_set_max_proto_version(ctx, TLS1_VERSION)) >+ result = -1; >+ break; >+ case PY_SSL_VERSION_TLS1_1: >+ if (!SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION)) >+ result = -1; >+ if (!SSL_CTX_set_max_proto_version(ctx, TLS1_1_VERSION)) >+ result = -1; >+ break; >+ case PY_SSL_VERSION_TLS1_2: >+ if (!SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION)) >+ result = -1; >+ if (!SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION)) >+ result = -1; >+ break; >+ default: >+ break; >+ } >+ if (result == -1) { >+ SSL_CTX_free(ctx); >+ _setSSLError(NULL, 0, __FILE__, __LINE__); >+ return NULL; >+ } >+#endif >+ > assert(type != NULL && type->tp_alloc != NULL); > self = (PySSLContext *) type->tp_alloc(type, 0); > if (self == NULL) {
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 592480
:
444486
|
498216
|
498218
|
498220
|
498224
|
498594
|
498596
|
498600
|
498602
|
498604
| 498606 |
498608
|
498610
|
498612
|
562840