Lines 73-78
Link Here
|
73 |
#include "openssl/err.h" |
73 |
#include "openssl/err.h" |
74 |
#include "openssl/rand.h" |
74 |
#include "openssl/rand.h" |
75 |
#include "openssl/bio.h" |
75 |
#include "openssl/bio.h" |
|
|
76 |
#include "openssl/dh.h" |
76 |
|
77 |
|
77 |
/* SSL error object */ |
78 |
/* SSL error object */ |
78 |
static PyObject *PySSLErrorObject; |
79 |
static PyObject *PySSLErrorObject; |
Lines 140-145
Link Here
|
140 |
#endif |
141 |
#endif |
141 |
|
142 |
|
142 |
#define TLS_method SSLv23_method |
143 |
#define TLS_method SSLv23_method |
|
|
144 |
#define TLS_client_method SSLv23_client_method |
145 |
#define TLS_server_method SSLv23_server_method |
146 |
#define X509_get0_notBefore X509_get_notBefore |
147 |
#define X509_get0_notAfter X509_get_notAfter |
148 |
#define ASN1_STRING_get0_data ASN1_STRING_data |
149 |
#define OpenSSL_version_num SSLeay |
150 |
#define OpenSSL_version SSLeay_version |
151 |
#define OPENSSL_VERSION SSLEAY_VERSION |
143 |
|
152 |
|
144 |
static int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne) |
153 |
static int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne) |
145 |
{ |
154 |
{ |
Lines 997-1003
Link Here
|
997 |
goto fail; |
1006 |
goto fail; |
998 |
} |
1007 |
} |
999 |
PyTuple_SET_ITEM(t, 0, v); |
1008 |
PyTuple_SET_ITEM(t, 0, v); |
1000 |
v = PyUnicode_FromStringAndSize((char *)ASN1_STRING_data(as), |
1009 |
v = PyUnicode_FromStringAndSize((char *)ASN1_STRING_get0_data(as), |
1001 |
ASN1_STRING_length(as)); |
1010 |
ASN1_STRING_length(as)); |
1002 |
if (v == NULL) { |
1011 |
if (v == NULL) { |
1003 |
Py_DECREF(t); |
1012 |
Py_DECREF(t); |
Lines 1300-1306
Link Here
|
1300 |
Py_DECREF(sn_obj); |
1309 |
Py_DECREF(sn_obj); |
1301 |
|
1310 |
|
1302 |
(void) BIO_reset(biobuf); |
1311 |
(void) BIO_reset(biobuf); |
1303 |
notBefore = X509_get_notBefore(certificate); |
1312 |
notBefore = X509_get0_notBefore(certificate); |
1304 |
ASN1_TIME_print(biobuf, notBefore); |
1313 |
ASN1_TIME_print(biobuf, notBefore); |
1305 |
len = BIO_gets(biobuf, buf, sizeof(buf)-1); |
1314 |
len = BIO_gets(biobuf, buf, sizeof(buf)-1); |
1306 |
if (len < 0) { |
1315 |
if (len < 0) { |
Lines 1317-1323
Link Here
|
1317 |
Py_DECREF(pnotBefore); |
1326 |
Py_DECREF(pnotBefore); |
1318 |
|
1327 |
|
1319 |
(void) BIO_reset(biobuf); |
1328 |
(void) BIO_reset(biobuf); |
1320 |
notAfter = X509_get_notAfter(certificate); |
1329 |
notAfter = X509_get0_notAfter(certificate); |
1321 |
ASN1_TIME_print(biobuf, notAfter); |
1330 |
ASN1_TIME_print(biobuf, notAfter); |
1322 |
len = BIO_gets(biobuf, buf, sizeof(buf)-1); |
1331 |
len = BIO_gets(biobuf, buf, sizeof(buf)-1); |
1323 |
if (len < 0) { |
1332 |
if (len < 0) { |
Lines 2477-2483
Link Here
|
2477 |
conservative and assume it wasn't fixed until release. We do this check |
2486 |
conservative and assume it wasn't fixed until release. We do this check |
2478 |
at runtime to avoid problems from the dynamic linker. |
2487 |
at runtime to avoid problems from the dynamic linker. |
2479 |
See #25672 for more on this. */ |
2488 |
See #25672 for more on this. */ |
2480 |
libver = SSLeay(); |
2489 |
libver = OpenSSL_version_num(); |
2481 |
if (!(libver >= 0x10001000UL && libver < 0x1000108fUL) && |
2490 |
if (!(libver >= 0x10001000UL && libver < 0x1000108fUL) && |
2482 |
!(libver >= 0x10000000UL && libver < 0x100000dfUL)) { |
2491 |
!(libver >= 0x10000000UL && libver < 0x100000dfUL)) { |
2483 |
SSL_CTX_set_mode(self->ctx, SSL_MODE_RELEASE_BUFFERS); |
2492 |
SSL_CTX_set_mode(self->ctx, SSL_MODE_RELEASE_BUFFERS); |
Lines 4055-4061
Link Here
|
4055 |
if (bytes == NULL) |
4064 |
if (bytes == NULL) |
4056 |
return NULL; |
4065 |
return NULL; |
4057 |
if (pseudo) { |
4066 |
if (pseudo) { |
|
|
4067 |
#ifdef OPENSSL_VERSION_1_1 |
4068 |
ok = RAND_bytes((unsigned char*)PyBytes_AS_STRING(bytes), len); |
4069 |
#else |
4058 |
ok = RAND_pseudo_bytes((unsigned char*)PyBytes_AS_STRING(bytes), len); |
4070 |
ok = RAND_pseudo_bytes((unsigned char*)PyBytes_AS_STRING(bytes), len); |
|
|
4071 |
#endif |
4059 |
if (ok == 0 || ok == 1) |
4072 |
if (ok == 0 || ok == 1) |
4060 |
return Py_BuildValue("NO", bytes, ok == 1 ? Py_True : Py_False); |
4073 |
return Py_BuildValue("NO", bytes, ok == 1 ? Py_True : Py_False); |
4061 |
} |
4074 |
} |
Lines 4702-4710
Link Here
|
4702 |
return NULL; |
4715 |
return NULL; |
4703 |
PySocketModule = *socket_api; |
4716 |
PySocketModule = *socket_api; |
4704 |
|
4717 |
|
|
|
4718 |
#ifdef OPENSSL_VERSION_1_1 |
4719 |
OPENSSL_init_ssl(0, NULL); |
4720 |
#else |
4705 |
/* Init OpenSSL */ |
4721 |
/* Init OpenSSL */ |
4706 |
SSL_load_error_strings(); |
4722 |
SSL_load_error_strings(); |
4707 |
SSL_library_init(); |
4723 |
SSL_library_init(); |
|
|
4724 |
#endif |
4725 |
|
4708 |
#ifdef WITH_THREAD |
4726 |
#ifdef WITH_THREAD |
4709 |
#ifdef HAVE_OPENSSL_CRYPTO_LOCK |
4727 |
#ifdef HAVE_OPENSSL_CRYPTO_LOCK |
4710 |
/* note that this will start threading if not already started */ |
4728 |
/* note that this will start threading if not already started */ |
Lines 4716-4722
Link Here
|
4716 |
_ssl_locks_count++; |
4734 |
_ssl_locks_count++; |
4717 |
#endif |
4735 |
#endif |
4718 |
#endif /* WITH_THREAD */ |
4736 |
#endif /* WITH_THREAD */ |
|
|
4737 |
|
4738 |
#ifndef OPENSSL_VERSION_1_1 |
4719 |
OpenSSL_add_all_algorithms(); |
4739 |
OpenSSL_add_all_algorithms(); |
|
|
4740 |
#endif |
4720 |
|
4741 |
|
4721 |
/* Add symbols to module dict */ |
4742 |
/* Add symbols to module dict */ |
4722 |
sslerror_type_slots[0].pfunc = PyExc_OSError; |
4743 |
sslerror_type_slots[0].pfunc = PyExc_OSError; |
Lines 4976-4985
Link Here
|
4976 |
return NULL; |
4997 |
return NULL; |
4977 |
|
4998 |
|
4978 |
/* OpenSSL version */ |
4999 |
/* OpenSSL version */ |
4979 |
/* SSLeay() gives us the version of the library linked against, |
5000 |
/* OpenSSL_version_num() gives us the version of the library linked against, |
4980 |
which could be different from the headers version. |
5001 |
which could be different from the headers version. |
4981 |
*/ |
5002 |
*/ |
4982 |
libver = SSLeay(); |
5003 |
libver = OpenSSL_version_num(); |
4983 |
r = PyLong_FromUnsignedLong(libver); |
5004 |
r = PyLong_FromUnsignedLong(libver); |
4984 |
if (r == NULL) |
5005 |
if (r == NULL) |
4985 |
return NULL; |
5006 |
return NULL; |
Lines 4989-4995
Link Here
|
4989 |
r = Py_BuildValue("IIIII", major, minor, fix, patch, status); |
5010 |
r = Py_BuildValue("IIIII", major, minor, fix, patch, status); |
4990 |
if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION_INFO", r)) |
5011 |
if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION_INFO", r)) |
4991 |
return NULL; |
5012 |
return NULL; |
4992 |
r = PyUnicode_FromString(SSLeay_version(SSLEAY_VERSION)); |
5013 |
r = PyUnicode_FromString(OpenSSL_version(OPENSSL_VERSION)); |
4993 |
if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION", r)) |
5014 |
if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION", r)) |
4994 |
return NULL; |
5015 |
return NULL; |
4995 |
|
5016 |
|