|
Lines 73-78
Link Here
|
| 73 |
#include "openssl/err.h" |
73 |
#include "openssl/err.h" |
| 74 |
#include "openssl/rand.h" |
74 |
#include "openssl/rand.h" |
| 75 |
#include "openssl/bio.h" |
75 |
#include "openssl/bio.h" |
|
|
76 |
#include "openssl/dh.h" |
| 76 |
|
77 |
|
| 77 |
/* SSL error object */ |
78 |
/* SSL error object */ |
| 78 |
static PyObject *PySSLErrorObject; |
79 |
static PyObject *PySSLErrorObject; |
|
Lines 140-145
Link Here
|
| 140 |
#endif |
141 |
#endif |
| 141 |
|
142 |
|
| 142 |
#define TLS_method SSLv23_method |
143 |
#define TLS_method SSLv23_method |
|
|
144 |
#define TLS_client_method SSLv23_client_method |
| 145 |
#define TLS_server_method SSLv23_server_method |
| 146 |
#define X509_get0_notBefore X509_get_notBefore |
| 147 |
#define X509_get0_notAfter X509_get_notAfter |
| 148 |
#define ASN1_STRING_get0_data ASN1_STRING_data |
| 149 |
#define OpenSSL_version_num SSLeay |
| 150 |
#define OpenSSL_version SSLeay_version |
| 151 |
#define OPENSSL_VERSION SSLEAY_VERSION |
| 143 |
|
152 |
|
| 144 |
static int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne) |
153 |
static int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne) |
| 145 |
{ |
154 |
{ |
|
Lines 997-1003
Link Here
|
| 997 |
goto fail; |
1006 |
goto fail; |
| 998 |
} |
1007 |
} |
| 999 |
PyTuple_SET_ITEM(t, 0, v); |
1008 |
PyTuple_SET_ITEM(t, 0, v); |
| 1000 |
v = PyUnicode_FromStringAndSize((char *)ASN1_STRING_data(as), |
1009 |
v = PyUnicode_FromStringAndSize((char *)ASN1_STRING_get0_data(as), |
| 1001 |
ASN1_STRING_length(as)); |
1010 |
ASN1_STRING_length(as)); |
| 1002 |
if (v == NULL) { |
1011 |
if (v == NULL) { |
| 1003 |
Py_DECREF(t); |
1012 |
Py_DECREF(t); |
|
Lines 1300-1306
Link Here
|
| 1300 |
Py_DECREF(sn_obj); |
1309 |
Py_DECREF(sn_obj); |
| 1301 |
|
1310 |
|
| 1302 |
(void) BIO_reset(biobuf); |
1311 |
(void) BIO_reset(biobuf); |
| 1303 |
notBefore = X509_get_notBefore(certificate); |
1312 |
notBefore = X509_get0_notBefore(certificate); |
| 1304 |
ASN1_TIME_print(biobuf, notBefore); |
1313 |
ASN1_TIME_print(biobuf, notBefore); |
| 1305 |
len = BIO_gets(biobuf, buf, sizeof(buf)-1); |
1314 |
len = BIO_gets(biobuf, buf, sizeof(buf)-1); |
| 1306 |
if (len < 0) { |
1315 |
if (len < 0) { |
|
Lines 1317-1323
Link Here
|
| 1317 |
Py_DECREF(pnotBefore); |
1326 |
Py_DECREF(pnotBefore); |
| 1318 |
|
1327 |
|
| 1319 |
(void) BIO_reset(biobuf); |
1328 |
(void) BIO_reset(biobuf); |
| 1320 |
notAfter = X509_get_notAfter(certificate); |
1329 |
notAfter = X509_get0_notAfter(certificate); |
| 1321 |
ASN1_TIME_print(biobuf, notAfter); |
1330 |
ASN1_TIME_print(biobuf, notAfter); |
| 1322 |
len = BIO_gets(biobuf, buf, sizeof(buf)-1); |
1331 |
len = BIO_gets(biobuf, buf, sizeof(buf)-1); |
| 1323 |
if (len < 0) { |
1332 |
if (len < 0) { |
|
Lines 2477-2483
Link Here
|
| 2477 |
conservative and assume it wasn't fixed until release. We do this check |
2486 |
conservative and assume it wasn't fixed until release. We do this check |
| 2478 |
at runtime to avoid problems from the dynamic linker. |
2487 |
at runtime to avoid problems from the dynamic linker. |
| 2479 |
See #25672 for more on this. */ |
2488 |
See #25672 for more on this. */ |
| 2480 |
libver = SSLeay(); |
2489 |
libver = OpenSSL_version_num(); |
| 2481 |
if (!(libver >= 0x10001000UL && libver < 0x1000108fUL) && |
2490 |
if (!(libver >= 0x10001000UL && libver < 0x1000108fUL) && |
| 2482 |
!(libver >= 0x10000000UL && libver < 0x100000dfUL)) { |
2491 |
!(libver >= 0x10000000UL && libver < 0x100000dfUL)) { |
| 2483 |
SSL_CTX_set_mode(self->ctx, SSL_MODE_RELEASE_BUFFERS); |
2492 |
SSL_CTX_set_mode(self->ctx, SSL_MODE_RELEASE_BUFFERS); |
|
Lines 4055-4061
Link Here
|
| 4055 |
if (bytes == NULL) |
4064 |
if (bytes == NULL) |
| 4056 |
return NULL; |
4065 |
return NULL; |
| 4057 |
if (pseudo) { |
4066 |
if (pseudo) { |
|
|
4067 |
#ifdef OPENSSL_VERSION_1_1 |
| 4068 |
ok = RAND_bytes((unsigned char*)PyBytes_AS_STRING(bytes), len); |
| 4069 |
#else |
| 4058 |
ok = RAND_pseudo_bytes((unsigned char*)PyBytes_AS_STRING(bytes), len); |
4070 |
ok = RAND_pseudo_bytes((unsigned char*)PyBytes_AS_STRING(bytes), len); |
|
|
4071 |
#endif |
| 4059 |
if (ok == 0 || ok == 1) |
4072 |
if (ok == 0 || ok == 1) |
| 4060 |
return Py_BuildValue("NO", bytes, ok == 1 ? Py_True : Py_False); |
4073 |
return Py_BuildValue("NO", bytes, ok == 1 ? Py_True : Py_False); |
| 4061 |
} |
4074 |
} |
|
Lines 4702-4710
Link Here
|
| 4702 |
return NULL; |
4715 |
return NULL; |
| 4703 |
PySocketModule = *socket_api; |
4716 |
PySocketModule = *socket_api; |
| 4704 |
|
4717 |
|
|
|
4718 |
#ifdef OPENSSL_VERSION_1_1 |
| 4719 |
OPENSSL_init_ssl(0, NULL); |
| 4720 |
#else |
| 4705 |
/* Init OpenSSL */ |
4721 |
/* Init OpenSSL */ |
| 4706 |
SSL_load_error_strings(); |
4722 |
SSL_load_error_strings(); |
| 4707 |
SSL_library_init(); |
4723 |
SSL_library_init(); |
|
|
4724 |
#endif |
| 4725 |
|
| 4708 |
#ifdef WITH_THREAD |
4726 |
#ifdef WITH_THREAD |
| 4709 |
#ifdef HAVE_OPENSSL_CRYPTO_LOCK |
4727 |
#ifdef HAVE_OPENSSL_CRYPTO_LOCK |
| 4710 |
/* note that this will start threading if not already started */ |
4728 |
/* note that this will start threading if not already started */ |
|
Lines 4716-4722
Link Here
|
| 4716 |
_ssl_locks_count++; |
4734 |
_ssl_locks_count++; |
| 4717 |
#endif |
4735 |
#endif |
| 4718 |
#endif /* WITH_THREAD */ |
4736 |
#endif /* WITH_THREAD */ |
|
|
4737 |
|
| 4738 |
#ifndef OPENSSL_VERSION_1_1 |
| 4719 |
OpenSSL_add_all_algorithms(); |
4739 |
OpenSSL_add_all_algorithms(); |
|
|
4740 |
#endif |
| 4720 |
|
4741 |
|
| 4721 |
/* Add symbols to module dict */ |
4742 |
/* Add symbols to module dict */ |
| 4722 |
sslerror_type_slots[0].pfunc = PyExc_OSError; |
4743 |
sslerror_type_slots[0].pfunc = PyExc_OSError; |
|
Lines 4976-4985
Link Here
|
| 4976 |
return NULL; |
4997 |
return NULL; |
| 4977 |
|
4998 |
|
| 4978 |
/* OpenSSL version */ |
4999 |
/* OpenSSL version */ |
| 4979 |
/* SSLeay() gives us the version of the library linked against, |
5000 |
/* OpenSSL_version_num() gives us the version of the library linked against, |
| 4980 |
which could be different from the headers version. |
5001 |
which could be different from the headers version. |
| 4981 |
*/ |
5002 |
*/ |
| 4982 |
libver = SSLeay(); |
5003 |
libver = OpenSSL_version_num(); |
| 4983 |
r = PyLong_FromUnsignedLong(libver); |
5004 |
r = PyLong_FromUnsignedLong(libver); |
| 4984 |
if (r == NULL) |
5005 |
if (r == NULL) |
| 4985 |
return NULL; |
5006 |
return NULL; |
|
Lines 4989-4995
Link Here
|
| 4989 |
r = Py_BuildValue("IIIII", major, minor, fix, patch, status); |
5010 |
r = Py_BuildValue("IIIII", major, minor, fix, patch, status); |
| 4990 |
if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION_INFO", r)) |
5011 |
if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION_INFO", r)) |
| 4991 |
return NULL; |
5012 |
return NULL; |
| 4992 |
r = PyUnicode_FromString(SSLeay_version(SSLEAY_VERSION)); |
5013 |
r = PyUnicode_FromString(OpenSSL_version(OPENSSL_VERSION)); |
| 4993 |
if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION", r)) |
5014 |
if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION", r)) |
| 4994 |
return NULL; |
5015 |
return NULL; |
| 4995 |
|
5016 |
|
