Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
View | Details | Raw Unified | Return to bug 592480 | Differences between
and this patch

Collapse All | Expand All

(-)Python-3.6.3-orig/Modules/_ssl.c (-16 / +91 lines)
Lines 2642-2680 Link Here
2642
    PySSLContext *self;
2642
    PySSLContext *self;
2643
    long options;
2643
    long options;
2644
    SSL_CTX *ctx = NULL;
2644
    SSL_CTX *ctx = NULL;
2645
    int result;
2645
    int result = 0;
2646
#if defined(SSL_MODE_RELEASE_BUFFERS)
2646
#if defined(SSL_MODE_RELEASE_BUFFERS)
2647
    unsigned long libver;
2647
    unsigned long libver;
2648
#endif
2648
#endif
2649
2649
2650
    PySSL_BEGIN_ALLOW_THREADS
2650
    PySSL_BEGIN_ALLOW_THREADS
2651
    if (proto_version == PY_SSL_VERSION_TLS1)
2651
    switch (proto_version) {
2652
#ifndef OPENSSL_VERSION_1_1
2653
    /* OpenSSL < 1.1 */
2654
#ifndef OPENSSL_NO_SSL2
2655
    case PY_SSL_VERSION_SSL2:
2656
        ctx = SSL_CTX_new(SSLv2_method());
2657
        break;
2658
#endif
2659
#ifndef OPENSSL_NO_SSL3
2660
    case PY_SSL_VERSION_SSL3:
2661
        ctx = SSL_CTX_new(SSLv3_method());
2662
        break;
2663
#endif
2664
#ifndef OPENSSL_NO_TLS1
2665
    case PY_SSL_VERSION_TLS1:
2652
        ctx = SSL_CTX_new(TLSv1_method());
2666
        ctx = SSL_CTX_new(TLSv1_method());
2653
#if HAVE_TLSv1_2
2667
        break;
2654
    else if (proto_version == PY_SSL_VERSION_TLS1_1)
2668
#endif
2669
#if !defined(OPENSSL_NO_TLS1_1) && HAVE_TLSv1_2
2670
    case PY_SSL_VERSION_TLS1_1:
2655
        ctx = SSL_CTX_new(TLSv1_1_method());
2671
        ctx = SSL_CTX_new(TLSv1_1_method());
2656
    else if (proto_version == PY_SSL_VERSION_TLS1_2)
2672
        break;
2673
#endif
2674
#if !defined(OPENSSL_NO_TLS1_2) && HAVE_TLSv1_2
2675
    case PY_SSL_VERSION_TLS1_2:
2657
        ctx = SSL_CTX_new(TLSv1_2_method());
2676
        ctx = SSL_CTX_new(TLSv1_2_method());
2677
        break;
2658
#endif
2678
#endif
2679
#else
2680
    /* OpenSSL >= 1.1
2681
     * create context with TLS_method for all protocols
2682
     * no SSLv2_method in OpenSSL 1.1.
2683
     */
2659
#ifndef OPENSSL_NO_SSL3
2684
#ifndef OPENSSL_NO_SSL3
2660
    else if (proto_version == PY_SSL_VERSION_SSL3)
2685
    case PY_SSL_VERSION_SSL3: /* fallthrough */
2661
        ctx = SSL_CTX_new(SSLv3_method());
2662
#endif
2686
#endif
2663
#ifndef OPENSSL_NO_SSL2
2687
#ifndef OPENSSL_NO_TLS1
2664
    else if (proto_version == PY_SSL_VERSION_SSL2)
2688
    case PY_SSL_VERSION_TLS1: /* fallthrough */
2665
        ctx = SSL_CTX_new(SSLv2_method());
2689
#endif
2690
#if !defined(OPENSSL_NO_TLS1_1) && HAVE_TLSv1_2
2691
    case PY_SSL_VERSION_TLS1_1: /* fallthrough */
2692
#endif
2693
#if !defined(OPENSSL_NO_TLS1_2) && HAVE_TLSv1_2
2694
    case PY_SSL_VERSION_TLS1_2: /* fallthrough */
2666
#endif
2695
#endif
2667
    else if (proto_version == PY_SSL_VERSION_TLS) /* SSLv23 */
2696
#endif /* OpenSSL >= 1.1 */
2697
    case PY_SSL_VERSION_TLS:
2698
        /* SSLv23 */
2668
        ctx = SSL_CTX_new(TLS_method());
2699
        ctx = SSL_CTX_new(TLS_method());
2669
    else if (proto_version == PY_SSL_VERSION_TLS_CLIENT)
2700
        break;
2701
    case PY_SSL_VERSION_TLS_CLIENT:
2670
        ctx = SSL_CTX_new(TLS_client_method());
2702
        ctx = SSL_CTX_new(TLS_client_method());
2671
    else if (proto_version == PY_SSL_VERSION_TLS_SERVER)
2703
        break;
2704
    case PY_SSL_VERSION_TLS_SERVER:
2672
        ctx = SSL_CTX_new(TLS_server_method());
2705
        ctx = SSL_CTX_new(TLS_server_method());
2673
    else
2706
        break;
2674
        proto_version = -1;
2707
    default:
2708
        result = -1;
2709
        break;
2710
    }
2675
    PySSL_END_ALLOW_THREADS
2711
    PySSL_END_ALLOW_THREADS
2676
2712
2677
    if (proto_version == -1) {
2713
    if (result == -1) {
2678
        PyErr_SetString(PyExc_ValueError,
2714
        PyErr_SetString(PyExc_ValueError,
2679
                        "invalid protocol version");
2715
                        "invalid protocol version");
2680
        return NULL;
2716
        return NULL;
Lines 2684-2689 Link Here
2684
        return NULL;
2720
        return NULL;
2685
    }
2721
    }
2686
2722
2723
#ifdef OPENSSL_VERSION_1_1
2724
    /* Emulate version specific methods with set min/max proto version */
2725
    switch (proto_version) {
2726
    case PY_SSL_VERSION_SSL3:
2727
        /* OpenSSL 1.1.0 sets SSL_OP_NO_SSLv3 for TLS_method by default */
2728
        SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3);
2729
        if (!SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION))
2730
            result = -1;
2731
        if (!SSL_CTX_set_max_proto_version(ctx, SSL3_VERSION))
2732
            result = -1;
2733
        break;
2734
    case PY_SSL_VERSION_TLS1:
2735
        if (!SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION))
2736
            result = -1;
2737
        if (!SSL_CTX_set_max_proto_version(ctx, TLS1_VERSION))
2738
            result = -1;
2739
        break;
2740
    case PY_SSL_VERSION_TLS1_1:
2741
        if (!SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION))
2742
            result = -1;
2743
        if (!SSL_CTX_set_max_proto_version(ctx, TLS1_1_VERSION))
2744
            result = -1;
2745
        break;
2746
    case PY_SSL_VERSION_TLS1_2:
2747
        if (!SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION))
2748
            result = -1;
2749
        if (!SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION))
2750
            result = -1;
2751
        break;
2752
    default:
2753
        break;
2754
    }
2755
    if (result == -1) {
2756
        SSL_CTX_free(ctx);
2757
        _setSSLError(NULL, 0, __FILE__, __LINE__);
2758
        return NULL;
2759
    }
2760
#endif
2761
2687
    assert(type != NULL && type->tp_alloc != NULL);
2762
    assert(type != NULL && type->tp_alloc != NULL);
2688
    self = (PySSLContext *) type->tp_alloc(type, 0);
2763
    self = (PySSLContext *) type->tp_alloc(type, 0);
2689
    if (self == NULL) {
2764
    if (self == NULL) {

Return to bug 592480