Lines 2642-2680
Link Here
|
2642 |
PySSLContext *self; |
2642 |
PySSLContext *self; |
2643 |
long options; |
2643 |
long options; |
2644 |
SSL_CTX *ctx = NULL; |
2644 |
SSL_CTX *ctx = NULL; |
2645 |
int result; |
2645 |
int result = 0; |
2646 |
#if defined(SSL_MODE_RELEASE_BUFFERS) |
2646 |
#if defined(SSL_MODE_RELEASE_BUFFERS) |
2647 |
unsigned long libver; |
2647 |
unsigned long libver; |
2648 |
#endif |
2648 |
#endif |
2649 |
|
2649 |
|
2650 |
PySSL_BEGIN_ALLOW_THREADS |
2650 |
PySSL_BEGIN_ALLOW_THREADS |
2651 |
if (proto_version == PY_SSL_VERSION_TLS1) |
2651 |
switch (proto_version) { |
|
|
2652 |
#ifndef OPENSSL_VERSION_1_1 |
2653 |
/* OpenSSL < 1.1 */ |
2654 |
#ifndef OPENSSL_NO_SSL2 |
2655 |
case PY_SSL_VERSION_SSL2: |
2656 |
ctx = SSL_CTX_new(SSLv2_method()); |
2657 |
break; |
2658 |
#endif |
2659 |
#ifndef OPENSSL_NO_SSL3 |
2660 |
case PY_SSL_VERSION_SSL3: |
2661 |
ctx = SSL_CTX_new(SSLv3_method()); |
2662 |
break; |
2663 |
#endif |
2664 |
#ifndef OPENSSL_NO_TLS1 |
2665 |
case PY_SSL_VERSION_TLS1: |
2652 |
ctx = SSL_CTX_new(TLSv1_method()); |
2666 |
ctx = SSL_CTX_new(TLSv1_method()); |
2653 |
#if HAVE_TLSv1_2 |
2667 |
break; |
2654 |
else if (proto_version == PY_SSL_VERSION_TLS1_1) |
2668 |
#endif |
|
|
2669 |
#if !defined(OPENSSL_NO_TLS1_1) && HAVE_TLSv1_2 |
2670 |
case PY_SSL_VERSION_TLS1_1: |
2655 |
ctx = SSL_CTX_new(TLSv1_1_method()); |
2671 |
ctx = SSL_CTX_new(TLSv1_1_method()); |
2656 |
else if (proto_version == PY_SSL_VERSION_TLS1_2) |
2672 |
break; |
|
|
2673 |
#endif |
2674 |
#if !defined(OPENSSL_NO_TLS1_2) && HAVE_TLSv1_2 |
2675 |
case PY_SSL_VERSION_TLS1_2: |
2657 |
ctx = SSL_CTX_new(TLSv1_2_method()); |
2676 |
ctx = SSL_CTX_new(TLSv1_2_method()); |
|
|
2677 |
break; |
2658 |
#endif |
2678 |
#endif |
|
|
2679 |
#else |
2680 |
/* OpenSSL >= 1.1 |
2681 |
* create context with TLS_method for all protocols |
2682 |
* no SSLv2_method in OpenSSL 1.1. |
2683 |
*/ |
2659 |
#ifndef OPENSSL_NO_SSL3 |
2684 |
#ifndef OPENSSL_NO_SSL3 |
2660 |
else if (proto_version == PY_SSL_VERSION_SSL3) |
2685 |
case PY_SSL_VERSION_SSL3: /* fallthrough */ |
2661 |
ctx = SSL_CTX_new(SSLv3_method()); |
|
|
2662 |
#endif |
2686 |
#endif |
2663 |
#ifndef OPENSSL_NO_SSL2 |
2687 |
#ifndef OPENSSL_NO_TLS1 |
2664 |
else if (proto_version == PY_SSL_VERSION_SSL2) |
2688 |
case PY_SSL_VERSION_TLS1: /* fallthrough */ |
2665 |
ctx = SSL_CTX_new(SSLv2_method()); |
2689 |
#endif |
|
|
2690 |
#if !defined(OPENSSL_NO_TLS1_1) && HAVE_TLSv1_2 |
2691 |
case PY_SSL_VERSION_TLS1_1: /* fallthrough */ |
2692 |
#endif |
2693 |
#if !defined(OPENSSL_NO_TLS1_2) && HAVE_TLSv1_2 |
2694 |
case PY_SSL_VERSION_TLS1_2: /* fallthrough */ |
2666 |
#endif |
2695 |
#endif |
2667 |
else if (proto_version == PY_SSL_VERSION_TLS) /* SSLv23 */ |
2696 |
#endif /* OpenSSL >= 1.1 */ |
|
|
2697 |
case PY_SSL_VERSION_TLS: |
2698 |
/* SSLv23 */ |
2668 |
ctx = SSL_CTX_new(TLS_method()); |
2699 |
ctx = SSL_CTX_new(TLS_method()); |
2669 |
else if (proto_version == PY_SSL_VERSION_TLS_CLIENT) |
2700 |
break; |
|
|
2701 |
case PY_SSL_VERSION_TLS_CLIENT: |
2670 |
ctx = SSL_CTX_new(TLS_client_method()); |
2702 |
ctx = SSL_CTX_new(TLS_client_method()); |
2671 |
else if (proto_version == PY_SSL_VERSION_TLS_SERVER) |
2703 |
break; |
|
|
2704 |
case PY_SSL_VERSION_TLS_SERVER: |
2672 |
ctx = SSL_CTX_new(TLS_server_method()); |
2705 |
ctx = SSL_CTX_new(TLS_server_method()); |
2673 |
else |
2706 |
break; |
2674 |
proto_version = -1; |
2707 |
default: |
|
|
2708 |
result = -1; |
2709 |
break; |
2710 |
} |
2675 |
PySSL_END_ALLOW_THREADS |
2711 |
PySSL_END_ALLOW_THREADS |
2676 |
|
2712 |
|
2677 |
if (proto_version == -1) { |
2713 |
if (result == -1) { |
2678 |
PyErr_SetString(PyExc_ValueError, |
2714 |
PyErr_SetString(PyExc_ValueError, |
2679 |
"invalid protocol version"); |
2715 |
"invalid protocol version"); |
2680 |
return NULL; |
2716 |
return NULL; |
Lines 2684-2689
Link Here
|
2684 |
return NULL; |
2720 |
return NULL; |
2685 |
} |
2721 |
} |
2686 |
|
2722 |
|
|
|
2723 |
#ifdef OPENSSL_VERSION_1_1 |
2724 |
/* Emulate version specific methods with set min/max proto version */ |
2725 |
switch (proto_version) { |
2726 |
case PY_SSL_VERSION_SSL3: |
2727 |
/* OpenSSL 1.1.0 sets SSL_OP_NO_SSLv3 for TLS_method by default */ |
2728 |
SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3); |
2729 |
if (!SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION)) |
2730 |
result = -1; |
2731 |
if (!SSL_CTX_set_max_proto_version(ctx, SSL3_VERSION)) |
2732 |
result = -1; |
2733 |
break; |
2734 |
case PY_SSL_VERSION_TLS1: |
2735 |
if (!SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION)) |
2736 |
result = -1; |
2737 |
if (!SSL_CTX_set_max_proto_version(ctx, TLS1_VERSION)) |
2738 |
result = -1; |
2739 |
break; |
2740 |
case PY_SSL_VERSION_TLS1_1: |
2741 |
if (!SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION)) |
2742 |
result = -1; |
2743 |
if (!SSL_CTX_set_max_proto_version(ctx, TLS1_1_VERSION)) |
2744 |
result = -1; |
2745 |
break; |
2746 |
case PY_SSL_VERSION_TLS1_2: |
2747 |
if (!SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION)) |
2748 |
result = -1; |
2749 |
if (!SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION)) |
2750 |
result = -1; |
2751 |
break; |
2752 |
default: |
2753 |
break; |
2754 |
} |
2755 |
if (result == -1) { |
2756 |
SSL_CTX_free(ctx); |
2757 |
_setSSLError(NULL, 0, __FILE__, __LINE__); |
2758 |
return NULL; |
2759 |
} |
2760 |
#endif |
2761 |
|
2687 |
assert(type != NULL && type->tp_alloc != NULL); |
2762 |
assert(type != NULL && type->tp_alloc != NULL); |
2688 |
self = (PySSLContext *) type->tp_alloc(type, 0); |
2763 |
self = (PySSLContext *) type->tp_alloc(type, 0); |
2689 |
if (self == NULL) { |
2764 |
if (self == NULL) { |