Lines 73-78
Link Here
|
73 |
#include "openssl/err.h" |
73 |
#include "openssl/err.h" |
74 |
#include "openssl/rand.h" |
74 |
#include "openssl/rand.h" |
75 |
#include "openssl/bio.h" |
75 |
#include "openssl/bio.h" |
|
|
76 |
#include "openssl/dh.h" |
76 |
|
77 |
|
77 |
/* SSL error object */ |
78 |
/* SSL error object */ |
78 |
static PyObject *PySSLErrorObject; |
79 |
static PyObject *PySSLErrorObject; |
Lines 139-147
Link Here
|
139 |
#define HAVE_OPENSSL_CRYPTO_LOCK |
140 |
#define HAVE_OPENSSL_CRYPTO_LOCK |
140 |
#endif |
141 |
#endif |
141 |
|
142 |
|
|
|
143 |
#ifndef OPENSSL_VERSION_1_1 |
142 |
#define TLS_method SSLv23_method |
144 |
#define TLS_method SSLv23_method |
143 |
#define TLS_client_method SSLv23_client_method |
145 |
#define TLS_client_method SSLv23_client_method |
144 |
#define TLS_server_method SSLv23_server_method |
146 |
#define TLS_server_method SSLv23_server_method |
|
|
147 |
#define X509_get0_notBefore X509_get_notBefore |
148 |
#define X509_get0_notAfter X509_get_notAfter |
149 |
#define ASN1_STRING_get0_data ASN1_STRING_data |
150 |
#define OpenSSL_version_num SSLeay |
151 |
#define OpenSSL_version SSLeay_version |
152 |
#define OPENSSL_VERSION SSLEAY_VERSION |
153 |
#endif |
145 |
|
154 |
|
146 |
static int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne) |
155 |
static int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne) |
147 |
{ |
156 |
{ |
Lines 1062-1068
Link Here
|
1062 |
goto fail; |
1071 |
goto fail; |
1063 |
} |
1072 |
} |
1064 |
PyTuple_SET_ITEM(t, 0, v); |
1073 |
PyTuple_SET_ITEM(t, 0, v); |
1065 |
v = PyUnicode_FromStringAndSize((char *)ASN1_STRING_data(as), |
1074 |
v = PyUnicode_FromStringAndSize((char *)ASN1_STRING_get0_data(as), |
1066 |
ASN1_STRING_length(as)); |
1075 |
ASN1_STRING_length(as)); |
1067 |
if (v == NULL) { |
1076 |
if (v == NULL) { |
1068 |
Py_DECREF(t); |
1077 |
Py_DECREF(t); |
Lines 1365-1371
Link Here
|
1365 |
Py_DECREF(sn_obj); |
1374 |
Py_DECREF(sn_obj); |
1366 |
|
1375 |
|
1367 |
(void) BIO_reset(biobuf); |
1376 |
(void) BIO_reset(biobuf); |
1368 |
notBefore = X509_get_notBefore(certificate); |
1377 |
notBefore = X509_get0_notBefore(certificate); |
1369 |
ASN1_TIME_print(biobuf, notBefore); |
1378 |
ASN1_TIME_print(biobuf, notBefore); |
1370 |
len = BIO_gets(biobuf, buf, sizeof(buf)-1); |
1379 |
len = BIO_gets(biobuf, buf, sizeof(buf)-1); |
1371 |
if (len < 0) { |
1380 |
if (len < 0) { |
Lines 1382-1388
Link Here
|
1382 |
Py_DECREF(pnotBefore); |
1391 |
Py_DECREF(pnotBefore); |
1383 |
|
1392 |
|
1384 |
(void) BIO_reset(biobuf); |
1393 |
(void) BIO_reset(biobuf); |
1385 |
notAfter = X509_get_notAfter(certificate); |
1394 |
notAfter = X509_get0_notAfter(certificate); |
1386 |
ASN1_TIME_print(biobuf, notAfter); |
1395 |
ASN1_TIME_print(biobuf, notAfter); |
1387 |
len = BIO_gets(biobuf, buf, sizeof(buf)-1); |
1396 |
len = BIO_gets(biobuf, buf, sizeof(buf)-1); |
1388 |
if (len < 0) { |
1397 |
if (len < 0) { |
Lines 2835-2841
Link Here
|
2835 |
conservative and assume it wasn't fixed until release. We do this check |
2844 |
conservative and assume it wasn't fixed until release. We do this check |
2836 |
at runtime to avoid problems from the dynamic linker. |
2845 |
at runtime to avoid problems from the dynamic linker. |
2837 |
See #25672 for more on this. */ |
2846 |
See #25672 for more on this. */ |
2838 |
libver = SSLeay(); |
2847 |
libver = OpenSSL_version_num(); |
2839 |
if (!(libver >= 0x10001000UL && libver < 0x1000108fUL) && |
2848 |
if (!(libver >= 0x10001000UL && libver < 0x1000108fUL) && |
2840 |
!(libver >= 0x10000000UL && libver < 0x100000dfUL)) { |
2849 |
!(libver >= 0x10000000UL && libver < 0x100000dfUL)) { |
2841 |
SSL_CTX_set_mode(self->ctx, SSL_MODE_RELEASE_BUFFERS); |
2850 |
SSL_CTX_set_mode(self->ctx, SSL_MODE_RELEASE_BUFFERS); |
Lines 4647-4653
Link Here
|
4647 |
if (bytes == NULL) |
4656 |
if (bytes == NULL) |
4648 |
return NULL; |
4657 |
return NULL; |
4649 |
if (pseudo) { |
4658 |
if (pseudo) { |
|
|
4659 |
#ifdef OPENSSL_VERSION_1_1 |
4660 |
ok = RAND_bytes((unsigned char*)PyBytes_AS_STRING(bytes), len); |
4661 |
#else |
4650 |
ok = RAND_pseudo_bytes((unsigned char*)PyBytes_AS_STRING(bytes), len); |
4662 |
ok = RAND_pseudo_bytes((unsigned char*)PyBytes_AS_STRING(bytes), len); |
|
|
4663 |
#endif |
4651 |
if (ok == 0 || ok == 1) |
4664 |
if (ok == 0 || ok == 1) |
4652 |
return Py_BuildValue("NO", bytes, ok == 1 ? Py_True : Py_False); |
4665 |
return Py_BuildValue("NO", bytes, ok == 1 ? Py_True : Py_False); |
4653 |
} |
4666 |
} |
Lines 5287-5293
Link Here
|
5287 |
return NULL; |
5300 |
return NULL; |
5288 |
PySocketModule = *socket_api; |
5301 |
PySocketModule = *socket_api; |
5289 |
|
5302 |
|
5290 |
#ifndef OPENSSL_VERSION_1_1 |
5303 |
#ifdef OPENSSL_VERSION_1_1 |
|
|
5304 |
OPENSSL_init_ssl(0, NULL); |
5305 |
#else |
5291 |
/* Load all algorithms and initialize cpuid */ |
5306 |
/* Load all algorithms and initialize cpuid */ |
5292 |
OPENSSL_add_all_algorithms_noconf(); |
5307 |
OPENSSL_add_all_algorithms_noconf(); |
5293 |
/* Init OpenSSL */ |
5308 |
/* Init OpenSSL */ |
Lines 5587-5596
Link Here
|
5587 |
return NULL; |
5602 |
return NULL; |
5588 |
|
5603 |
|
5589 |
/* OpenSSL version */ |
5604 |
/* OpenSSL version */ |
5590 |
/* SSLeay() gives us the version of the library linked against, |
5605 |
/* OpenSSL_version_num() gives us the version of the library linked against, |
5591 |
which could be different from the headers version. |
5606 |
which could be different from the headers version. |
5592 |
*/ |
5607 |
*/ |
5593 |
libver = SSLeay(); |
5608 |
libver = OpenSSL_version_num(); |
5594 |
r = PyLong_FromUnsignedLong(libver); |
5609 |
r = PyLong_FromUnsignedLong(libver); |
5595 |
if (r == NULL) |
5610 |
if (r == NULL) |
5596 |
return NULL; |
5611 |
return NULL; |
Lines 5600-5606
Link Here
|
5600 |
r = Py_BuildValue("IIIII", major, minor, fix, patch, status); |
5615 |
r = Py_BuildValue("IIIII", major, minor, fix, patch, status); |
5601 |
if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION_INFO", r)) |
5616 |
if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION_INFO", r)) |
5602 |
return NULL; |
5617 |
return NULL; |
5603 |
r = PyUnicode_FromString(SSLeay_version(SSLEAY_VERSION)); |
5618 |
r = PyUnicode_FromString(OpenSSL_version(OPENSSL_VERSION)); |
5604 |
if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION", r)) |
5619 |
if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION", r)) |
5605 |
return NULL; |
5620 |
return NULL; |
5606 |
|
5621 |
|