Lines 19-24
Link Here
|
19 |
#include <pythread.h> |
19 |
#include <pythread.h> |
20 |
#include <limits.h> |
20 |
#include <limits.h> |
21 |
#include <openssl/bio.h> |
21 |
#include <openssl/bio.h> |
|
|
22 |
#include <openssl/crypto.h> |
22 |
#include <openssl/dh.h> |
23 |
#include <openssl/dh.h> |
23 |
#include <openssl/ssl.h> |
24 |
#include <openssl/ssl.h> |
24 |
#include <openssl/tls1.h> |
25 |
#include <openssl/tls1.h> |
Lines 258-278
Link Here
|
258 |
static PyObject *_ssl_timeout_err; |
259 |
static PyObject *_ssl_timeout_err; |
259 |
|
260 |
|
260 |
void ssl_init(PyObject *ssl_err, PyObject *ssl_timeout_err) { |
261 |
void ssl_init(PyObject *ssl_err, PyObject *ssl_timeout_err) { |
|
|
262 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
263 |
OPENSSL_init_ssl(0, NULL); |
264 |
OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \ |
265 |
| OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); |
266 |
#else |
261 |
SSL_library_init(); |
267 |
SSL_library_init(); |
262 |
SSL_load_error_strings(); |
268 |
SSL_load_error_strings(); |
|
|
269 |
#endif |
263 |
Py_INCREF(ssl_err); |
270 |
Py_INCREF(ssl_err); |
264 |
Py_INCREF(ssl_timeout_err); |
271 |
Py_INCREF(ssl_timeout_err); |
265 |
_ssl_err = ssl_err; |
272 |
_ssl_err = ssl_err; |
266 |
_ssl_timeout_err = ssl_timeout_err; |
273 |
_ssl_timeout_err = ssl_timeout_err; |
267 |
} |
274 |
} |
268 |
|
275 |
|
|
|
276 |
static void _set_protocol_version(const SSL_METHOD *m, int version) |
277 |
{ |
278 |
SSL_CTX *ctx = SSL_CTX_new(m); |
279 |
SSL_CTX_set_min_proto_version(ctx, version); |
280 |
SSL_CTX_set_max_proto_version(ctx, version); |
281 |
SSL_CTX_free(ctx); |
282 |
} |
283 |
|
269 |
#ifndef OPENSSL_NO_SSL3 |
284 |
#ifndef OPENSSL_NO_SSL3 |
270 |
const SSL_METHOD *sslv3_method(void) { |
285 |
const SSL_METHOD *sslv3_method(void) { |
271 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
286 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
272 |
PyErr_WarnEx(PyExc_DeprecationWarning, |
287 |
PyErr_WarnEx(PyExc_DeprecationWarning, |
273 |
"Function SSLv3_method has been deprecated.", 1); |
288 |
"Function SSLv3_method has been deprecated.", 1); |
274 |
#endif |
289 |
const SSL_METHOD *m = TLS_method(); |
|
|
290 |
_set_protocol_version(m, SSL3_VERSION); |
291 |
return m; |
292 |
#else |
275 |
return SSLv3_method(); |
293 |
return SSLv3_method(); |
|
|
294 |
#endif |
276 |
} |
295 |
} |
277 |
#endif |
296 |
#endif |
278 |
|
297 |
|
Lines 280-287
Link Here
|
280 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
299 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
281 |
PyErr_WarnEx(PyExc_DeprecationWarning, |
300 |
PyErr_WarnEx(PyExc_DeprecationWarning, |
282 |
"Function TLSv1_method has been deprecated.", 1); |
301 |
"Function TLSv1_method has been deprecated.", 1); |
283 |
#endif |
302 |
const SSL_METHOD *m = TLS_method(); |
|
|
303 |
_set_protocol_version(m, TLS1_VERSION); |
304 |
return m; |
305 |
#else |
284 |
return TLSv1_method(); |
306 |
return TLSv1_method(); |
|
|
307 |
#endif |
285 |
} |
308 |
} |
286 |
|
309 |
|
287 |
void ssl_ctx_passphrase_callback(SSL_CTX *ctx, PyObject *pyfunc) { |
310 |
void ssl_ctx_passphrase_callback(SSL_CTX *ctx, PyObject *pyfunc) { |
Lines 407-420
Link Here
|
407 |
} |
430 |
} |
408 |
|
431 |
|
409 |
long ssl_ctx_set_tmp_rsa(SSL_CTX *ctx, RSA* rsa) { |
432 |
long ssl_ctx_set_tmp_rsa(SSL_CTX *ctx, RSA* rsa) { |
|
|
433 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
434 |
return 1; |
435 |
#else |
410 |
return SSL_CTX_set_tmp_rsa(ctx, rsa); |
436 |
return SSL_CTX_set_tmp_rsa(ctx, rsa); |
|
|
437 |
#endif |
411 |
} |
438 |
} |
412 |
|
439 |
|
413 |
void ssl_ctx_set_tmp_rsa_callback(SSL_CTX *ctx, PyObject *pyfunc) { |
440 |
void ssl_ctx_set_tmp_rsa_callback(SSL_CTX *ctx, PyObject *pyfunc) { |
414 |
Py_XDECREF(ssl_set_tmp_rsa_cb_func); |
441 |
Py_XDECREF(ssl_set_tmp_rsa_cb_func); |
415 |
Py_INCREF(pyfunc); |
442 |
Py_INCREF(pyfunc); |
416 |
ssl_set_tmp_rsa_cb_func = pyfunc; |
443 |
ssl_set_tmp_rsa_cb_func = pyfunc; |
|
|
444 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
445 |
(void)ctx; |
446 |
(void)ssl_set_tmp_rsa_cb_func; |
447 |
#else |
417 |
SSL_CTX_set_tmp_rsa_callback(ctx, ssl_set_tmp_rsa_callback); |
448 |
SSL_CTX_set_tmp_rsa_callback(ctx, ssl_set_tmp_rsa_callback); |
|
|
449 |
#endif |
418 |
} |
450 |
} |
419 |
|
451 |
|
420 |
int ssl_ctx_load_verify_locations(SSL_CTX *ctx, const char *cafile, const char *capath) { |
452 |
int ssl_ctx_load_verify_locations(SSL_CTX *ctx, const char *cafile, const char *capath) { |