diff options
| author | Christian Heimes <christian@python.org> | 2018-02-25 14:28:55 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-02-25 14:28:55 +0100 |
| commit | df1732a4734190fefc8814687895fc1168716c37 (patch) | |
| tree | 443cdb5e3df2c05468f5050b4518e73ffcf5a925 /Modules/_ssl.c | |
| parent | 439956a149f8a3eb44646498c63b2ef3337d5f3d (diff) | |
| download | cpython-git-df1732a4734190fefc8814687895fc1168716c37.tar.gz | |
[2.7] bpo-30622: Fix NPN for OpenSSL 1.1.1-pre1 (GH-5876) (#5882)
Signed-off-by: Christian Heimes <christian@python.org>.
(cherry picked from commit 29eab55309b9f78b79074d26db16a44e7841c639)
Co-authored-by: Christian Heimes <christian@python.org>
Diffstat (limited to 'Modules/_ssl.c')
| -rw-r--r-- | Modules/_ssl.c | 47 |
1 files changed, 26 insertions, 21 deletions
diff --git a/Modules/_ssl.c b/Modules/_ssl.c index f9ed94dee1..da8b20f54f 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -123,22 +123,27 @@ struct py_ssl_library_code { #endif /* ALPN added in OpenSSL 1.0.2 */ -#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(OPENSSL_NO_TLSEXT) -# define HAVE_ALPN +#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation +# define HAVE_ALPN 1 +#else +# define HAVE_ALPN 0 #endif /* We cannot rely on OPENSSL_NO_NEXTPROTONEG because LibreSSL 2.6.1 dropped * NPN support but did not set OPENSSL_NO_NEXTPROTONEG for compatibility * reasons. The check for TLSEXT_TYPE_next_proto_neg works with * OpenSSL 1.0.1+ and LibreSSL. + * OpenSSL 1.1.1-pre1 dropped NPN but still has TLSEXT_TYPE_next_proto_neg. */ #ifdef OPENSSL_NO_NEXTPROTONEG -# define HAVE_NPN 0 +# define HAVE_NPN 0 +#elif (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(LIBRESSL_VERSION_NUMBER) +# define HAVE_NPN 0 #elif defined(TLSEXT_TYPE_next_proto_neg) -# define HAVE_NPN 1 +# define HAVE_NPN 1 #else -# define HAVE_NPN 0 -# endif +# define HAVE_NPN 0 +#endif #ifndef INVALID_SOCKET /* MS defines this */ #define INVALID_SOCKET (-1) @@ -298,11 +303,11 @@ static unsigned int _ssl_locks_count = 0; typedef struct { PyObject_HEAD SSL_CTX *ctx; -#ifdef HAVE_NPN +#if HAVE_NPN unsigned char *npn_protocols; int npn_protocols_len; #endif -#ifdef HAVE_ALPN +#if HAVE_ALPN unsigned char *alpn_protocols; int alpn_protocols_len; #endif @@ -1586,7 +1591,7 @@ static PyObject *PySSL_selected_npn_protocol(PySSLSocket *self) { } #endif -#ifdef HAVE_ALPN +#if HAVE_ALPN static PyObject *PySSL_selected_alpn_protocol(PySSLSocket *self) { const unsigned char *out; unsigned int outlen; @@ -2103,7 +2108,7 @@ static PyMethodDef PySSLMethods[] = { #ifdef OPENSSL_NPN_NEGOTIATED {"selected_npn_protocol", (PyCFunction)PySSL_selected_npn_protocol, METH_NOARGS}, #endif -#ifdef HAVE_ALPN +#if HAVE_ALPN {"selected_alpn_protocol", (PyCFunction)PySSL_selected_alpn_protocol, METH_NOARGS}, #endif {"compression", (PyCFunction)PySSL_compression, METH_NOARGS}, @@ -2209,10 +2214,10 @@ context_new(PyTypeObject *type, PyObject *args, PyObject *kwds) return NULL; } self->ctx = ctx; -#ifdef HAVE_NPN +#if HAVE_NPN self->npn_protocols = NULL; #endif -#ifdef HAVE_ALPN +#if HAVE_ALPN self->alpn_protocols = NULL; #endif #ifndef OPENSSL_NO_TLSEXT @@ -2287,10 +2292,10 @@ context_dealloc(PySSLContext *self) PyObject_GC_UnTrack(self); context_clear(self); SSL_CTX_free(self->ctx); -#ifdef HAVE_NPN +#if HAVE_NPN PyMem_FREE(self->npn_protocols); #endif -#ifdef HAVE_ALPN +#if HAVE_ALPN PyMem_FREE(self->alpn_protocols); #endif Py_TYPE(self)->tp_free(self); @@ -2317,7 +2322,7 @@ set_ciphers(PySSLContext *self, PyObject *args) Py_RETURN_NONE; } -#if defined(HAVE_NPN) || defined(HAVE_ALPN) +#if HAVE_NPN || HAVE_ALPN static int do_protocol_selection(int alpn, unsigned char **out, unsigned char *outlen, const unsigned char *server_protocols, unsigned int server_protocols_len, @@ -2343,7 +2348,7 @@ do_protocol_selection(int alpn, unsigned char **out, unsigned char *outlen, } #endif -#ifdef HAVE_NPN +#if HAVE_NPN /* this callback gets passed to SSL_CTX_set_next_protos_advertise_cb */ static int _advertiseNPN_cb(SSL *s, @@ -2378,7 +2383,7 @@ _selectNPN_cb(SSL *s, static PyObject * _set_npn_protocols(PySSLContext *self, PyObject *args) { -#ifdef HAVE_NPN +#if HAVE_NPN Py_buffer protos; if (!PyArg_ParseTuple(args, "s*:set_npn_protocols", &protos)) @@ -2414,7 +2419,7 @@ _set_npn_protocols(PySSLContext *self, PyObject *args) #endif } -#ifdef HAVE_ALPN +#if HAVE_ALPN static int _selectALPN_cb(SSL *s, const unsigned char **out, unsigned char *outlen, @@ -2431,7 +2436,7 @@ _selectALPN_cb(SSL *s, static PyObject * _set_alpn_protocols(PySSLContext *self, PyObject *args) { -#ifdef HAVE_ALPN +#if HAVE_ALPN Py_buffer protos; if (!PyArg_ParseTuple(args, "s*:set_npn_protocols", &protos)) @@ -4387,7 +4392,7 @@ init_ssl(void) Py_INCREF(r); PyModule_AddObject(m, "HAS_ECDH", r); -#ifdef HAVE_NPN +#if HAVE_NPN r = Py_True; #else r = Py_False; @@ -4395,7 +4400,7 @@ init_ssl(void) Py_INCREF(r); PyModule_AddObject(m, "HAS_NPN", r); -#ifdef HAVE_ALPN +#if HAVE_ALPN r = Py_True; #else r = Py_False; |