summaryrefslogtreecommitdiff
path: root/PC
diff options
context:
space:
mode:
authorChristian Heimes <christian@python.org>2018-01-27 15:51:38 +0100
committerGitHub <noreply@github.com>2018-01-27 15:51:38 +0100
commit61d478c71c5341cdc54e6bfb4ace4252852fd972 (patch)
tree5ad17242b4c341df03664ee5cde87cdb80b0ee50 /PC
parent746cc75541f31278864a10b995e7d009bd2ff053 (diff)
downloadcpython-git-61d478c71c5341cdc54e6bfb4ace4252852fd972.tar.gz
bpo-31399: Let OpenSSL verify hostname and IP address (#3462)
bpo-31399: Let OpenSSL verify hostname and IP The ssl module now uses OpenSSL's X509_VERIFY_PARAM_set1_host() and X509_VERIFY_PARAM_set1_ip() API to verify hostname and IP addresses. * Remove match_hostname calls * Check for libssl with set1_host, libssl must provide X509_VERIFY_PARAM_set1_host() * Add documentation for OpenSSL 1.0.2 requirement * Don't support OpenSSL special mode with a leading dot, e.g. ".example.org" matches "www.example.org". It's not standard conform. * Add hostname_checks_common_name Signed-off-by: Christian Heimes <christian@python.org>
Diffstat (limited to 'PC')
-rw-r--r--PC/pyconfig.h3
1 files changed, 3 insertions, 0 deletions
diff --git a/PC/pyconfig.h b/PC/pyconfig.h
index db745dee76..d2a3f5dd39 100644
--- a/PC/pyconfig.h
+++ b/PC/pyconfig.h
@@ -687,4 +687,7 @@ Py_NO_ENABLE_SHARED to find out. Also support MS_NO_COREDLL for b/w compat */
/* framework name */
#define _PYTHONFRAMEWORK ""
+/* Define if libssl has X509_VERIFY_PARAM_set1_host and related function */
+#define HAVE_X509_VERIFY_PARAM_SET1_HOST 1
+
#endif /* !Py_CONFIG_H */