diff options
author | Alex Gaynor <alex.gaynor@gmail.com> | 2020-10-27 00:15:17 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-10-26 21:15:17 -0700 |
commit | 124a0134fdb7decb0136b4b6f7892b87b919e74e (patch) | |
tree | 01a47b984f122ec7891185010f8f96c30ccce6fb /src | |
parent | 669dcc3488a4803b2c321218def6554805940c48 (diff) | |
download | pyopenssl-124a0134fdb7decb0136b4b6f7892b87b919e74e.tar.gz |
Drop CI for OpenSSL 1.0.2 (#953)
* Drop CI for OpenSSL 1.0.2
* Delete code for coverage reasons
* Bump minimum cryptography version
Diffstat (limited to 'src')
-rw-r--r-- | src/OpenSSL/SSL.py | 45 | ||||
-rw-r--r-- | src/OpenSSL/crypto.py | 12 |
2 files changed, 8 insertions, 49 deletions
diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py index bbb721c..9b9f638 100644 --- a/src/OpenSSL/SSL.py +++ b/src/OpenSSL/SSL.py @@ -28,7 +28,6 @@ from OpenSSL.crypto import ( X509Name, X509, X509Store, - X509StoreContext, ) __all__ = [ @@ -147,10 +146,7 @@ OP_NO_SSLv3 = _lib.SSL_OP_NO_SSLv3 OP_NO_TLSv1 = _lib.SSL_OP_NO_TLSv1 OP_NO_TLSv1_1 = _lib.SSL_OP_NO_TLSv1_1 OP_NO_TLSv1_2 = _lib.SSL_OP_NO_TLSv1_2 -try: - OP_NO_TLSv1_3 = _lib.SSL_OP_NO_TLSv1_3 -except AttributeError: - pass +OP_NO_TLSv1_3 = _lib.SSL_OP_NO_TLSv1_3 MODE_RELEASE_BUFFERS = _lib.SSL_MODE_RELEASE_BUFFERS @@ -202,14 +198,6 @@ SESS_CACHE_NO_INTERNAL = _lib.SSL_SESS_CACHE_NO_INTERNAL SSL_ST_CONNECT = _lib.SSL_ST_CONNECT SSL_ST_ACCEPT = _lib.SSL_ST_ACCEPT SSL_ST_MASK = _lib.SSL_ST_MASK -if _lib.Cryptography_HAS_SSL_ST: - SSL_ST_INIT = _lib.SSL_ST_INIT - SSL_ST_BEFORE = _lib.SSL_ST_BEFORE - SSL_ST_OK = _lib.SSL_ST_OK - SSL_ST_RENEGOTIATE = _lib.SSL_ST_RENEGOTIATE - __all__.extend( - ["SSL_ST_INIT", "SSL_ST_BEFORE", "SSL_ST_OK", "SSL_ST_RENEGOTIATE"] - ) SSL_CB_LOOP = _lib.SSL_CB_LOOP SSL_CB_EXIT = _lib.SSL_CB_EXIT @@ -972,11 +960,7 @@ class Context(object): """ buf = _text_to_bytes_and_warn("buf", buf) _openssl_assert( - _lib.SSL_CTX_set_session_id_context( - self._context, - buf, - len(buf), - ) + _lib.SSL_CTX_set_session_id_context(self._context, buf, len(buf)) == 1 ) @@ -2175,29 +2159,12 @@ class Connection(object): .. versionadded:: 20.0 """ - if hasattr(_lib, "SSL_get0_verified_chain"): - # OpenSSL 1.1+ - cert_stack = _lib.SSL_get0_verified_chain(self._ssl) - if cert_stack == _ffi.NULL: - return None - - return self._cert_stack_to_list(cert_stack) - - pycert = self.get_peer_certificate() - if pycert is None: - return None - - # Should never be NULL because the peer presented a certificate. - cert_stack = _lib.SSL_get_peer_cert_chain(self._ssl) - _openssl_assert(cert_stack != _ffi.NULL) - - pystore = self._context.get_cert_store() - if pystore is None: + # OpenSSL 1.1+ + cert_stack = _lib.SSL_get0_verified_chain(self._ssl) + if cert_stack == _ffi.NULL: return None - pystorectx = X509StoreContext(pystore, pycert) - pystorectx._chain = cert_stack - return pystorectx.get_verified_chain() + return self._cert_stack_to_list(cert_stack) def want_read(self): """ diff --git a/src/OpenSSL/crypto.py b/src/OpenSSL/crypto.py index 11be813..84f92b1 100644 --- a/src/OpenSSL/crypto.py +++ b/src/OpenSSL/crypto.py @@ -1603,16 +1603,8 @@ class X509Store(object): if not isinstance(cert, X509): raise TypeError() - # As of OpenSSL 1.1.0i adding the same cert to the store more than - # once doesn't cause an error. Accordingly, this code now silences - # the error for OpenSSL < 1.1.0i as well. - if _lib.X509_STORE_add_cert(self._store, cert._x509) == 0: - code = _lib.ERR_peek_error() - err_reason = _lib.ERR_GET_REASON(code) - _openssl_assert( - err_reason == _lib.X509_R_CERT_ALREADY_IN_HASH_TABLE - ) - _lib.ERR_clear_error() + res = _lib.X509_STORE_add_cert(self._store, cert._x509) + _openssl_assert(res == 1) def add_crl(self, crl): """ |