From 3f3b85a59d3c2cb021174ad92ad3a43d9eb73e62 Mon Sep 17 00:00:00 2001
From: Rosen Penev <rosenp@gmail.com>
Date: Fri, 7 Jun 2019 21:00:46 -0700
Subject: [PATCH] Add compatibility for deprecated TLS methods

---
 src/_cffi_src/openssl/ssl.py                  | 45 +++++++++++++++++--
 .../hazmat/bindings/openssl/_conditional.py   | 36 +++++++++++++++
 2 files changed, 77 insertions(+), 4 deletions(-)

diff --git a/src/_cffi_src/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py
index c38e309a..e726417d 100644
--- a/src/_cffi_src/openssl/ssl.py
+++ b/src/_cffi_src/openssl/ssl.py
@@ -15,8 +15,9 @@ static const long Cryptography_HAS_SSL_ST;
 static const long Cryptography_HAS_TLS_ST;
 static const long Cryptography_HAS_SSL2;
 static const long Cryptography_HAS_SSL3_METHOD;
-static const long Cryptography_HAS_TLSv1_1;
-static const long Cryptography_HAS_TLSv1_2;
+static const long Cryptography_HAS_TLS1_METHOD;
+static const long Cryptography_HAS_TLS1_1_METHOD;
+static const long Cryptography_HAS_TLS1_2_METHOD;
 static const long Cryptography_HAS_TLSv1_3;
 static const long Cryptography_HAS_SECURE_RENEGOTIATION;
 static const long Cryptography_HAS_TLSEXT_STATUS_REQ_CB;
@@ -24,6 +25,7 @@ static const long Cryptography_HAS_STATUS_REQ_OCSP_RESP;
 static const long Cryptography_HAS_TLSEXT_STATUS_REQ_TYPE;
 static const long Cryptography_HAS_SSL_CTX_CLEAR_OPTIONS;
 static const long Cryptography_HAS_DTLS;
+static const long Cryptography_HAS_DTLS1_METHOD;
 static const long Cryptography_HAS_SIGALGS;
 static const long Cryptography_HAS_PSK;
 static const long Cryptography_HAS_CIPHER_DETAILS;
@@ -596,8 +598,43 @@ static const long Cryptography_HAS_STATUS_REQ_OCSP_RESP = 1;
 static const long Cryptography_HAS_TLSEXT_STATUS_REQ_TYPE = 1;
 static const long Cryptography_HAS_RELEASE_BUFFERS = 1;
 static const long Cryptography_HAS_OP_NO_COMPRESSION = 1;
-static const long Cryptography_HAS_TLSv1_1 = 1;
-static const long Cryptography_HAS_TLSv1_2 = 1;
+
+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
+static const long Cryptography_HAS_TLS1_METHOD = 0;
+const SSL_METHOD* (*TLSv1_method)(void) = NULL;
+const SSL_METHOD* (*TLSv1_server_method)(void) = NULL;
+const SSL_METHOD* (*TLSv1_client_method)(void) = NULL;
+#else
+static const long Cryptography_HAS_TLS1_METHOD = 1;
+#endif
+
+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
+static const long Cryptography_HAS_TLS1_1_METHOD = 0;
+const SSL_METHOD* (*TLSv1_1_method)(void) = NULL;
+const SSL_METHOD* (*TLSv1_1_server_method)(void) = NULL;
+const SSL_METHOD* (*TLSv1_1_client_method)(void) = NULL;
+#else
+static const long Cryptography_HAS_TLS1_1_METHOD = 1;
+#endif
+
+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
+static const long Cryptography_HAS_TLS1_2_METHOD = 0;
+const SSL_METHOD* (*TLSv1_2_method)(void) = NULL;
+const SSL_METHOD* (*TLSv1_2_server_method)(void) = NULL;
+const SSL_METHOD* (*TLSv1_2_client_method)(void) = NULL;
+#else
+static const long Cryptography_HAS_TLS1_2_METHOD = 1;
+#endif
+
+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
+static const long Cryptography_HAS_DTLS1_METHOD = 0;
+const SSL_METHOD* (*DTLSv1_method)(void) = NULL;
+const SSL_METHOD* (*DTLSv1_server_method)(void) = NULL;
+const SSL_METHOD* (*DTLSv1_client_method)(void) = NULL;
+#else
+static const long Cryptography_HAS_DTLS1_METHOD = 1;
+#endif
+
 static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING = 1;
 static const long Cryptography_HAS_SSL_OP_NO_TICKET = 1;
 static const long Cryptography_HAS_SSL_SET_SSL_CTX = 1;
diff --git a/src/cryptography/hazmat/bindings/openssl/_conditional.py b/src/cryptography/hazmat/bindings/openssl/_conditional.py
index 23dc38a4..c0dca00a 100644
--- a/src/cryptography/hazmat/bindings/openssl/_conditional.py
+++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py
@@ -33,6 +33,38 @@ def cryptography_has_ssl3_method():
     ]
 
 
+def cryptography_has_tls1_method():
+    return [
+        "TLSv1_method",
+        "TLSv1_client_method",
+        "TLSv1_server_method",
+    ]
+
+
+def cryptography_has_tls1_1_method():
+    return [
+        "TLSv1_1_method",
+        "TLSv1_1_client_method",
+        "TLSv1_1_server_method",
+    ]
+
+
+def cryptography_has_tls1_2_method():
+    return [
+        "TLSv1_2_method",
+        "TLSv1_2_client_method",
+        "TLSv1_2_server_method",
+    ]
+
+
+def cryptography_has_dtls1_method():
+    return [
+        "DTLSv1_method",
+        "DTLSv1_client_method",
+        "DTLSv1_server_method",
+    ]
+
+
 def cryptography_has_102_verification():
     return [
         "X509_V_ERR_SUITE_B_INVALID_VERSION",
@@ -303,6 +335,10 @@ CONDITIONAL_NAMES = {
     "Cryptography_HAS_RSA_OAEP_MD": cryptography_has_rsa_oaep_md,
     "Cryptography_HAS_RSA_OAEP_LABEL": cryptography_has_rsa_oaep_label,
     "Cryptography_HAS_SSL3_METHOD": cryptography_has_ssl3_method,
+    "Cryptography_HAS_TLS1_METHOD": cryptography_has_tls1_method,
+    "Cryptography_HAS_TLS1_1_METHOD": cryptography_has_tls1_1_method,
+    "Cryptography_HAS_TLS1_2_METHOD": cryptography_has_tls1_2_method,
+    "Cryptography_HAS_DTLS1_METHOD": cryptography_has_dtls1_method,
     "Cryptography_HAS_102_VERIFICATION": cryptography_has_102_verification,
     "Cryptography_HAS_110_VERIFICATION_PARAMS": (
         cryptography_has_110_verification_params
-- 
2.26.2