117 lines
4.5 KiB
Diff
117 lines
4.5 KiB
Diff
--- a/Modules/_hashopenssl.c
|
|
+++ b/Modules/_hashopenssl.c
|
|
@@ -1071,7 +1071,7 @@ PyInit__hashlib(void)
|
|
{
|
|
PyObject *m, *openssl_md_meth_names;
|
|
|
|
-#ifndef OPENSSL_VERSION_1_1
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
/* Load all digest algorithms and initialize cpuid */
|
|
OPENSSL_add_all_algorithms_noconf();
|
|
ERR_load_crypto_strings();
|
|
--- a/Modules/_ssl.c
|
|
+++ b/Modules/_ssl.c
|
|
@@ -47,6 +47,7 @@ static PySocketModule_APIObject PySocketModule;
|
|
|
|
/* Include OpenSSL header files */
|
|
#include "openssl/rsa.h"
|
|
+#include "openssl/dh.h"
|
|
#include "openssl/crypto.h"
|
|
#include "openssl/x509.h"
|
|
#include "openssl/x509v3.h"
|
|
@@ -128,13 +129,13 @@ static void _PySSLFixErrno(void) {
|
|
#include "_ssl_data.h"
|
|
|
|
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
-# define OPENSSL_VERSION_1_1 1
|
|
-# define PY_OPENSSL_1_1_API 1
|
|
+# define OPENSSL_VERSION_1_1 1
|
|
+# define PY_OPENSSL_1_1_API 1
|
|
#endif
|
|
|
|
/* LibreSSL 2.7.0 provides necessary OpenSSL 1.1.0 APIs */
|
|
#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x2070000fL
|
|
-# define PY_OPENSSL_1_1_API 1
|
|
+# define PY_OPENSSL_1_1_API 1
|
|
#endif
|
|
|
|
/* Openssl comes with TLSv1.1 and TLSv1.2 between 1.0.0h and 1.0.1
|
|
@@ -197,6 +198,11 @@ static void _PySSLFixErrno(void) {
|
|
#define TLS_method SSLv23_method
|
|
#define TLS_client_method SSLv23_client_method
|
|
#define TLS_server_method SSLv23_server_method
|
|
+#define X509_getm_notBefore X509_get_notBefore
|
|
+#define X509_getm_notAfter X509_get_notAfter
|
|
+#define OpenSSL_version_num SSLeay
|
|
+#define OpenSSL_version SSLeay_version
|
|
+#define OPENSSL_VERSION SSLEAY_VERSION
|
|
|
|
static int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne)
|
|
{
|
|
@@ -859,7 +865,7 @@ _ssl_configure_hostname(PySSLSocket *self, const char* server_hostname)
|
|
goto error;
|
|
}
|
|
} else {
|
|
- if (!X509_VERIFY_PARAM_set1_ip(param, ASN1_STRING_data(ip),
|
|
+ if (!X509_VERIFY_PARAM_set1_ip(param, ASN1_STRING_get0_data(ip),
|
|
ASN1_STRING_length(ip))) {
|
|
_setSSLError(NULL, 0, __FILE__, __LINE__);
|
|
goto error;
|
|
@@ -1624,7 +1630,7 @@ _decode_certificate(X509 *certificate) {
|
|
Py_DECREF(sn_obj);
|
|
|
|
(void) BIO_reset(biobuf);
|
|
- notBefore = X509_get_notBefore(certificate);
|
|
+ notBefore = X509_getm_notBefore(certificate);
|
|
ASN1_TIME_print(biobuf, notBefore);
|
|
len = BIO_gets(biobuf, buf, sizeof(buf)-1);
|
|
if (len < 0) {
|
|
@@ -1641,7 +1647,7 @@ _decode_certificate(X509 *certificate) {
|
|
Py_DECREF(pnotBefore);
|
|
|
|
(void) BIO_reset(biobuf);
|
|
- notAfter = X509_get_notAfter(certificate);
|
|
+ notAfter = X509_getm_notAfter(certificate);
|
|
ASN1_TIME_print(biobuf, notAfter);
|
|
len = BIO_gets(biobuf, buf, sizeof(buf)-1);
|
|
if (len < 0) {
|
|
@@ -3152,7 +3158,7 @@ _ssl__SSLContext_impl(PyTypeObject *type, int proto_version)
|
|
conservative and assume it wasn't fixed until release. We do this check
|
|
at runtime to avoid problems from the dynamic linker.
|
|
See #25672 for more on this. */
|
|
- libver = SSLeay();
|
|
+ libver = OpenSSL_version_num();
|
|
if (!(libver >= 0x10001000UL && libver < 0x1000108fUL) &&
|
|
!(libver >= 0x10000000UL && libver < 0x100000dfUL)) {
|
|
SSL_CTX_set_mode(self->ctx, SSL_MODE_RELEASE_BUFFERS);
|
|
@@ -5159,7 +5175,7 @@ PySSL_RAND(int len, int pseudo)
|
|
if (bytes == NULL)
|
|
return NULL;
|
|
if (pseudo) {
|
|
- ok = RAND_pseudo_bytes((unsigned char*)PyBytes_AS_STRING(bytes), len);
|
|
+ ok = RAND_bytes((unsigned char*)PyBytes_AS_STRING(bytes), len);
|
|
if (ok == 0 || ok == 1)
|
|
return Py_BuildValue("NO", bytes, ok == 1 ? Py_True : Py_False);
|
|
}
|
|
@@ -6176,10 +6192,10 @@ PyInit__ssl(void)
|
|
return NULL;
|
|
|
|
/* OpenSSL version */
|
|
- /* SSLeay() gives us the version of the library linked against,
|
|
+ /* OpenSSL_version_num() gives us the version of the library linked against,
|
|
which could be different from the headers version.
|
|
*/
|
|
- libver = SSLeay();
|
|
+ libver = OpenSSL_version_num();
|
|
r = PyLong_FromUnsignedLong(libver);
|
|
if (r == NULL)
|
|
return NULL;
|
|
@@ -6199,7 +6205,7 @@ PyInit__ssl(void)
|
|
r = Py_BuildValue("IIIII", major, minor, fix, patch, status);
|
|
if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION_INFO", r))
|
|
return NULL;
|
|
- r = PyUnicode_FromString(SSLeay_version(SSLEAY_VERSION));
|
|
+ r = PyUnicode_FromString(OpenSSL_version(OPENSSL_VERSION));
|
|
if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION", r))
|
|
return NULL;
|
|
|