01d1b4581e
Dropped patches: 0004-Replace-EVP_CIPHER_CTX_cleanup-with-EVP_CIPHER_CTX_r.patch 0005-Switch-get_-Update-APIs-to-get0.patch Reworked patches: 0001-Add-new-ASN1_STRING_get0_data-API.patch 0006-Add-X509_STORE_CTX_trusted_stack-compatibility-macro.patch These 2 require that we keep only the CUSTOMIZATIONS stuff for now. Maybe later we can drop this. Ran 'make package/python-cryptography/refresh'. Added patch: 0004-disable-rust.patch upstream did a sloppy job with the CRYPTOGRAPHY_DONT_BUILD_RUST logic; we need to patch it, to make sure the setuptools-rust isn't installed. We may need to carry this patch in our tree for a bit longer than upstream, because in newer versions, CRYPTOGRAPHY_DONT_BUILD_RUST logic gets removed. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
127 lines
4.7 KiB
Diff
127 lines
4.7 KiB
Diff
From 7a55c37e01114dfd1ae733b099fdee1ba1889449 Mon Sep 17 00:00:00 2001
|
|
From: Rosen Penev <rosenp@gmail.com>
|
|
Date: Fri, 7 Jun 2019 21:00:46 -0700
|
|
Subject: [PATCH 3/7] Add compatibility for deprecated TLS methods
|
|
|
|
---
|
|
src/_cffi_src/openssl/ssl.py | 45 +++++++++++++++++--
|
|
.../hazmat/bindings/openssl/_conditional.py | 36 +++++++++++++++
|
|
2 files changed, 77 insertions(+), 4 deletions(-)
|
|
|
|
--- a/src/_cffi_src/openssl/ssl.py
|
|
+++ b/src/_cffi_src/openssl/ssl.py
|
|
@@ -13,12 +13,14 @@ TYPES = """
|
|
static const long Cryptography_HAS_SSL_ST;
|
|
static const long Cryptography_HAS_TLS_ST;
|
|
static const long Cryptography_HAS_SSL3_METHOD;
|
|
-static const long Cryptography_HAS_TLSv1_1;
|
|
-static const long Cryptography_HAS_TLSv1_2;
|
|
+static const long Cryptography_HAS_TLS1_METHOD;
|
|
+static const long Cryptography_HAS_TLS1_1_METHOD;
|
|
+static const long Cryptography_HAS_TLS1_2_METHOD;
|
|
static const long Cryptography_HAS_TLSv1_3;
|
|
static const long Cryptography_HAS_SECURE_RENEGOTIATION;
|
|
static const long Cryptography_HAS_SSL_CTX_CLEAR_OPTIONS;
|
|
static const long Cryptography_HAS_DTLS;
|
|
+static const long Cryptography_HAS_DTLS1_METHOD;
|
|
static const long Cryptography_HAS_SIGALGS;
|
|
static const long Cryptography_HAS_PSK;
|
|
static const long Cryptography_HAS_VERIFIED_CHAIN;
|
|
@@ -548,8 +550,43 @@ static const long Cryptography_HAS_SSL3_
|
|
|
|
static const long Cryptography_HAS_RELEASE_BUFFERS = 1;
|
|
static const long Cryptography_HAS_OP_NO_COMPRESSION = 1;
|
|
-static const long Cryptography_HAS_TLSv1_1 = 1;
|
|
-static const long Cryptography_HAS_TLSv1_2 = 1;
|
|
+
|
|
+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
|
|
+static const long Cryptography_HAS_TLS1_METHOD = 0;
|
|
+const SSL_METHOD* (*TLSv1_method)(void) = NULL;
|
|
+const SSL_METHOD* (*TLSv1_server_method)(void) = NULL;
|
|
+const SSL_METHOD* (*TLSv1_client_method)(void) = NULL;
|
|
+#else
|
|
+static const long Cryptography_HAS_TLS1_METHOD = 1;
|
|
+#endif
|
|
+
|
|
+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
|
|
+static const long Cryptography_HAS_TLS1_1_METHOD = 0;
|
|
+const SSL_METHOD* (*TLSv1_1_method)(void) = NULL;
|
|
+const SSL_METHOD* (*TLSv1_1_server_method)(void) = NULL;
|
|
+const SSL_METHOD* (*TLSv1_1_client_method)(void) = NULL;
|
|
+#else
|
|
+static const long Cryptography_HAS_TLS1_1_METHOD = 1;
|
|
+#endif
|
|
+
|
|
+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
|
|
+static const long Cryptography_HAS_TLS1_2_METHOD = 0;
|
|
+const SSL_METHOD* (*TLSv1_2_method)(void) = NULL;
|
|
+const SSL_METHOD* (*TLSv1_2_server_method)(void) = NULL;
|
|
+const SSL_METHOD* (*TLSv1_2_client_method)(void) = NULL;
|
|
+#else
|
|
+static const long Cryptography_HAS_TLS1_2_METHOD = 1;
|
|
+#endif
|
|
+
|
|
+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
|
|
+static const long Cryptography_HAS_DTLS1_METHOD = 0;
|
|
+const SSL_METHOD* (*DTLSv1_method)(void) = NULL;
|
|
+const SSL_METHOD* (*DTLSv1_server_method)(void) = NULL;
|
|
+const SSL_METHOD* (*DTLSv1_client_method)(void) = NULL;
|
|
+#else
|
|
+static const long Cryptography_HAS_DTLS1_METHOD = 1;
|
|
+#endif
|
|
+
|
|
static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING = 1;
|
|
static const long Cryptography_HAS_SSL_OP_NO_TICKET = 1;
|
|
static const long Cryptography_HAS_SSL_SET_SSL_CTX = 1;
|
|
--- a/src/cryptography/hazmat/bindings/openssl/_conditional.py
|
|
+++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py
|
|
@@ -31,6 +31,38 @@ def cryptography_has_ssl3_method():
|
|
]
|
|
|
|
|
|
+def cryptography_has_tls1_method():
|
|
+ return [
|
|
+ "TLSv1_method",
|
|
+ "TLSv1_client_method",
|
|
+ "TLSv1_server_method",
|
|
+ ]
|
|
+
|
|
+
|
|
+def cryptography_has_tls1_1_method():
|
|
+ return [
|
|
+ "TLSv1_1_method",
|
|
+ "TLSv1_1_client_method",
|
|
+ "TLSv1_1_server_method",
|
|
+ ]
|
|
+
|
|
+
|
|
+def cryptography_has_tls1_2_method():
|
|
+ return [
|
|
+ "TLSv1_2_method",
|
|
+ "TLSv1_2_client_method",
|
|
+ "TLSv1_2_server_method",
|
|
+ ]
|
|
+
|
|
+
|
|
+def cryptography_has_dtls1_method():
|
|
+ return [
|
|
+ "DTLSv1_method",
|
|
+ "DTLSv1_client_method",
|
|
+ "DTLSv1_server_method",
|
|
+ ]
|
|
+
|
|
+
|
|
def cryptography_has_102_verification():
|
|
return [
|
|
"X509_V_ERR_SUITE_B_INVALID_VERSION",
|
|
@@ -285,6 +317,10 @@ CONDITIONAL_NAMES = {
|
|
"Cryptography_HAS_RSA_OAEP_MD": cryptography_has_rsa_oaep_md,
|
|
"Cryptography_HAS_RSA_OAEP_LABEL": cryptography_has_rsa_oaep_label,
|
|
"Cryptography_HAS_SSL3_METHOD": cryptography_has_ssl3_method,
|
|
+ "Cryptography_HAS_TLS1_METHOD": cryptography_has_tls1_method,
|
|
+ "Cryptography_HAS_TLS1_1_METHOD": cryptography_has_tls1_1_method,
|
|
+ "Cryptography_HAS_TLS1_2_METHOD": cryptography_has_tls1_2_method,
|
|
+ "Cryptography_HAS_DTLS1_METHOD": cryptography_has_dtls1_method,
|
|
"Cryptography_HAS_102_VERIFICATION": cryptography_has_102_verification,
|
|
"Cryptography_HAS_110_VERIFICATION_PARAMS": (
|
|
cryptography_has_110_verification_params
|