mirror of
https://github.com/python/cpython.git
synced 2025-08-31 14:07:50 +00:00
Issue #12012: ssl.PROTOCOL_SSLv2 becomes optional
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2 protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid. Optimize also ssl.get_protocol_name(): speed does matter!
This commit is contained in:
Victor Stinner
parent
3a0792da6e
commit
3de49192aa
5 changed files with 60 additions and 36 deletions
|
|
@ -63,8 +63,10 @@ enum py_ssl_cert_requirements {
|
|||
};
|
||||
|
||||
enum py_ssl_version {
|
||||
#ifndef OPENSSL_NO_SSL2
|
||||
PY_SSL_VERSION_SSL2,
|
||||
PY_SSL_VERSION_SSL3,
|
||||
#endif
|
||||
PY_SSL_VERSION_SSL3=1,
|
||||
PY_SSL_VERSION_SSL23,
|
||||
PY_SSL_VERSION_TLS1
|
||||
};
|
||||
|
|
@ -1447,8 +1449,10 @@ context_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
|
|||
ctx = SSL_CTX_new(TLSv1_method());
|
||||
else if (proto_version == PY_SSL_VERSION_SSL3)
|
||||
ctx = SSL_CTX_new(SSLv3_method());
|
||||
#ifndef OPENSSL_NO_SSL2
|
||||
else if (proto_version == PY_SSL_VERSION_SSL2)
|
||||
ctx = SSL_CTX_new(SSLv2_method());
|
||||
#endif
|
||||
else if (proto_version == PY_SSL_VERSION_SSL23)
|
||||
ctx = SSL_CTX_new(SSLv23_method());
|
||||
else
|
||||
|
|
@ -2107,8 +2111,10 @@ PyInit__ssl(void)
|
|||
PY_SSL_CERT_REQUIRED);
|
||||
|
||||
/* protocol versions */
|
||||
#ifndef OPENSSL_NO_SSL2
|
||||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
|
||||
PY_SSL_VERSION_SSL2);
|
||||
#endif
|
||||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
|
||||
PY_SSL_VERSION_SSL3);
|
||||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue