mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-07-22 18:55:22 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 15

Issue #23143: Remove compatibility with OpenSSLs older than 0.9.8.

Browse source 
(the last 0.9.7 release was in 2007)
This commit is contained in:
Antoine Pitrou 2015-01-03 23:17:23 +01:00
parent 60779a5527
commit 5e8430d02c
2 changed files with 2 additions and 53 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Misc/NEWS
View file

@ -196,6 +196,8 @@ Core and Builtins
Library Library
------- -------
- Issue #23143: Remove compatibility with OpenSSLs older than 0.9.8.
- Issue #23132: Improve performance and introspection support of comparison - Issue #23132: Improve performance and introspection support of comparison
methods created by functool.total_ordering. methods created by functool.total_ordering.

53
Modules/_ssl.c
View file

@ -162,13 +162,6 @@ static unsigned int _ssl_locks_count = 0;
#define X509_NAME_MAXLEN 256 #define X509_NAME_MAXLEN 256
/* RAND_* APIs got added to OpenSSL in 0.9.5 */
#if OPENSSL_VERSION_NUMBER >= 0x0090500fL
# define HAVE_OPENSSL_RAND 1
#else
# undef HAVE_OPENSSL_RAND
#endif
/* SSL_CTX_clear_options() and SSL_clear_options() were first added in /* SSL_CTX_clear_options() and SSL_clear_options() were first added in
* OpenSSL 0.9.8m but do not appear in some 0.9.9-dev versions such the * OpenSSL 0.9.8m but do not appear in some 0.9.9-dev versions such the
* 0.9.9 from "May 2008" that NetBSD 5.0 uses. */ * 0.9.9 from "May 2008" that NetBSD 5.0 uses. */
@ -182,28 +175,6 @@ static unsigned int _ssl_locks_count = 0;
* older SSL, but let's be safe */ * older SSL, but let's be safe */
#define PySSL_CB_MAXLEN 128 #define PySSL_CB_MAXLEN 128
/* SSL_get_finished got added to OpenSSL in 0.9.5 */
#if OPENSSL_VERSION_NUMBER >= 0x0090500fL
# define HAVE_OPENSSL_FINISHED 1
#else
# define HAVE_OPENSSL_FINISHED 0
#endif
/* ECDH support got added to OpenSSL in 0.9.8 */
#if OPENSSL_VERSION_NUMBER < 0x0090800fL && !defined(OPENSSL_NO_ECDH)
# define OPENSSL_NO_ECDH
#endif
/* compression support got added to OpenSSL in 0.9.8 */
#if OPENSSL_VERSION_NUMBER < 0x0090800fL && !defined(OPENSSL_NO_COMP)
# define OPENSSL_NO_COMP
#endif
/* X509_VERIFY_PARAM got added to OpenSSL in 0.9.8 */
#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
# define HAVE_OPENSSL_VERIFY_PARAM
#endif
typedef struct { typedef struct {
PyObject_HEAD PyObject_HEAD
@ -817,12 +788,7 @@ _get_peer_alt_names (X509 *certificate) {
char buf[2048]; char buf[2048];
char *vptr; char *vptr;
int len; int len;
/* Issue #2973: ASN1_item_d2i() API changed in OpenSSL 0.9.6m */
#if OPENSSL_VERSION_NUMBER >= 0x009060dfL
const unsigned char *p; const unsigned char *p;
#else
unsigned char *p;
#endif
if (certificate == NULL) if (certificate == NULL)
return peer_alt_names; return peer_alt_names;
@ -1998,7 +1964,6 @@ PyDoc_STRVAR(PySSL_SSLshutdown_doc,
Does the SSL shutdown handshake with the remote end, and returns\n\ Does the SSL shutdown handshake with the remote end, and returns\n\
the underlying socket object."); the underlying socket object.");
#if HAVE_OPENSSL_FINISHED
static PyObject * static PyObject *
PySSL_tls_unique_cb(PySSLSocket *self) PySSL_tls_unique_cb(PySSLSocket *self)
{ {
@ -2031,8 +1996,6 @@ Returns the 'tls-unique' channel binding data, as defined by RFC 5929.\n\
\n\ \n\
If the TLS handshake is not yet complete, None is returned"); If the TLS handshake is not yet complete, None is returned");
#endif /* HAVE_OPENSSL_FINISHED */
static PyGetSetDef ssl_getsetlist[] = { static PyGetSetDef ssl_getsetlist[] = {
{"context", (getter) PySSL_get_context, {"context", (getter) PySSL_get_context,
(setter) PySSL_set_context, PySSL_set_context_doc}, (setter) PySSL_set_context, PySSL_set_context_doc},
@ -2063,10 +2026,8 @@ static PyMethodDef PySSLMethods[] = {
{"compression", (PyCFunction)PySSL_compression, METH_NOARGS}, {"compression", (PyCFunction)PySSL_compression, METH_NOARGS},
{"shutdown", (PyCFunction)PySSL_SSLshutdown, METH_NOARGS, {"shutdown", (PyCFunction)PySSL_SSLshutdown, METH_NOARGS,
PySSL_SSLshutdown_doc}, PySSL_SSLshutdown_doc},
#if HAVE_OPENSSL_FINISHED
{"tls_unique_cb", (PyCFunction)PySSL_tls_unique_cb, METH_NOARGS, {"tls_unique_cb", (PyCFunction)PySSL_tls_unique_cb, METH_NOARGS,
PySSL_tls_unique_cb_doc}, PySSL_tls_unique_cb_doc},
#endif
{NULL, NULL} {NULL, NULL}
}; };
@ -2380,7 +2341,6 @@ set_verify_mode(PySSLContext *self, PyObject *arg, void *c)
return 0; return 0;
} }
#ifdef HAVE_OPENSSL_VERIFY_PARAM
static PyObject * static PyObject *
get_verify_flags(PySSLContext *self, void *c) get_verify_flags(PySSLContext *self, void *c)
{ {
@ -2418,7 +2378,6 @@ set_verify_flags(PySSLContext *self, PyObject *arg, void *c)
} }
return 0; return 0;
} }
#endif
static PyObject * static PyObject *
get_options(PySSLContext *self, void *c) get_options(PySSLContext *self, void *c)
@ -3303,10 +3262,8 @@ static PyGetSetDef context_getsetlist[] = {
(setter) set_check_hostname, NULL}, (setter) set_check_hostname, NULL},
{"options", (getter) get_options, {"options", (getter) get_options,
(setter) set_options, NULL}, (setter) set_options, NULL},
#ifdef HAVE_OPENSSL_VERIFY_PARAM
{"verify_flags", (getter) get_verify_flags, {"verify_flags", (getter) get_verify_flags,
(setter) set_verify_flags, NULL}, (setter) set_verify_flags, NULL},
#endif
{"verify_mode", (getter) get_verify_mode, {"verify_mode", (getter) get_verify_mode,
(setter) set_verify_mode, NULL}, (setter) set_verify_mode, NULL},
{NULL}, /* sentinel */ {NULL}, /* sentinel */
@ -3606,8 +3563,6 @@ static PyTypeObject PySSLMemoryBIO_Type = {
}; };
#ifdef HAVE_OPENSSL_RAND
/* helper routines for seeding the SSL PRNG */ /* helper routines for seeding the SSL PRNG */
static PyObject * static PyObject *
PySSL_RAND_add(PyObject *self, PyObject *args) PySSL_RAND_add(PyObject *self, PyObject *args)
@ -3745,8 +3700,6 @@ Returns number of bytes read. Raises SSLError if connection to EGD\n\
fails or if it does not provide enough data to seed PRNG."); fails or if it does not provide enough data to seed PRNG.");
#endif /* HAVE_RAND_EGD */ #endif /* HAVE_RAND_EGD */
#endif /* HAVE_OPENSSL_RAND */
PyDoc_STRVAR(PySSL_get_default_verify_paths_doc, PyDoc_STRVAR(PySSL_get_default_verify_paths_doc,
"get_default_verify_paths() -> tuple\n\ "get_default_verify_paths() -> tuple\n\
@ -4132,7 +4085,6 @@ PySSL_enum_crls(PyObject *self, PyObject *args, PyObject *kwds)
static PyMethodDef PySSL_methods[] = { static PyMethodDef PySSL_methods[] = {
{"_test_decode_cert", PySSL_test_decode_certificate, {"_test_decode_cert", PySSL_test_decode_certificate,
METH_VARARGS}, METH_VARARGS},
#ifdef HAVE_OPENSSL_RAND
{"RAND_add", PySSL_RAND_add, METH_VARARGS, {"RAND_add", PySSL_RAND_add, METH_VARARGS,
PySSL_RAND_add_doc}, PySSL_RAND_add_doc},
{"RAND_bytes", PySSL_RAND_bytes, METH_VARARGS, {"RAND_bytes", PySSL_RAND_bytes, METH_VARARGS,
@ -4145,7 +4097,6 @@ static PyMethodDef PySSL_methods[] = {
#endif #endif
{"RAND_status", (PyCFunction)PySSL_RAND_status, METH_NOARGS, {"RAND_status", (PyCFunction)PySSL_RAND_status, METH_NOARGS,
PySSL_RAND_status_doc}, PySSL_RAND_status_doc},
#endif
{"get_default_verify_paths", (PyCFunction)PySSL_get_default_verify_paths, {"get_default_verify_paths", (PyCFunction)PySSL_get_default_verify_paths,
METH_NOARGS, PySSL_get_default_verify_paths_doc}, METH_NOARGS, PySSL_get_default_verify_paths_doc},
#ifdef _MSC_VER #ifdef _MSC_VER
@ -4500,11 +4451,7 @@ PyInit__ssl(void)
Py_INCREF(r); Py_INCREF(r);
PyModule_AddObject(m, "HAS_SNI", r); PyModule_AddObject(m, "HAS_SNI", r);
#if HAVE_OPENSSL_FINISHED
r = Py_True; r = Py_True;
#else
r = Py_False;
#endif
Py_INCREF(r); Py_INCREF(r);
PyModule_AddObject(m, "HAS_TLS_UNIQUE", r); PyModule_AddObject(m, "HAS_TLS_UNIQUE", r);