mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-12-15 21:44:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 12

Issue #12012: ssl.PROTOCOL_SSLv2 becomes optional

Browse source 
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.

Optimize also ssl.get_protocol_name(): speed does matter!
This commit is contained in:
Victor Stinner 2011-05-10 00:38:00 +02:00
parent 4755ab010f
commit ee18b6f2fd
5 changed files with 40 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

8
Modules/_ssl.c
View file

@ -63,8 +63,10 @@ enum py_ssl_cert_requirements {
};
enum py_ssl_version {
#ifndef OPENSSL_NO_SSL2
PY_SSL_VERSION_SSL2,
PY_SSL_VERSION_SSL3,
#endif
PY_SSL_VERSION_SSL3=1,
PY_SSL_VERSION_SSL23,
PY_SSL_VERSION_TLS1
};
@ -306,8 +308,10 @@ newPySSLObject(PySocketSockObject *Sock, char *key_file, char *cert_file,
self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
else if (proto_version == PY_SSL_VERSION_SSL3)
self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
#ifndef OPENSSL_NO_SSL2
else if (proto_version == PY_SSL_VERSION_SSL2)
self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
#endif
else if (proto_version == PY_SSL_VERSION_SSL23)
self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
PySSL_END_ALLOW_THREADS
@ -1787,8 +1791,10 @@ PyInit__ssl(void)
PY_SSL_CERT_REQUIRED);
/* protocol versions */
#ifndef OPENSSL_NO_SSL2
PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
PY_SSL_VERSION_SSL2);
#endif
PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
PY_SSL_VERSION_SSL3);
PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",