|
|
- From 7a55c37e01114dfd1ae733b099fdee1ba1889449 Mon Sep 17 00:00:00 2001
- From: Rosen Penev <rosenp@gmail.com>
- Date: Fri, 7 Jun 2019 21:00:46 -0700
- Subject: [PATCH 3/7] Add compatibility for deprecated TLS methods
-
- ---
- src/_cffi_src/openssl/ssl.py | 45 +++++++++++++++++--
- .../hazmat/bindings/openssl/_conditional.py | 36 +++++++++++++++
- 2 files changed, 77 insertions(+), 4 deletions(-)
-
- --- a/src/_cffi_src/openssl/ssl.py
- +++ b/src/_cffi_src/openssl/ssl.py
- @@ -14,12 +14,14 @@ TYPES = """
- static const long Cryptography_HAS_SSL_ST;
- static const long Cryptography_HAS_TLS_ST;
- static const long Cryptography_HAS_SSL3_METHOD;
- -static const long Cryptography_HAS_TLSv1_1;
- -static const long Cryptography_HAS_TLSv1_2;
- +static const long Cryptography_HAS_TLS1_METHOD;
- +static const long Cryptography_HAS_TLS1_1_METHOD;
- +static const long Cryptography_HAS_TLS1_2_METHOD;
- static const long Cryptography_HAS_TLSv1_3;
- static const long Cryptography_HAS_SECURE_RENEGOTIATION;
- static const long Cryptography_HAS_SSL_CTX_CLEAR_OPTIONS;
- static const long Cryptography_HAS_DTLS;
- +static const long Cryptography_HAS_DTLS1_METHOD;
- static const long Cryptography_HAS_SIGALGS;
- static const long Cryptography_HAS_PSK;
- static const long Cryptography_HAS_VERIFIED_CHAIN;
- @@ -543,8 +545,43 @@ static const long Cryptography_HAS_SSL3_
-
- static const long Cryptography_HAS_RELEASE_BUFFERS = 1;
- static const long Cryptography_HAS_OP_NO_COMPRESSION = 1;
- -static const long Cryptography_HAS_TLSv1_1 = 1;
- -static const long Cryptography_HAS_TLSv1_2 = 1;
- +
- +#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
- +static const long Cryptography_HAS_TLS1_METHOD = 0;
- +const SSL_METHOD* (*TLSv1_method)(void) = NULL;
- +const SSL_METHOD* (*TLSv1_server_method)(void) = NULL;
- +const SSL_METHOD* (*TLSv1_client_method)(void) = NULL;
- +#else
- +static const long Cryptography_HAS_TLS1_METHOD = 1;
- +#endif
- +
- +#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
- +static const long Cryptography_HAS_TLS1_1_METHOD = 0;
- +const SSL_METHOD* (*TLSv1_1_method)(void) = NULL;
- +const SSL_METHOD* (*TLSv1_1_server_method)(void) = NULL;
- +const SSL_METHOD* (*TLSv1_1_client_method)(void) = NULL;
- +#else
- +static const long Cryptography_HAS_TLS1_1_METHOD = 1;
- +#endif
- +
- +#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
- +static const long Cryptography_HAS_TLS1_2_METHOD = 0;
- +const SSL_METHOD* (*TLSv1_2_method)(void) = NULL;
- +const SSL_METHOD* (*TLSv1_2_server_method)(void) = NULL;
- +const SSL_METHOD* (*TLSv1_2_client_method)(void) = NULL;
- +#else
- +static const long Cryptography_HAS_TLS1_2_METHOD = 1;
- +#endif
- +
- +#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
- +static const long Cryptography_HAS_DTLS1_METHOD = 0;
- +const SSL_METHOD* (*DTLSv1_method)(void) = NULL;
- +const SSL_METHOD* (*DTLSv1_server_method)(void) = NULL;
- +const SSL_METHOD* (*DTLSv1_client_method)(void) = NULL;
- +#else
- +static const long Cryptography_HAS_DTLS1_METHOD = 1;
- +#endif
- +
- static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING = 1;
- static const long Cryptography_HAS_SSL_OP_NO_TICKET = 1;
- static const long Cryptography_HAS_SSL_SET_SSL_CTX = 1;
- --- a/src/cryptography/hazmat/bindings/openssl/_conditional.py
- +++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py
- @@ -33,6 +33,38 @@ def cryptography_has_ssl3_method():
- ]
-
-
- +def cryptography_has_tls1_method():
- + return [
- + "TLSv1_method",
- + "TLSv1_client_method",
- + "TLSv1_server_method",
- + ]
- +
- +
- +def cryptography_has_tls1_1_method():
- + return [
- + "TLSv1_1_method",
- + "TLSv1_1_client_method",
- + "TLSv1_1_server_method",
- + ]
- +
- +
- +def cryptography_has_tls1_2_method():
- + return [
- + "TLSv1_2_method",
- + "TLSv1_2_client_method",
- + "TLSv1_2_server_method",
- + ]
- +
- +
- +def cryptography_has_dtls1_method():
- + return [
- + "DTLSv1_method",
- + "DTLSv1_client_method",
- + "DTLSv1_server_method",
- + ]
- +
- +
- def cryptography_has_102_verification():
- return [
- "X509_V_ERR_SUITE_B_INVALID_VERSION",
- @@ -286,6 +318,10 @@ CONDITIONAL_NAMES = {
- "Cryptography_HAS_RSA_OAEP_MD": cryptography_has_rsa_oaep_md,
- "Cryptography_HAS_RSA_OAEP_LABEL": cryptography_has_rsa_oaep_label,
- "Cryptography_HAS_SSL3_METHOD": cryptography_has_ssl3_method,
- + "Cryptography_HAS_TLS1_METHOD": cryptography_has_tls1_method,
- + "Cryptography_HAS_TLS1_1_METHOD": cryptography_has_tls1_1_method,
- + "Cryptography_HAS_TLS1_2_METHOD": cryptography_has_tls1_2_method,
- + "Cryptography_HAS_DTLS1_METHOD": cryptography_has_dtls1_method,
- "Cryptography_HAS_102_VERIFICATION": cryptography_has_102_verification,
- "Cryptography_HAS_110_VERIFICATION_PARAMS": (
- cryptography_has_110_verification_params
|