You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

127 lines
4.7 KiB

  1. From 7a55c37e01114dfd1ae733b099fdee1ba1889449 Mon Sep 17 00:00:00 2001
  2. From: Rosen Penev <rosenp@gmail.com>
  3. Date: Fri, 7 Jun 2019 21:00:46 -0700
  4. Subject: [PATCH 3/7] Add compatibility for deprecated TLS methods
  5. ---
  6. src/_cffi_src/openssl/ssl.py | 45 +++++++++++++++++--
  7. .../hazmat/bindings/openssl/_conditional.py | 36 +++++++++++++++
  8. 2 files changed, 77 insertions(+), 4 deletions(-)
  9. --- a/src/_cffi_src/openssl/ssl.py
  10. +++ b/src/_cffi_src/openssl/ssl.py
  11. @@ -14,12 +14,14 @@ TYPES = """
  12. static const long Cryptography_HAS_SSL_ST;
  13. static const long Cryptography_HAS_TLS_ST;
  14. static const long Cryptography_HAS_SSL3_METHOD;
  15. -static const long Cryptography_HAS_TLSv1_1;
  16. -static const long Cryptography_HAS_TLSv1_2;
  17. +static const long Cryptography_HAS_TLS1_METHOD;
  18. +static const long Cryptography_HAS_TLS1_1_METHOD;
  19. +static const long Cryptography_HAS_TLS1_2_METHOD;
  20. static const long Cryptography_HAS_TLSv1_3;
  21. static const long Cryptography_HAS_SECURE_RENEGOTIATION;
  22. static const long Cryptography_HAS_SSL_CTX_CLEAR_OPTIONS;
  23. static const long Cryptography_HAS_DTLS;
  24. +static const long Cryptography_HAS_DTLS1_METHOD;
  25. static const long Cryptography_HAS_SIGALGS;
  26. static const long Cryptography_HAS_PSK;
  27. static const long Cryptography_HAS_VERIFIED_CHAIN;
  28. @@ -543,8 +545,43 @@ static const long Cryptography_HAS_SSL3_
  29. static const long Cryptography_HAS_RELEASE_BUFFERS = 1;
  30. static const long Cryptography_HAS_OP_NO_COMPRESSION = 1;
  31. -static const long Cryptography_HAS_TLSv1_1 = 1;
  32. -static const long Cryptography_HAS_TLSv1_2 = 1;
  33. +
  34. +#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
  35. +static const long Cryptography_HAS_TLS1_METHOD = 0;
  36. +const SSL_METHOD* (*TLSv1_method)(void) = NULL;
  37. +const SSL_METHOD* (*TLSv1_server_method)(void) = NULL;
  38. +const SSL_METHOD* (*TLSv1_client_method)(void) = NULL;
  39. +#else
  40. +static const long Cryptography_HAS_TLS1_METHOD = 1;
  41. +#endif
  42. +
  43. +#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
  44. +static const long Cryptography_HAS_TLS1_1_METHOD = 0;
  45. +const SSL_METHOD* (*TLSv1_1_method)(void) = NULL;
  46. +const SSL_METHOD* (*TLSv1_1_server_method)(void) = NULL;
  47. +const SSL_METHOD* (*TLSv1_1_client_method)(void) = NULL;
  48. +#else
  49. +static const long Cryptography_HAS_TLS1_1_METHOD = 1;
  50. +#endif
  51. +
  52. +#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
  53. +static const long Cryptography_HAS_TLS1_2_METHOD = 0;
  54. +const SSL_METHOD* (*TLSv1_2_method)(void) = NULL;
  55. +const SSL_METHOD* (*TLSv1_2_server_method)(void) = NULL;
  56. +const SSL_METHOD* (*TLSv1_2_client_method)(void) = NULL;
  57. +#else
  58. +static const long Cryptography_HAS_TLS1_2_METHOD = 1;
  59. +#endif
  60. +
  61. +#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
  62. +static const long Cryptography_HAS_DTLS1_METHOD = 0;
  63. +const SSL_METHOD* (*DTLSv1_method)(void) = NULL;
  64. +const SSL_METHOD* (*DTLSv1_server_method)(void) = NULL;
  65. +const SSL_METHOD* (*DTLSv1_client_method)(void) = NULL;
  66. +#else
  67. +static const long Cryptography_HAS_DTLS1_METHOD = 1;
  68. +#endif
  69. +
  70. static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING = 1;
  71. static const long Cryptography_HAS_SSL_OP_NO_TICKET = 1;
  72. static const long Cryptography_HAS_SSL_SET_SSL_CTX = 1;
  73. --- a/src/cryptography/hazmat/bindings/openssl/_conditional.py
  74. +++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py
  75. @@ -33,6 +33,38 @@ def cryptography_has_ssl3_method():
  76. ]
  77. +def cryptography_has_tls1_method():
  78. + return [
  79. + "TLSv1_method",
  80. + "TLSv1_client_method",
  81. + "TLSv1_server_method",
  82. + ]
  83. +
  84. +
  85. +def cryptography_has_tls1_1_method():
  86. + return [
  87. + "TLSv1_1_method",
  88. + "TLSv1_1_client_method",
  89. + "TLSv1_1_server_method",
  90. + ]
  91. +
  92. +
  93. +def cryptography_has_tls1_2_method():
  94. + return [
  95. + "TLSv1_2_method",
  96. + "TLSv1_2_client_method",
  97. + "TLSv1_2_server_method",
  98. + ]
  99. +
  100. +
  101. +def cryptography_has_dtls1_method():
  102. + return [
  103. + "DTLSv1_method",
  104. + "DTLSv1_client_method",
  105. + "DTLSv1_server_method",
  106. + ]
  107. +
  108. +
  109. def cryptography_has_102_verification():
  110. return [
  111. "X509_V_ERR_SUITE_B_INVALID_VERSION",
  112. @@ -286,6 +318,10 @@ CONDITIONAL_NAMES = {
  113. "Cryptography_HAS_RSA_OAEP_MD": cryptography_has_rsa_oaep_md,
  114. "Cryptography_HAS_RSA_OAEP_LABEL": cryptography_has_rsa_oaep_label,
  115. "Cryptography_HAS_SSL3_METHOD": cryptography_has_ssl3_method,
  116. + "Cryptography_HAS_TLS1_METHOD": cryptography_has_tls1_method,
  117. + "Cryptography_HAS_TLS1_1_METHOD": cryptography_has_tls1_1_method,
  118. + "Cryptography_HAS_TLS1_2_METHOD": cryptography_has_tls1_2_method,
  119. + "Cryptography_HAS_DTLS1_METHOD": cryptography_has_dtls1_method,
  120. "Cryptography_HAS_102_VERIFICATION": cryptography_has_102_verification,
  121. "Cryptography_HAS_110_VERIFICATION_PARAMS": (
  122. cryptography_has_110_verification_params