From 7a55c37e01114dfd1ae733b099fdee1ba1889449 Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Fri, 7 Jun 2019 21:00:46 -0700 Subject: [PATCH 3/7] Add compatibility for deprecated TLS methods --- src/_cffi_src/openssl/ssl.py | 45 +++++++++++++++++-- .../hazmat/bindings/openssl/_conditional.py | 36 +++++++++++++++ 2 files changed, 77 insertions(+), 4 deletions(-) --- a/src/_cffi_src/openssl/ssl.py +++ b/src/_cffi_src/openssl/ssl.py @@ -13,12 +13,14 @@ TYPES = """ static const long Cryptography_HAS_SSL_ST; static const long Cryptography_HAS_TLS_ST; static const long Cryptography_HAS_SSL3_METHOD; -static const long Cryptography_HAS_TLSv1_1; -static const long Cryptography_HAS_TLSv1_2; +static const long Cryptography_HAS_TLS1_METHOD; +static const long Cryptography_HAS_TLS1_1_METHOD; +static const long Cryptography_HAS_TLS1_2_METHOD; static const long Cryptography_HAS_TLSv1_3; static const long Cryptography_HAS_SECURE_RENEGOTIATION; static const long Cryptography_HAS_SSL_CTX_CLEAR_OPTIONS; static const long Cryptography_HAS_DTLS; +static const long Cryptography_HAS_DTLS1_METHOD; static const long Cryptography_HAS_SIGALGS; static const long Cryptography_HAS_PSK; static const long Cryptography_HAS_VERIFIED_CHAIN; @@ -548,8 +550,43 @@ static const long Cryptography_HAS_SSL3_ static const long Cryptography_HAS_RELEASE_BUFFERS = 1; static const long Cryptography_HAS_OP_NO_COMPRESSION = 1; -static const long Cryptography_HAS_TLSv1_1 = 1; -static const long Cryptography_HAS_TLSv1_2 = 1; + +#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL +static const long Cryptography_HAS_TLS1_METHOD = 0; +const SSL_METHOD* (*TLSv1_method)(void) = NULL; +const SSL_METHOD* (*TLSv1_server_method)(void) = NULL; +const SSL_METHOD* (*TLSv1_client_method)(void) = NULL; +#else +static const long Cryptography_HAS_TLS1_METHOD = 1; +#endif + +#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL +static const long Cryptography_HAS_TLS1_1_METHOD = 0; +const SSL_METHOD* (*TLSv1_1_method)(void) = NULL; +const SSL_METHOD* (*TLSv1_1_server_method)(void) = NULL; +const SSL_METHOD* (*TLSv1_1_client_method)(void) = NULL; +#else +static const long Cryptography_HAS_TLS1_1_METHOD = 1; +#endif + +#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL +static const long Cryptography_HAS_TLS1_2_METHOD = 0; +const SSL_METHOD* (*TLSv1_2_method)(void) = NULL; +const SSL_METHOD* (*TLSv1_2_server_method)(void) = NULL; +const SSL_METHOD* (*TLSv1_2_client_method)(void) = NULL; +#else +static const long Cryptography_HAS_TLS1_2_METHOD = 1; +#endif + +#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL +static const long Cryptography_HAS_DTLS1_METHOD = 0; +const SSL_METHOD* (*DTLSv1_method)(void) = NULL; +const SSL_METHOD* (*DTLSv1_server_method)(void) = NULL; +const SSL_METHOD* (*DTLSv1_client_method)(void) = NULL; +#else +static const long Cryptography_HAS_DTLS1_METHOD = 1; +#endif + static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING = 1; static const long Cryptography_HAS_SSL_OP_NO_TICKET = 1; static const long Cryptography_HAS_SSL_SET_SSL_CTX = 1; --- a/src/cryptography/hazmat/bindings/openssl/_conditional.py +++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py @@ -31,6 +31,38 @@ def cryptography_has_ssl3_method(): ] +def cryptography_has_tls1_method(): + return [ + "TLSv1_method", + "TLSv1_client_method", + "TLSv1_server_method", + ] + + +def cryptography_has_tls1_1_method(): + return [ + "TLSv1_1_method", + "TLSv1_1_client_method", + "TLSv1_1_server_method", + ] + + +def cryptography_has_tls1_2_method(): + return [ + "TLSv1_2_method", + "TLSv1_2_client_method", + "TLSv1_2_server_method", + ] + + +def cryptography_has_dtls1_method(): + return [ + "DTLSv1_method", + "DTLSv1_client_method", + "DTLSv1_server_method", + ] + + def cryptography_has_102_verification(): return [ "X509_V_ERR_SUITE_B_INVALID_VERSION", @@ -285,6 +317,10 @@ CONDITIONAL_NAMES = { "Cryptography_HAS_RSA_OAEP_MD": cryptography_has_rsa_oaep_md, "Cryptography_HAS_RSA_OAEP_LABEL": cryptography_has_rsa_oaep_label, "Cryptography_HAS_SSL3_METHOD": cryptography_has_ssl3_method, + "Cryptography_HAS_TLS1_METHOD": cryptography_has_tls1_method, + "Cryptography_HAS_TLS1_1_METHOD": cryptography_has_tls1_1_method, + "Cryptography_HAS_TLS1_2_METHOD": cryptography_has_tls1_2_method, + "Cryptography_HAS_DTLS1_METHOD": cryptography_has_dtls1_method, "Cryptography_HAS_102_VERIFICATION": cryptography_has_102_verification, "Cryptography_HAS_110_VERIFICATION_PARAMS": ( cryptography_has_110_verification_params