From 3f3b85a59d3c2cb021174ad92ad3a43d9eb73e62 Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Fri, 7 Jun 2019 21:00:46 -0700 Subject: [PATCH] Add compatibility for deprecated TLS methods --- src/_cffi_src/openssl/ssl.py | 45 +++++++++++++++++-- .../hazmat/bindings/openssl/_conditional.py | 36 +++++++++++++++ 2 files changed, 77 insertions(+), 4 deletions(-) diff --git a/src/_cffi_src/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py index c38e309a..e726417d 100644 --- a/src/_cffi_src/openssl/ssl.py +++ b/src/_cffi_src/openssl/ssl.py @@ -15,8 +15,9 @@ static const long Cryptography_HAS_SSL_ST; static const long Cryptography_HAS_TLS_ST; static const long Cryptography_HAS_SSL2; static const long Cryptography_HAS_SSL3_METHOD; -static const long Cryptography_HAS_TLSv1_1; -static const long Cryptography_HAS_TLSv1_2; +static const long Cryptography_HAS_TLS1_METHOD; +static const long Cryptography_HAS_TLS1_1_METHOD; +static const long Cryptography_HAS_TLS1_2_METHOD; static const long Cryptography_HAS_TLSv1_3; static const long Cryptography_HAS_SECURE_RENEGOTIATION; static const long Cryptography_HAS_TLSEXT_STATUS_REQ_CB; @@ -24,6 +25,7 @@ static const long Cryptography_HAS_STATUS_REQ_OCSP_RESP; static const long Cryptography_HAS_TLSEXT_STATUS_REQ_TYPE; static const long Cryptography_HAS_SSL_CTX_CLEAR_OPTIONS; static const long Cryptography_HAS_DTLS; +static const long Cryptography_HAS_DTLS1_METHOD; static const long Cryptography_HAS_SIGALGS; static const long Cryptography_HAS_PSK; static const long Cryptography_HAS_CIPHER_DETAILS; @@ -596,8 +598,43 @@ static const long Cryptography_HAS_STATUS_REQ_OCSP_RESP = 1; static const long Cryptography_HAS_TLSEXT_STATUS_REQ_TYPE = 1; static const long Cryptography_HAS_RELEASE_BUFFERS = 1; static const long Cryptography_HAS_OP_NO_COMPRESSION = 1; -static const long Cryptography_HAS_TLSv1_1 = 1; -static const long Cryptography_HAS_TLSv1_2 = 1; + +#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL +static const long Cryptography_HAS_TLS1_METHOD = 0; +const SSL_METHOD* (*TLSv1_method)(void) = NULL; +const SSL_METHOD* (*TLSv1_server_method)(void) = NULL; +const SSL_METHOD* (*TLSv1_client_method)(void) = NULL; +#else +static const long Cryptography_HAS_TLS1_METHOD = 1; +#endif + +#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL +static const long Cryptography_HAS_TLS1_1_METHOD = 0; +const SSL_METHOD* (*TLSv1_1_method)(void) = NULL; +const SSL_METHOD* (*TLSv1_1_server_method)(void) = NULL; +const SSL_METHOD* (*TLSv1_1_client_method)(void) = NULL; +#else +static const long Cryptography_HAS_TLS1_1_METHOD = 1; +#endif + +#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL +static const long Cryptography_HAS_TLS1_2_METHOD = 0; +const SSL_METHOD* (*TLSv1_2_method)(void) = NULL; +const SSL_METHOD* (*TLSv1_2_server_method)(void) = NULL; +const SSL_METHOD* (*TLSv1_2_client_method)(void) = NULL; +#else +static const long Cryptography_HAS_TLS1_2_METHOD = 1; +#endif + +#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL +static const long Cryptography_HAS_DTLS1_METHOD = 0; +const SSL_METHOD* (*DTLSv1_method)(void) = NULL; +const SSL_METHOD* (*DTLSv1_server_method)(void) = NULL; +const SSL_METHOD* (*DTLSv1_client_method)(void) = NULL; +#else +static const long Cryptography_HAS_DTLS1_METHOD = 1; +#endif + static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING = 1; static const long Cryptography_HAS_SSL_OP_NO_TICKET = 1; static const long Cryptography_HAS_SSL_SET_SSL_CTX = 1; diff --git a/src/cryptography/hazmat/bindings/openssl/_conditional.py b/src/cryptography/hazmat/bindings/openssl/_conditional.py index 23dc38a4..c0dca00a 100644 --- a/src/cryptography/hazmat/bindings/openssl/_conditional.py +++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py @@ -33,6 +33,38 @@ def cryptography_has_ssl3_method(): ] +def cryptography_has_tls1_method(): + return [ + "TLSv1_method", + "TLSv1_client_method", + "TLSv1_server_method", + ] + + +def cryptography_has_tls1_1_method(): + return [ + "TLSv1_1_method", + "TLSv1_1_client_method", + "TLSv1_1_server_method", + ] + + +def cryptography_has_tls1_2_method(): + return [ + "TLSv1_2_method", + "TLSv1_2_client_method", + "TLSv1_2_server_method", + ] + + +def cryptography_has_dtls1_method(): + return [ + "DTLSv1_method", + "DTLSv1_client_method", + "DTLSv1_server_method", + ] + + def cryptography_has_102_verification(): return [ "X509_V_ERR_SUITE_B_INVALID_VERSION", @@ -303,6 +335,10 @@ CONDITIONAL_NAMES = { "Cryptography_HAS_RSA_OAEP_MD": cryptography_has_rsa_oaep_md, "Cryptography_HAS_RSA_OAEP_LABEL": cryptography_has_rsa_oaep_label, "Cryptography_HAS_SSL3_METHOD": cryptography_has_ssl3_method, + "Cryptography_HAS_TLS1_METHOD": cryptography_has_tls1_method, + "Cryptography_HAS_TLS1_1_METHOD": cryptography_has_tls1_1_method, + "Cryptography_HAS_TLS1_2_METHOD": cryptography_has_tls1_2_method, + "Cryptography_HAS_DTLS1_METHOD": cryptography_has_dtls1_method, "Cryptography_HAS_102_VERIFICATION": cryptography_has_102_verification, "Cryptography_HAS_110_VERIFICATION_PARAMS": ( cryptography_has_110_verification_params -- 2.26.2