Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
C
cpython
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
cpython
Commits
29eab553
Commit
29eab553
authored
Feb 25, 2018
by
Christian Heimes
Committed by
GitHub
Feb 25, 2018
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
bpo-30622: Fix NPN for OpenSSL 1.1.1-pre1 (#5876)
Signed-off-by:
Christian Heimes
<
christian@python.org
>
parent
5bb96925
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
30 additions
and
25 deletions
+30
-25
Modules/_ssl.c
Modules/_ssl.c
+25
-20
Modules/clinic/_ssl.c.h
Modules/clinic/_ssl.c.h
+5
-5
No files found.
Modules/_ssl.c
View file @
29eab553
...
@@ -157,21 +157,26 @@ static void _PySSLFixErrno(void) {
...
@@ -157,21 +157,26 @@ static void _PySSLFixErrno(void) {
#endif
#endif
#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
# define HAVE_ALPN
# define HAVE_ALPN 1
#else
# define HAVE_ALPN 0
#endif
#endif
/* We cannot rely on OPENSSL_NO_NEXTPROTONEG because LibreSSL 2.6.1 dropped
/* We cannot rely on OPENSSL_NO_NEXTPROTONEG because LibreSSL 2.6.1 dropped
* NPN support but did not set OPENSSL_NO_NEXTPROTONEG for compatibility
* NPN support but did not set OPENSSL_NO_NEXTPROTONEG for compatibility
* reasons. The check for TLSEXT_TYPE_next_proto_neg works with
* reasons. The check for TLSEXT_TYPE_next_proto_neg works with
* OpenSSL 1.0.1+ and LibreSSL.
* OpenSSL 1.0.1+ and LibreSSL.
* OpenSSL 1.1.1-pre1 dropped NPN but still has TLSEXT_TYPE_next_proto_neg.
*/
*/
#ifdef OPENSSL_NO_NEXTPROTONEG
#ifdef OPENSSL_NO_NEXTPROTONEG
# define HAVE_NPN 0
# define HAVE_NPN 0
#elif (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(LIBRESSL_VERSION_NUMBER)
# define HAVE_NPN 0
#elif defined(TLSEXT_TYPE_next_proto_neg)
#elif defined(TLSEXT_TYPE_next_proto_neg)
#
define HAVE_NPN 1
# define HAVE_NPN 1
#else
#else
#
define HAVE_NPN 0
# define HAVE_NPN 0
#
endif
#endif
#ifndef INVALID_SOCKET
/* MS defines this */
#ifndef INVALID_SOCKET
/* MS defines this */
#define INVALID_SOCKET (-1)
#define INVALID_SOCKET (-1)
...
@@ -341,11 +346,11 @@ static unsigned int _ssl_locks_count = 0;
...
@@ -341,11 +346,11 @@ static unsigned int _ssl_locks_count = 0;
typedef
struct
{
typedef
struct
{
PyObject_HEAD
PyObject_HEAD
SSL_CTX
*
ctx
;
SSL_CTX
*
ctx
;
#if
def
HAVE_NPN
#if HAVE_NPN
unsigned
char
*
npn_protocols
;
unsigned
char
*
npn_protocols
;
int
npn_protocols_len
;
int
npn_protocols_len
;
#endif
#endif
#if
def
HAVE_ALPN
#if HAVE_ALPN
unsigned
char
*
alpn_protocols
;
unsigned
char
*
alpn_protocols
;
unsigned
int
alpn_protocols_len
;
unsigned
int
alpn_protocols_len
;
#endif
#endif
...
@@ -1922,7 +1927,7 @@ _ssl__SSLSocket_version_impl(PySSLSocket *self)
...
@@ -1922,7 +1927,7 @@ _ssl__SSLSocket_version_impl(PySSLSocket *self)
return
PyUnicode_FromString
(
version
);
return
PyUnicode_FromString
(
version
);
}
}
#if
def
HAVE_NPN
#if HAVE_NPN
/*[clinic input]
/*[clinic input]
_ssl._SSLSocket.selected_npn_protocol
_ssl._SSLSocket.selected_npn_protocol
[clinic start generated code]*/
[clinic start generated code]*/
...
@@ -1943,7 +1948,7 @@ _ssl__SSLSocket_selected_npn_protocol_impl(PySSLSocket *self)
...
@@ -1943,7 +1948,7 @@ _ssl__SSLSocket_selected_npn_protocol_impl(PySSLSocket *self)
}
}
#endif
#endif
#if
def
HAVE_ALPN
#if HAVE_ALPN
/*[clinic input]
/*[clinic input]
_ssl._SSLSocket.selected_alpn_protocol
_ssl._SSLSocket.selected_alpn_protocol
[clinic start generated code]*/
[clinic start generated code]*/
...
@@ -2887,10 +2892,10 @@ _ssl__SSLContext_impl(PyTypeObject *type, int proto_version)
...
@@ -2887,10 +2892,10 @@ _ssl__SSLContext_impl(PyTypeObject *type, int proto_version)
self
->
ctx
=
ctx
;
self
->
ctx
=
ctx
;
self
->
hostflags
=
X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS
;
self
->
hostflags
=
X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS
;
self
->
protocol
=
proto_version
;
self
->
protocol
=
proto_version
;
#if
def
HAVE_NPN
#if HAVE_NPN
self
->
npn_protocols
=
NULL
;
self
->
npn_protocols
=
NULL
;
#endif
#endif
#if
def
HAVE_ALPN
#if HAVE_ALPN
self
->
alpn_protocols
=
NULL
;
self
->
alpn_protocols
=
NULL
;
#endif
#endif
#ifndef OPENSSL_NO_TLSEXT
#ifndef OPENSSL_NO_TLSEXT
...
@@ -3026,10 +3031,10 @@ context_dealloc(PySSLContext *self)
...
@@ -3026,10 +3031,10 @@ context_dealloc(PySSLContext *self)
PyObject_GC_UnTrack
(
self
);
PyObject_GC_UnTrack
(
self
);
context_clear
(
self
);
context_clear
(
self
);
SSL_CTX_free
(
self
->
ctx
);
SSL_CTX_free
(
self
->
ctx
);
#if
def
HAVE_NPN
#if HAVE_NPN
PyMem_FREE
(
self
->
npn_protocols
);
PyMem_FREE
(
self
->
npn_protocols
);
#endif
#endif
#if
def
HAVE_ALPN
#if HAVE_ALPN
PyMem_FREE
(
self
->
alpn_protocols
);
PyMem_FREE
(
self
->
alpn_protocols
);
#endif
#endif
Py_TYPE
(
self
)
->
tp_free
(
self
);
Py_TYPE
(
self
)
->
tp_free
(
self
);
...
@@ -3104,7 +3109,7 @@ _ssl__SSLContext_get_ciphers_impl(PySSLContext *self)
...
@@ -3104,7 +3109,7 @@ _ssl__SSLContext_get_ciphers_impl(PySSLContext *self)
#endif
#endif
#if
defined(HAVE_NPN) || defined(HAVE_ALPN)
#if
HAVE_NPN || HAVE_ALPN
static
int
static
int
do_protocol_selection
(
int
alpn
,
unsigned
char
**
out
,
unsigned
char
*
outlen
,
do_protocol_selection
(
int
alpn
,
unsigned
char
**
out
,
unsigned
char
*
outlen
,
const
unsigned
char
*
server_protocols
,
unsigned
int
server_protocols_len
,
const
unsigned
char
*
server_protocols
,
unsigned
int
server_protocols_len
,
...
@@ -3130,7 +3135,7 @@ do_protocol_selection(int alpn, unsigned char **out, unsigned char *outlen,
...
@@ -3130,7 +3135,7 @@ do_protocol_selection(int alpn, unsigned char **out, unsigned char *outlen,
}
}
#endif
#endif
#if
def
HAVE_NPN
#if HAVE_NPN
/* this callback gets passed to SSL_CTX_set_next_protos_advertise_cb */
/* this callback gets passed to SSL_CTX_set_next_protos_advertise_cb */
static
int
static
int
_advertiseNPN_cb
(
SSL
*
s
,
_advertiseNPN_cb
(
SSL
*
s
,
...
@@ -3173,7 +3178,7 @@ _ssl__SSLContext__set_npn_protocols_impl(PySSLContext *self,
...
@@ -3173,7 +3178,7 @@ _ssl__SSLContext__set_npn_protocols_impl(PySSLContext *self,
Py_buffer
*
protos
)
Py_buffer
*
protos
)
/*[clinic end generated code: output=72b002c3324390c6 input=319fcb66abf95bd7]*/
/*[clinic end generated code: output=72b002c3324390c6 input=319fcb66abf95bd7]*/
{
{
#if
def
HAVE_NPN
#if HAVE_NPN
PyMem_Free
(
self
->
npn_protocols
);
PyMem_Free
(
self
->
npn_protocols
);
self
->
npn_protocols
=
PyMem_Malloc
(
protos
->
len
);
self
->
npn_protocols
=
PyMem_Malloc
(
protos
->
len
);
if
(
self
->
npn_protocols
==
NULL
)
if
(
self
->
npn_protocols
==
NULL
)
...
@@ -3198,7 +3203,7 @@ _ssl__SSLContext__set_npn_protocols_impl(PySSLContext *self,
...
@@ -3198,7 +3203,7 @@ _ssl__SSLContext__set_npn_protocols_impl(PySSLContext *self,
#endif
#endif
}
}
#if
def
HAVE_ALPN
#if HAVE_ALPN
static
int
static
int
_selectALPN_cb
(
SSL
*
s
,
_selectALPN_cb
(
SSL
*
s
,
const
unsigned
char
**
out
,
unsigned
char
*
outlen
,
const
unsigned
char
**
out
,
unsigned
char
*
outlen
,
...
@@ -3223,7 +3228,7 @@ _ssl__SSLContext__set_alpn_protocols_impl(PySSLContext *self,
...
@@ -3223,7 +3228,7 @@ _ssl__SSLContext__set_alpn_protocols_impl(PySSLContext *self,
Py_buffer
*
protos
)
Py_buffer
*
protos
)
/*[clinic end generated code: output=87599a7f76651a9b input=9bba964595d519be]*/
/*[clinic end generated code: output=87599a7f76651a9b input=9bba964595d519be]*/
{
{
#if
def
HAVE_ALPN
#if HAVE_ALPN
if
((
size_t
)
protos
->
len
>
UINT_MAX
)
{
if
((
size_t
)
protos
->
len
>
UINT_MAX
)
{
PyErr_Format
(
PyExc_OverflowError
,
PyErr_Format
(
PyExc_OverflowError
,
"protocols longer than %d bytes"
,
UINT_MAX
);
"protocols longer than %d bytes"
,
UINT_MAX
);
...
@@ -5718,7 +5723,7 @@ PyInit__ssl(void)
...
@@ -5718,7 +5723,7 @@ PyInit__ssl(void)
Py_INCREF
(
r
);
Py_INCREF
(
r
);
PyModule_AddObject
(
m
,
"HAS_ECDH"
,
r
);
PyModule_AddObject
(
m
,
"HAS_ECDH"
,
r
);
#if
def
HAVE_NPN
#if HAVE_NPN
r
=
Py_True
;
r
=
Py_True
;
#else
#else
r
=
Py_False
;
r
=
Py_False
;
...
@@ -5726,7 +5731,7 @@ PyInit__ssl(void)
...
@@ -5726,7 +5731,7 @@ PyInit__ssl(void)
Py_INCREF
(
r
);
Py_INCREF
(
r
);
PyModule_AddObject
(
m
,
"HAS_NPN"
,
r
);
PyModule_AddObject
(
m
,
"HAS_NPN"
,
r
);
#if
def
HAVE_ALPN
#if HAVE_ALPN
r
=
Py_True
;
r
=
Py_True
;
#else
#else
r
=
Py_False
;
r
=
Py_False
;
...
...
Modules/clinic/_ssl.c.h
View file @
29eab553
...
@@ -132,7 +132,7 @@ _ssl__SSLSocket_version(PySSLSocket *self, PyObject *Py_UNUSED(ignored))
...
@@ -132,7 +132,7 @@ _ssl__SSLSocket_version(PySSLSocket *self, PyObject *Py_UNUSED(ignored))
return
_ssl__SSLSocket_version_impl
(
self
);
return
_ssl__SSLSocket_version_impl
(
self
);
}
}
#if
defined
(HAVE_NPN)
#if (HAVE_NPN)
PyDoc_STRVAR
(
_ssl__SSLSocket_selected_npn_protocol__doc__
,
PyDoc_STRVAR
(
_ssl__SSLSocket_selected_npn_protocol__doc__
,
"selected_npn_protocol($self, /)
\n
"
"selected_npn_protocol($self, /)
\n
"
...
@@ -151,9 +151,9 @@ _ssl__SSLSocket_selected_npn_protocol(PySSLSocket *self, PyObject *Py_UNUSED(ign
...
@@ -151,9 +151,9 @@ _ssl__SSLSocket_selected_npn_protocol(PySSLSocket *self, PyObject *Py_UNUSED(ign
return
_ssl__SSLSocket_selected_npn_protocol_impl
(
self
);
return
_ssl__SSLSocket_selected_npn_protocol_impl
(
self
);
}
}
#endif
/*
defined
(HAVE_NPN) */
#endif
/* (HAVE_NPN) */
#if
defined
(HAVE_ALPN)
#if (HAVE_ALPN)
PyDoc_STRVAR
(
_ssl__SSLSocket_selected_alpn_protocol__doc__
,
PyDoc_STRVAR
(
_ssl__SSLSocket_selected_alpn_protocol__doc__
,
"selected_alpn_protocol($self, /)
\n
"
"selected_alpn_protocol($self, /)
\n
"
...
@@ -172,7 +172,7 @@ _ssl__SSLSocket_selected_alpn_protocol(PySSLSocket *self, PyObject *Py_UNUSED(ig
...
@@ -172,7 +172,7 @@ _ssl__SSLSocket_selected_alpn_protocol(PySSLSocket *self, PyObject *Py_UNUSED(ig
return
_ssl__SSLSocket_selected_alpn_protocol_impl
(
self
);
return
_ssl__SSLSocket_selected_alpn_protocol_impl
(
self
);
}
}
#endif
/*
defined
(HAVE_ALPN) */
#endif
/* (HAVE_ALPN) */
PyDoc_STRVAR
(
_ssl__SSLSocket_compression__doc__
,
PyDoc_STRVAR
(
_ssl__SSLSocket_compression__doc__
,
"compression($self, /)
\n
"
"compression($self, /)
\n
"
...
@@ -1175,4 +1175,4 @@ exit:
...
@@ -1175,4 +1175,4 @@ exit:
#ifndef _SSL_ENUM_CRLS_METHODDEF
#ifndef _SSL_ENUM_CRLS_METHODDEF
#define _SSL_ENUM_CRLS_METHODDEF
#define _SSL_ENUM_CRLS_METHODDEF
#endif
/* !defined(_SSL_ENUM_CRLS_METHODDEF) */
#endif
/* !defined(_SSL_ENUM_CRLS_METHODDEF) */
/*[clinic end generated code: output=
a00fef6a470cfc2
c input=a9049054013a1b77]*/
/*[clinic end generated code: output=
e2417fee28666f7
c input=a9049054013a1b77]*/
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment