Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
C
cpython
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
cpython
Commits
3b1a8b3b
Commit
3b1a8b3b
authored
Jan 07, 2016
by
Benjamin Peterson
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
enable SSL_MODE_RELEASE_BUFFERS
Patch by Cory Benfield.
parent
03abf6dd
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
20 additions
and
0 deletions
+20
-0
Misc/NEWS
Misc/NEWS
+3
-0
Modules/_ssl.c
Modules/_ssl.c
+17
-0
No files found.
Misc/NEWS
View file @
3b1a8b3b
...
@@ -41,6 +41,9 @@ Core and Builtins
...
@@ -41,6 +41,9 @@ Core and Builtins
Library
Library
-------
-------
- Issue #25672: In the ssl module, enable the SSL_MODE_RELEASE_BUFFERS mode
option if it is safe to do so.
- Issue #22570: Add '
path
' attribute to pathlib.Path objects,
- Issue #22570: Add '
path
' attribute to pathlib.Path objects,
returning the same as str(), to make it more similar to DirEntry.
returning the same as str(), to make it more similar to DirEntry.
Library code can now write getattr(p, '
path
', p) to get the path as
Library code can now write getattr(p, '
path
', p) to get the path as
...
...
Modules/_ssl.c
View file @
3b1a8b3b
...
@@ -2219,6 +2219,7 @@ _ssl__SSLContext_impl(PyTypeObject *type, int proto_version)
...
@@ -2219,6 +2219,7 @@ _ssl__SSLContext_impl(PyTypeObject *type, int proto_version)
PySSLContext
*
self
;
PySSLContext
*
self
;
long
options
;
long
options
;
SSL_CTX
*
ctx
=
NULL
;
SSL_CTX
*
ctx
=
NULL
;
unsigned
long
libver
;
PySSL_BEGIN_ALLOW_THREADS
PySSL_BEGIN_ALLOW_THREADS
if
(
proto_version
==
PY_SSL_VERSION_TLS1
)
if
(
proto_version
==
PY_SSL_VERSION_TLS1
)
...
@@ -2281,6 +2282,22 @@ _ssl__SSLContext_impl(PyTypeObject *type, int proto_version)
...
@@ -2281,6 +2282,22 @@ _ssl__SSLContext_impl(PyTypeObject *type, int proto_version)
options
|=
SSL_OP_NO_SSLv3
;
options
|=
SSL_OP_NO_SSLv3
;
SSL_CTX_set_options
(
self
->
ctx
,
options
);
SSL_CTX_set_options
(
self
->
ctx
,
options
);
#if defined(SSL_MODE_RELEASE_BUFFERS)
/* Set SSL_MODE_RELEASE_BUFFERS. This potentially greatly reduces memory
usage for no cost at all. However, don't do this for OpenSSL versions
between 1.0.1 and 1.0.1h or 1.0.0 and 1.0.0m, which are affected by CVE
2014-0198. I can't find exactly which beta fixed this CVE, so be
conservative and assume it wasn't fixed until release. We do this check
at runtime to avoid problems from the dynamic linker.
See #25672 for more on this. */
libver
=
SSLeay
();
if
(
!
(
libver
>=
0x10001000UL
&&
libver
<
0x1000108fUL
)
&&
!
(
libver
>=
0x10000000UL
&&
libver
<
0x100000dfUL
))
{
SSL_CTX_set_mode
(
self
->
ctx
,
SSL_MODE_RELEASE_BUFFERS
);
}
#endif
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_ECDH
/* Allow automatic ECDH curve selection (on OpenSSL 1.0.2+), or use
/* Allow automatic ECDH curve selection (on OpenSSL 1.0.2+), or use
prime256v1 by default. This is Apache mod_ssl's initialization
prime256v1 by default. This is Apache mod_ssl's initialization
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment