Issue #12440: When testing whether some bits in SSLContext.options can be

reset, check the version of the OpenSSL headers Python was compiled against, rather than the runtime version of the OpenSSL library.

Issue #12440: When testing whether some bits in SSLContext.options can be
reset, check the version of the OpenSSL headers Python was compiled against, rather than the runtime version of the OpenSSL library.
7128f95b · Antoine Pitrou · 4468e55d · b9ac25d1 · 7128f95b · 7128f95b
Commit 7128f95b authored Jul 08, 2011 by Antoine Pitrou
Hide whitespace changes
Inline Side-by-side

Showing with 32 additions and 10 deletions

Lib/ssl.py Lib/ssl.py +2 -0

Lib/test/test_ssl.py Lib/test/test_ssl.py +1 -1

Misc/NEWS Misc/NEWS +4 -0

Modules/_ssl.c Modules/_ssl.c +25 -9

No files found.
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@ -78,6 +78,8 @@ from _ssl import (
 from _ssl import HAS_SNI
 from _ssl import (PROTOCOL_SSLv3, PROTOCOL_SSLv23,
                  PROTOCOL_TLSv1)
+from _ssl import _OPENSSL_API_VERSION
+
 _PROTOCOL_NAMES = {
    PROTOCOL_TLSv1: "TLSv1",
    PROTOCOL_SSLv23: "SSLv23",

--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -60,7 +60,7 @@ def handle_error(prefix):

 def can_clear_options():
    # 0.9.8m or higher
-    return ssl.OPENSSL_VERSION_INFO >= (0, 9, 8, 13, 15)
+    return ssl._OPENSSL_API_VERSION >= (0, 9, 8, 13, 15)

 def no_sslv2_implies_sslv3_hello():
    # 0.9.7h or higher

--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -1004,6 +1004,10 @@ Extension Modules
 Tests
 -----

+- Issue #12440: When testing whether some bits in SSLContext.options can be
+  reset, check the version of the OpenSSL headers Python was compiled against,
+  rather than the runtime version of the OpenSSL library.
+
 - Issue #11512: Add a test suite for the cgitb module. Patch by Robbie Clemons.

 - Issue #12497: Install test/data to prevent failures of the various codecmaps

--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -2101,6 +2101,24 @@ static struct PyModuleDef _sslmodule = {
    NULL
 };

+
+static void
+parse_openssl_version(unsigned long libver,
+                      unsigned int *major, unsigned int *minor,
+                      unsigned int *fix, unsigned int *patch,
+                      unsigned int *status)
+{
+    *status = libver & 0xF;
+    libver >>= 4;
+    *patch = libver & 0xFF;
+    libver >>= 8;
+    *fix = libver & 0xFF;
+    libver >>= 8;
+    *minor = libver & 0xFF;
+    libver >>= 8;
+    *major = libver & 0xFF;
+}
+
 PyMODINIT_FUNC
 PyInit__ssl(void)
 {
@@ -2213,15 +2231,7 @@ PyInit__ssl(void)
        return NULL;
    if (PyModule_AddObject(m, "OPENSSL_VERSION_NUMBER", r))
        return NULL;
-    status = libver & 0xF;
-    libver >>= 4;
-    patch = libver & 0xFF;
-    libver >>= 8;
-    fix = libver & 0xFF;
-    libver >>= 8;
-    minor = libver & 0xFF;
-    libver >>= 8;
-    major = libver & 0xFF;
+    parse_openssl_version(libver, &major, &minor, &fix, &patch, &status);
    r = Py_BuildValue("IIIII", major, minor, fix, patch, status);
    if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION_INFO", r))
        return NULL;
@@ -2229,5 +2239,11 @@ PyInit__ssl(void)
    if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION", r))
        return NULL;

+    libver = OPENSSL_VERSION_NUMBER;
+    parse_openssl_version(libver, &major, &minor, &fix, &patch, &status);
+    r = Py_BuildValue("IIIII", major, minor, fix, patch, status);
+    if (r == NULL || PyModule_AddObject(m, "_OPENSSL_API_VERSION", r))
+        return NULL;
+
    return m;
 }