[3.5] bpo-33127: Compatibility patch for LibreSSL 2.7.0 (GH-6210) (#10994)

author Alex Viscreanu <alexviscreanu@gmail.com>

Fri, 1 Mar 2019 07:36:00 +0000 (08:36 +0100)

committer larryhastings <larry@hastings.org>

Fri, 1 Mar 2019 07:36:00 +0000 (23:36 -0800)
author Alex Viscreanu <alexviscreanu@gmail.com>
Fri, 1 Mar 2019 07:36:00 +0000 (08:36 +0100)
committer larryhastings <larry@hastings.org>
Fri, 1 Mar 2019 07:36:00 +0000 (23:36 -0800)
diff --git a/Misc/NEWS.d/next/Library/2018-03-24-15-08-24.bpo-33127.olJmHv.rst b/Misc/NEWS.d/next/Library/2018-03-24-15-08-24.bpo-33127.olJmHv.rst

new file mode 100644 (file)

index 0000000..635aabb
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2018-03-24-15-08-24.bpo-33127.olJmHv.rst
@@ -0,0 +1 @@
+The ssl module now compiles with LibreSSL 2.7.1.
diff --git a/Modules/_ssl.c b/Modules/_ssl.c

index f721391d9db9303bd589d33eb973b6f505dd0985..b9369b817df3fa6e991e3d119ee8cb12a1ca29ca 100644 (file)
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -101,6 +101,12 @@ struct py_ssl_library_code {
  
  #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)
  #  define OPENSSL_VERSION_1_1 1
+#  define PY_OPENSSL_1_1_API 1
+#endif
+
+/* LibreSSL 2.7.0 provides necessary OpenSSL 1.1.0 APIs */
+#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x2070000fL
+#  define PY_OPENSSL_1_1_API 1
  #endif
  
  /* Openssl comes with TLSv1.1 and TLSv1.2 between 1.0.0h and 1.0.1
@@ -129,16 +135,18 @@ struct py_ssl_library_code {
  #define INVALID_SOCKET (-1)
  #endif
  
-#ifdef OPENSSL_VERSION_1_1
-/* OpenSSL 1.1.0+ */
-#ifndef OPENSSL_NO_SSL2
-#define OPENSSL_NO_SSL2
-#endif
-#else /* OpenSSL < 1.1.0 */
-#if defined(WITH_THREAD)
+/* OpenSSL 1.0.2 and LibreSSL needs extra code for locking */
+#ifndef OPENSSL_VERSION_1_1
  #define HAVE_OPENSSL_CRYPTO_LOCK
  #endif
  
+#if defined(OPENSSL_VERSION_1_1) && !defined(OPENSSL_NO_SSL2)
+#define OPENSSL_NO_SSL2
+#endif
+
+#ifndef PY_OPENSSL_1_1_API
+/* OpenSSL 1.1 API shims for OpenSSL < 1.1.0 and LibreSSL < 2.7.0 */
+
  #define TLS_method SSLv23_method
  
  static int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne)
@@ -187,7 +195,8 @@ static X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *store)
  {
      return store->param;
  }
-#endif /* OpenSSL < 1.1.0 or LibreSSL */
+
+#endif /* OpenSSL < 1.1.0 or LibreSSL < 2.7.0 */
  
  
  enum py_ssl_error {
author	Alex Viscreanu <alexviscreanu@gmail.com>
	Fri, 1 Mar 2019 07:36:00 +0000 (08:36 +0100)
committer	larryhastings <larry@hastings.org>
	Fri, 1 Mar 2019 07:36:00 +0000 (23:36 -0800)
Misc/NEWS.d/next/Library/2018-03-24-15-08-24.bpo-33127.olJmHv.rst	[new file with mode: 0644]	patch \| blob
Modules/_ssl.c		patch \| blob \| history