#endif
/* ALPN added in OpenSSL 1.0.2 */
-#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(OPENSSL_NO_TLSEXT)
-# define HAVE_ALPN
+#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
+# define HAVE_ALPN 1
+#else
+# define HAVE_ALPN 0
#endif
/* We cannot rely on OPENSSL_NO_NEXTPROTONEG because LibreSSL 2.6.1 dropped
* NPN support but did not set OPENSSL_NO_NEXTPROTONEG for compatibility
* reasons. The check for TLSEXT_TYPE_next_proto_neg works with
* OpenSSL 1.0.1+ and LibreSSL.
+ * OpenSSL 1.1.1-pre1 dropped NPN but still has TLSEXT_TYPE_next_proto_neg.
*/
#ifdef OPENSSL_NO_NEXTPROTONEG
-# define HAVE_NPN 0
+# define HAVE_NPN 0
+#elif (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(LIBRESSL_VERSION_NUMBER)
+# define HAVE_NPN 0
#elif defined(TLSEXT_TYPE_next_proto_neg)
-# define HAVE_NPN 1
+# define HAVE_NPN 1
#else
-# define HAVE_NPN 0
-# endif
+# define HAVE_NPN 0
+#endif
#ifndef INVALID_SOCKET /* MS defines this */
#define INVALID_SOCKET (-1)
typedef struct {
PyObject_HEAD
SSL_CTX *ctx;
-#ifdef HAVE_NPN
+#if HAVE_NPN
unsigned char *npn_protocols;
int npn_protocols_len;
#endif
-#ifdef HAVE_ALPN
+#if HAVE_ALPN
unsigned char *alpn_protocols;
int alpn_protocols_len;
#endif
}
#endif
-#ifdef HAVE_ALPN
+#if HAVE_ALPN
static PyObject *PySSL_selected_alpn_protocol(PySSLSocket *self) {
const unsigned char *out;
unsigned int outlen;
#ifdef OPENSSL_NPN_NEGOTIATED
{"selected_npn_protocol", (PyCFunction)PySSL_selected_npn_protocol, METH_NOARGS},
#endif
-#ifdef HAVE_ALPN
+#if HAVE_ALPN
{"selected_alpn_protocol", (PyCFunction)PySSL_selected_alpn_protocol, METH_NOARGS},
#endif
{"compression", (PyCFunction)PySSL_compression, METH_NOARGS},
return NULL;
}
self->ctx = ctx;
-#ifdef HAVE_NPN
+#if HAVE_NPN
self->npn_protocols = NULL;
#endif
-#ifdef HAVE_ALPN
+#if HAVE_ALPN
self->alpn_protocols = NULL;
#endif
#ifndef OPENSSL_NO_TLSEXT
PyObject_GC_UnTrack(self);
context_clear(self);
SSL_CTX_free(self->ctx);
-#ifdef HAVE_NPN
+#if HAVE_NPN
PyMem_FREE(self->npn_protocols);
#endif
-#ifdef HAVE_ALPN
+#if HAVE_ALPN
PyMem_FREE(self->alpn_protocols);
#endif
Py_TYPE(self)->tp_free(self);
Py_RETURN_NONE;
}
-#if defined(HAVE_NPN) || defined(HAVE_ALPN)
+#if HAVE_NPN || HAVE_ALPN
static int
do_protocol_selection(int alpn, unsigned char **out, unsigned char *outlen,
const unsigned char *server_protocols, unsigned int server_protocols_len,
}
#endif
-#ifdef HAVE_NPN
+#if HAVE_NPN
/* this callback gets passed to SSL_CTX_set_next_protos_advertise_cb */
static int
_advertiseNPN_cb(SSL *s,
static PyObject *
_set_npn_protocols(PySSLContext *self, PyObject *args)
{
-#ifdef HAVE_NPN
+#if HAVE_NPN
Py_buffer protos;
if (!PyArg_ParseTuple(args, "s*:set_npn_protocols", &protos))
#endif
}
-#ifdef HAVE_ALPN
+#if HAVE_ALPN
static int
_selectALPN_cb(SSL *s,
const unsigned char **out, unsigned char *outlen,
static PyObject *
_set_alpn_protocols(PySSLContext *self, PyObject *args)
{
-#ifdef HAVE_ALPN
+#if HAVE_ALPN
Py_buffer protos;
if (!PyArg_ParseTuple(args, "s*:set_npn_protocols", &protos))
Py_INCREF(r);
PyModule_AddObject(m, "HAS_ECDH", r);
-#ifdef HAVE_NPN
+#if HAVE_NPN
r = Py_True;
#else
r = Py_False;
Py_INCREF(r);
PyModule_AddObject(m, "HAS_NPN", r);
-#ifdef HAVE_ALPN
+#if HAVE_ALPN
r = Py_True;
#else
r = Py_False;
projects / python / commitdiff