diff options
| author | Christian Heimes <christian@python.org> | 2021-04-17 09:36:35 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-04-17 09:36:35 (GMT) |
| commit | 39258d3595300bc7b952854c915f63ae2d4b9c3e (patch) | |
| tree | c15a6172739d53516aa45042f22658e0af6ff992 /Modules/Setup | |
| parent | b467d9a24011992242c95d9157d3455f8a84466b (diff) | |
| download | cpython-39258d3595300bc7b952854c915f63ae2d4b9c3e.zip cpython-39258d3595300bc7b952854c915f63ae2d4b9c3e.tar.gz cpython-39258d3595300bc7b952854c915f63ae2d4b9c3e.tar.bz2 | |
bpo-43669: PEP 644: Require OpenSSL 1.1.1 or newer (GH-23014)
- Remove HAVE_X509_VERIFY_PARAM_SET1_HOST check
- Update hashopenssl to require OpenSSL 1.1.1
- multissltests only OpenSSL > 1.1.0
- ALPN is always supported
- SNI is always supported
- Remove deprecated NPN code. Python wrappers are no-op.
- ECDH is always supported
- Remove OPENSSL_VERSION_1_1 macro
- Remove locking callbacks
- Drop PY_OPENSSL_1_1_API macro
- Drop HAVE_SSL_CTX_CLEAR_OPTIONS macro
- SSL_CTRL_GET_MAX_PROTO_VERSION is always defined now
- security level is always available now
- get_num_tickets is available with TLS 1.3
- X509_V_ERR MISMATCH is always available now
- Always set SSL_MODE_RELEASE_BUFFERS
- X509_V_FLAG_TRUSTED_FIRST is always available
- get_ciphers is always supported
- SSL_CTX_set_keylog_callback is always available
- Update Modules/Setup with static link example
- Mention PEP in whatsnew
- Drop 1.0.2 and 1.1.0 from GHA tests
Diffstat (limited to 'Modules/Setup')
| -rw-r--r-- | Modules/Setup | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/Modules/Setup b/Modules/Setup index a5fbaf6..cce7858 100644 --- a/Modules/Setup +++ b/Modules/Setup @@ -207,11 +207,23 @@ _symtable symtablemodule.c #_socket socketmodule.c # Socket module helper for SSL support; you must comment out the other -# socket line above, and possibly edit the SSL variable: -#SSL=/usr/local/ssl -#_ssl _ssl.c \ -# -DUSE_SSL -I$(SSL)/include -I$(SSL)/include/openssl \ -# -L$(SSL)/lib -lssl -lcrypto +# socket line above, and edit the OPENSSL variable: +# OPENSSL=/path/to/openssl/directory +# _ssl _ssl.c \ +# -I$(OPENSSL)/include -L$(OPENSSL)/lib \ +# -lssl -lcrypto +#_hashlib _hashopenssl.c \ +# -I$(OPENSSL)/include -L$(OPENSSL)/lib \ +# -lcrypto + +# To statically link OpenSSL: +# _ssl _ssl.c \ +# -I$(OPENSSL)/include -L$(OPENSSL)/lib \ +# -l:libssl.a -Wl,--exclude-libs,libssl.a \ +# -l:libcrypto.a -Wl,--exclude-libs,libcrypto.a +#_hashlib _hashopenssl.c \ +# -I$(OPENSSL)/include -L$(OPENSSL)/lib \ +# -l:libcrypto.a -Wl,--exclude-libs,libcrypto.a # The crypt module is now disabled by default because it breaks builds # on many systems (where -lcrypt is needed), e.g. Linux (I believe). |