diff options
| author | Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> | 2019-12-07 17:20:27 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-12-07 17:20:27 (GMT) |
| commit | 9d3cacd5901f8fbbc4f8b78fc35abad01a0e6546 (patch) | |
| tree | 57b7830c2c797ced4e4d7163906df23dcab97f30 /Modules/_ssl.c | |
| parent | 930cef2770b641f49e69b67840daaa53b65cd0e0 (diff) | |
| download | cpython-9d3cacd5901f8fbbc4f8b78fc35abad01a0e6546.zip cpython-9d3cacd5901f8fbbc4f8b78fc35abad01a0e6546.tar.gz cpython-9d3cacd5901f8fbbc4f8b78fc35abad01a0e6546.tar.bz2 | |
[3.8] bpo-38820: OpenSSL 3.0.0 compatibility. (GH-17190) (GH-17499)
test_openssl_version now accepts version 3.0.0.
getpeercert() no longer returns IPv6 addresses with a trailing new line.
Signed-off-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue38820
(cherry picked from commit 2b7de6696bf2f924cd2cd9ff0a539c8aa37c6244)
Co-authored-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue38820
Automerge-Triggered-By: @tiran
Diffstat (limited to 'Modules/_ssl.c')
| -rw-r--r-- | Modules/_ssl.c | 49 |
1 files changed, 48 insertions, 1 deletions
diff --git a/Modules/_ssl.c b/Modules/_ssl.c index 6f1f9c8..43b236c 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -1410,6 +1410,54 @@ _get_peer_alt_names (X509 *certificate) { PyTuple_SET_ITEM(t, 1, v); break; + case GEN_IPADD: + /* OpenSSL < 3.0.0 adds a trailing \n to IPv6. 3.0.0 removed + * the trailing newline. Remove it in all versions + */ + t = PyTuple_New(2); + if (t == NULL) + goto fail; + + v = PyUnicode_FromString("IP Address"); + if (v == NULL) { + Py_DECREF(t); + goto fail; + } + PyTuple_SET_ITEM(t, 0, v); + + if (name->d.ip->length == 4) { + unsigned char *p = name->d.ip->data; + v = PyUnicode_FromFormat( + "%d.%d.%d.%d", + p[0], p[1], p[2], p[3] + ); + } else if (name->d.ip->length == 16) { + /* PyUnicode_FromFormat() does not support %X */ + unsigned char *p = name->d.ip->data; + len = sprintf( + buf, + "%X:%X:%X:%X:%X:%X:%X:%X", + p[0] << 8 | p[1], + p[2] << 8 | p[3], + p[4] << 8 | p[5], + p[6] << 8 | p[7], + p[8] << 8 | p[9], + p[10] << 8 | p[11], + p[12] << 8 | p[13], + p[14] << 8 | p[15] + ); + v = PyUnicode_FromStringAndSize(buf, len); + } else { + v = PyUnicode_FromString("<invalid>"); + } + + if (v == NULL) { + Py_DECREF(t); + goto fail; + } + PyTuple_SET_ITEM(t, 1, v); + break; + default: /* for everything else, we use the OpenSSL print form */ switch (gntype) { @@ -1417,7 +1465,6 @@ _get_peer_alt_names (X509 *certificate) { case GEN_OTHERNAME: case GEN_X400: case GEN_EDIPARTY: - case GEN_IPADD: case GEN_RID: break; default: |