diff options
| author | Christian Heimes <christian@python.org> | 2021-04-17 09:35:24 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-04-17 09:35:24 (GMT) |
| commit | cdf02879790b8e52456df6e9d58fb8c0842fc359 (patch) | |
| tree | c4b28a8979106bbf8a5d3eaa39ff96720c97b3c1 /Modules/_ssl.c | |
| parent | e1903e11a3d42512effe336026e0c67f602e5848 (diff) | |
| download | cpython-cdf02879790b8e52456df6e9d58fb8c0842fc359.zip cpython-cdf02879790b8e52456df6e9d58fb8c0842fc359.tar.gz cpython-cdf02879790b8e52456df6e9d58fb8c0842fc359.tar.bz2 | |
[3.9] bpo-43522: Fix SSLContext.hostname_checks_common_name (GH-24899) (GH-25451)
Fix problem with ssl.SSLContext.hostname_checks_common_name. OpenSSL does not
copy hostflags from *struct SSL_CTX* to *struct SSL*.
Signed-off-by: Christian Heimes <christian@python.org>.
(cherry picked from commit b467d9a24011992242c95d9157d3455f8a84466b)
Co-authored-by: Christian Heimes <christian@python.org>
Diffstat (limited to 'Modules/_ssl.c')
| -rw-r--r-- | Modules/_ssl.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/Modules/_ssl.c b/Modules/_ssl.c index 4c63dac..3f14590 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -965,6 +965,11 @@ newPySSLSocket(PySSLContext *sslctx, PySocketSockObject *sock, _setSSLError(NULL, 0, __FILE__, __LINE__); return NULL; } + /* bpo43522 and OpenSSL < 1.1.1l: copy hostflags manually */ +#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION < 0x101010cf + X509_VERIFY_PARAM *ssl_params = SSL_get0_param(self->ssl); + X509_VERIFY_PARAM_set_hostflags(ssl_params, sslctx->hostflags); +#endif SSL_set_app_data(self->ssl, self); if (sock) { SSL_set_fd(self->ssl, Py_SAFE_DOWNCAST(sock->sock_fd, SOCKET_T, int)); |