diff options
| author | Christian Heimes <christian@python.org> | 2021-04-09 15:59:21 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-04-09 15:59:21 (GMT) |
| commit | 6f37ebc61e9e0d13bcb1a2ddb7fc9723c04b6372 (patch) | |
| tree | 9628d3fbacd52f426f15aa90150542d1acd7cb9b /Modules | |
| parent | 507a574de31a1bd7fed8ba4f04afa285d985109b (diff) | |
| download | cpython-6f37ebc61e9e0d13bcb1a2ddb7fc9723c04b6372.zip cpython-6f37ebc61e9e0d13bcb1a2ddb7fc9723c04b6372.tar.gz cpython-6f37ebc61e9e0d13bcb1a2ddb7fc9723c04b6372.tar.bz2 | |
bpo-43794: OpenSSL 3.0.0: set OP_IGNORE_UNEXPECTED_EOF by default (GH-25309)
Signed-off-by: Christian Heimes <christian@python.org>
Diffstat (limited to 'Modules')
| -rw-r--r-- | Modules/_ssl.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/Modules/_ssl.c b/Modules/_ssl.c index 3ee61e3..c08665b 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -3203,6 +3203,10 @@ _ssl__SSLContext_impl(PyTypeObject *type, int proto_version) #ifdef SSL_OP_SINGLE_ECDH_USE options |= SSL_OP_SINGLE_ECDH_USE; #endif +#ifdef SSL_OP_IGNORE_UNEXPECTED_EOF + /* Make OpenSSL 3.0.0 behave like 1.1.1 */ + options |= SSL_OP_IGNORE_UNEXPECTED_EOF; +#endif SSL_CTX_set_options(self->ctx, options); /* A bare minimum cipher list without completely broken cipher suites. @@ -6313,6 +6317,10 @@ sslmodule_init_constants(PyObject *m) PyModule_AddIntConstant(m, "OP_NO_RENEGOTIATION", SSL_OP_NO_RENEGOTIATION); #endif +#ifdef SSL_OP_IGNORE_UNEXPECTED_EOF + PyModule_AddIntConstant(m, "OP_IGNORE_UNEXPECTED_EOF", + SSL_OP_IGNORE_UNEXPECTED_EOF); +#endif #ifdef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT PyModule_AddIntConstant(m, "HOSTFLAG_ALWAYS_CHECK_SUBJECT", |