diff options
author | Christian Heimes <christian@python.org> | 2019-12-07 16:59:36 (GMT) |
---|---|---|
committer | Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> | 2019-12-07 16:59:36 (GMT) |
commit | 2b7de6696bf2f924cd2cd9ff0a539c8aa37c6244 (patch) | |
tree | 2d75513a7ef6a4927bed64072ac603f0c54e9ad4 /Modules | |
parent | 15fb7fa88187f5841088721a43609bffe64a8dc7 (diff) | |
download | cpython-2b7de6696bf2f924cd2cd9ff0a539c8aa37c6244.zip cpython-2b7de6696bf2f924cd2cd9ff0a539c8aa37c6244.tar.gz cpython-2b7de6696bf2f924cd2cd9ff0a539c8aa37c6244.tar.bz2 |
bpo-38820: OpenSSL 3.0.0 compatibility. (GH-17190)
test_openssl_version now accepts version 3.0.0.
getpeercert() no longer returns IPv6 addresses with a trailing new line.
Signed-off-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue38820
Diffstat (limited to 'Modules')
-rw-r--r-- | Modules/_ssl.c | 49 |
1 files changed, 48 insertions, 1 deletions
diff --git a/Modules/_ssl.c b/Modules/_ssl.c index 6f1f9c8..43b236c 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -1410,6 +1410,54 @@ _get_peer_alt_names (X509 *certificate) { PyTuple_SET_ITEM(t, 1, v); break; + case GEN_IPADD: + /* OpenSSL < 3.0.0 adds a trailing \n to IPv6. 3.0.0 removed + * the trailing newline. Remove it in all versions + */ + t = PyTuple_New(2); + if (t == NULL) + goto fail; + + v = PyUnicode_FromString("IP Address"); + if (v == NULL) { + Py_DECREF(t); + goto fail; + } + PyTuple_SET_ITEM(t, 0, v); + + if (name->d.ip->length == 4) { + unsigned char *p = name->d.ip->data; + v = PyUnicode_FromFormat( + "%d.%d.%d.%d", + p[0], p[1], p[2], p[3] + ); + } else if (name->d.ip->length == 16) { + /* PyUnicode_FromFormat() does not support %X */ + unsigned char *p = name->d.ip->data; + len = sprintf( + buf, + "%X:%X:%X:%X:%X:%X:%X:%X", + p[0] << 8 | p[1], + p[2] << 8 | p[3], + p[4] << 8 | p[5], + p[6] << 8 | p[7], + p[8] << 8 | p[9], + p[10] << 8 | p[11], + p[12] << 8 | p[13], + p[14] << 8 | p[15] + ); + v = PyUnicode_FromStringAndSize(buf, len); + } else { + v = PyUnicode_FromString("<invalid>"); + } + + if (v == NULL) { + Py_DECREF(t); + goto fail; + } + PyTuple_SET_ITEM(t, 1, v); + break; + default: /* for everything else, we use the OpenSSL print form */ switch (gntype) { @@ -1417,7 +1465,6 @@ _get_peer_alt_names (X509 *certificate) { case GEN_OTHERNAME: case GEN_X400: case GEN_EDIPARTY: - case GEN_IPADD: case GEN_RID: break; default: |