summaryrefslogtreecommitdiffstats
path: root/Modules
diff options
context:
space:
mode:
authorChristian Heimes <christian@python.org>2019-12-07 16:59:36 (GMT)
committerMiss Islington (bot) <31488909+miss-islington@users.noreply.github.com>2019-12-07 16:59:36 (GMT)
commit2b7de6696bf2f924cd2cd9ff0a539c8aa37c6244 (patch)
tree2d75513a7ef6a4927bed64072ac603f0c54e9ad4 /Modules
parent15fb7fa88187f5841088721a43609bffe64a8dc7 (diff)
downloadcpython-2b7de6696bf2f924cd2cd9ff0a539c8aa37c6244.zip
cpython-2b7de6696bf2f924cd2cd9ff0a539c8aa37c6244.tar.gz
cpython-2b7de6696bf2f924cd2cd9ff0a539c8aa37c6244.tar.bz2
bpo-38820: OpenSSL 3.0.0 compatibility. (GH-17190)
test_openssl_version now accepts version 3.0.0. getpeercert() no longer returns IPv6 addresses with a trailing new line. Signed-off-by: Christian Heimes <christian@python.org> https://bugs.python.org/issue38820
Diffstat (limited to 'Modules')
-rw-r--r--Modules/_ssl.c49
1 files changed, 48 insertions, 1 deletions
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 6f1f9c8..43b236c 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -1410,6 +1410,54 @@ _get_peer_alt_names (X509 *certificate) {
PyTuple_SET_ITEM(t, 1, v);
break;
+ case GEN_IPADD:
+ /* OpenSSL < 3.0.0 adds a trailing \n to IPv6. 3.0.0 removed
+ * the trailing newline. Remove it in all versions
+ */
+ t = PyTuple_New(2);
+ if (t == NULL)
+ goto fail;
+
+ v = PyUnicode_FromString("IP Address");
+ if (v == NULL) {
+ Py_DECREF(t);
+ goto fail;
+ }
+ PyTuple_SET_ITEM(t, 0, v);
+
+ if (name->d.ip->length == 4) {
+ unsigned char *p = name->d.ip->data;
+ v = PyUnicode_FromFormat(
+ "%d.%d.%d.%d",
+ p[0], p[1], p[2], p[3]
+ );
+ } else if (name->d.ip->length == 16) {
+ /* PyUnicode_FromFormat() does not support %X */
+ unsigned char *p = name->d.ip->data;
+ len = sprintf(
+ buf,
+ "%X:%X:%X:%X:%X:%X:%X:%X",
+ p[0] << 8 | p[1],
+ p[2] << 8 | p[3],
+ p[4] << 8 | p[5],
+ p[6] << 8 | p[7],
+ p[8] << 8 | p[9],
+ p[10] << 8 | p[11],
+ p[12] << 8 | p[13],
+ p[14] << 8 | p[15]
+ );
+ v = PyUnicode_FromStringAndSize(buf, len);
+ } else {
+ v = PyUnicode_FromString("<invalid>");
+ }
+
+ if (v == NULL) {
+ Py_DECREF(t);
+ goto fail;
+ }
+ PyTuple_SET_ITEM(t, 1, v);
+ break;
+
default:
/* for everything else, we use the OpenSSL print form */
switch (gntype) {
@@ -1417,7 +1465,6 @@ _get_peer_alt_names (X509 *certificate) {
case GEN_OTHERNAME:
case GEN_X400:
case GEN_EDIPARTY:
- case GEN_IPADD:
case GEN_RID:
break;
default: