diff options
author | Christian Heimes <christian@python.org> | 2020-05-15 18:55:25 (GMT) |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-05-15 18:55:25 (GMT) |
commit | c087a268a4d4ead8ef2ca21e325423818729da89 (patch) | |
tree | a1cd42a9530e9d7ac9174a2882adc9e1ead6a8e9 /Modules | |
parent | 62d618c06bd395308b7163dbcb26c7e6d0922033 (diff) | |
download | cpython-c087a268a4d4ead8ef2ca21e325423818729da89.zip cpython-c087a268a4d4ead8ef2ca21e325423818729da89.tar.gz cpython-c087a268a4d4ead8ef2ca21e325423818729da89.tar.bz2 |
bpo-40515: Require OPENSSL_THREADS (GH-19953)
The ``ssl`` and ``hashlib`` modules now actively check that OpenSSL is
build with thread support. Python 3.7.0 made thread support mandatory and no
longer works safely with a no-thread builds.
Signed-off-by: Christian Heimes <christian@python.org>
Diffstat (limited to 'Modules')
-rw-r--r-- | Modules/_hashopenssl.c | 4 | ||||
-rw-r--r-- | Modules/_ssl.c | 6 |
2 files changed, 9 insertions, 1 deletions
diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c index b7661b4..b55ac93 100644 --- a/Modules/_hashopenssl.c +++ b/Modules/_hashopenssl.c @@ -27,6 +27,10 @@ #include <openssl/crypto.h> // FIPS_mode() +#ifndef OPENSSL_THREADS +# error "OPENSSL_THREADS is not defined, Python requires thread-safe OpenSSL" +#endif + #if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) /* OpenSSL < 1.1.0 */ #define EVP_MD_CTX_new EVP_MD_CTX_create diff --git a/Modules/_ssl.c b/Modules/_ssl.c index d633a06..987a991 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -73,6 +73,10 @@ static PySocketModule_APIObject PySocketModule; # endif #endif +#ifndef OPENSSL_THREADS +# error "OPENSSL_THREADS is not defined, Python requires thread-safe OpenSSL" +#endif + /* SSL error object */ static PyObject *PySSLErrorObject; static PyObject *PySSLCertVerificationErrorObject; @@ -6005,7 +6009,7 @@ PyInit__ssl(void) if (!_setup_ssl_threads()) { return NULL; } -#elif OPENSSL_VERSION_1_1 && defined(OPENSSL_THREADS) +#elif OPENSSL_VERSION_1_1 /* OpenSSL 1.1.0 builtin thread support is enabled */ _ssl_locks_count++; #endif |