summaryrefslogtreecommitdiffstats
path: root/Modules
diff options
context:
space:
mode:
authorChristian Heimes <christian@python.org>2020-05-15 18:55:25 (GMT)
committerGitHub <noreply@github.com>2020-05-15 18:55:25 (GMT)
commitc087a268a4d4ead8ef2ca21e325423818729da89 (patch)
treea1cd42a9530e9d7ac9174a2882adc9e1ead6a8e9 /Modules
parent62d618c06bd395308b7163dbcb26c7e6d0922033 (diff)
downloadcpython-c087a268a4d4ead8ef2ca21e325423818729da89.zip
cpython-c087a268a4d4ead8ef2ca21e325423818729da89.tar.gz
cpython-c087a268a4d4ead8ef2ca21e325423818729da89.tar.bz2
bpo-40515: Require OPENSSL_THREADS (GH-19953)
The ``ssl`` and ``hashlib`` modules now actively check that OpenSSL is build with thread support. Python 3.7.0 made thread support mandatory and no longer works safely with a no-thread builds. Signed-off-by: Christian Heimes <christian@python.org>
Diffstat (limited to 'Modules')
-rw-r--r--Modules/_hashopenssl.c4
-rw-r--r--Modules/_ssl.c6
2 files changed, 9 insertions, 1 deletions
diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c
index b7661b4..b55ac93 100644
--- a/Modules/_hashopenssl.c
+++ b/Modules/_hashopenssl.c
@@ -27,6 +27,10 @@
#include <openssl/crypto.h> // FIPS_mode()
+#ifndef OPENSSL_THREADS
+# error "OPENSSL_THREADS is not defined, Python requires thread-safe OpenSSL"
+#endif
+
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
/* OpenSSL < 1.1.0 */
#define EVP_MD_CTX_new EVP_MD_CTX_create
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index d633a06..987a991 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -73,6 +73,10 @@ static PySocketModule_APIObject PySocketModule;
# endif
#endif
+#ifndef OPENSSL_THREADS
+# error "OPENSSL_THREADS is not defined, Python requires thread-safe OpenSSL"
+#endif
+
/* SSL error object */
static PyObject *PySSLErrorObject;
static PyObject *PySSLCertVerificationErrorObject;
@@ -6005,7 +6009,7 @@ PyInit__ssl(void)
if (!_setup_ssl_threads()) {
return NULL;
}
-#elif OPENSSL_VERSION_1_1 && defined(OPENSSL_THREADS)
+#elif OPENSSL_VERSION_1_1
/* OpenSSL 1.1.0 builtin thread support is enabled */
_ssl_locks_count++;
#endif