diff options
| author | Christian Heimes <christian@python.org> | 2021-04-17 09:36:35 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-04-17 09:36:35 (GMT) |
| commit | 39258d3595300bc7b952854c915f63ae2d4b9c3e (patch) | |
| tree | c15a6172739d53516aa45042f22658e0af6ff992 /configure.ac | |
| parent | b467d9a24011992242c95d9157d3455f8a84466b (diff) | |
| download | cpython-39258d3595300bc7b952854c915f63ae2d4b9c3e.zip cpython-39258d3595300bc7b952854c915f63ae2d4b9c3e.tar.gz cpython-39258d3595300bc7b952854c915f63ae2d4b9c3e.tar.bz2 | |
bpo-43669: PEP 644: Require OpenSSL 1.1.1 or newer (GH-23014)
- Remove HAVE_X509_VERIFY_PARAM_SET1_HOST check
- Update hashopenssl to require OpenSSL 1.1.1
- multissltests only OpenSSL > 1.1.0
- ALPN is always supported
- SNI is always supported
- Remove deprecated NPN code. Python wrappers are no-op.
- ECDH is always supported
- Remove OPENSSL_VERSION_1_1 macro
- Remove locking callbacks
- Drop PY_OPENSSL_1_1_API macro
- Drop HAVE_SSL_CTX_CLEAR_OPTIONS macro
- SSL_CTRL_GET_MAX_PROTO_VERSION is always defined now
- security level is always available now
- get_num_tickets is available with TLS 1.3
- X509_V_ERR MISMATCH is always available now
- Always set SSL_MODE_RELEASE_BUFFERS
- X509_V_FLAG_TRUSTED_FIRST is always available
- get_ciphers is always supported
- SSL_CTX_set_keylog_callback is always available
- Update Modules/Setup with static link example
- Mention PEP in whatsnew
- Drop 1.0.2 and 1.1.0 from GHA tests
Diffstat (limited to 'configure.ac')
| -rw-r--r-- | configure.ac | 36 |
1 files changed, 0 insertions, 36 deletions
diff --git a/configure.ac b/configure.ac index 8b3ab1e..3df9bd0 100644 --- a/configure.ac +++ b/configure.ac @@ -5781,42 +5781,6 @@ ac_includes_default="$save_includes_default" # Check for usable OpenSSL AX_CHECK_OPENSSL([have_openssl=yes],[have_openssl=no]) -if test "$have_openssl" = yes; then - AC_MSG_CHECKING([for X509_VERIFY_PARAM_set1_host in libssl]) - - save_LIBS="$LIBS" - save_LDFLAGS="$LDFLAGS" - save_CPPFLAGS="$CPPFLAGS" - LDFLAGS="$LDFLAGS $OPENSSL_LDFLAGS" - LIBS="$OPENSSL_LIBS $LIBS" - CPPFLAGS="$OPENSSL_INCLUDES $CPPFLAGS" - - AC_LINK_IFELSE([AC_LANG_PROGRAM([ - [#include <openssl/x509_vfy.h>] - ], [ - [X509_VERIFY_PARAM *p = X509_VERIFY_PARAM_new();] - [X509_VERIFY_PARAM_set1_host(p, "localhost", 0);] - [X509_VERIFY_PARAM_set1_ip_asc(p, "127.0.0.1");] - [X509_VERIFY_PARAM_set_hostflags(p, 0);] - ]) - ], - [ - ac_cv_has_x509_verify_param_set1_host=yes - ], - [ - ac_cv_has_x509_verify_param_set1_host=no - ]) - AC_MSG_RESULT($ac_cv_has_x509_verify_param_set1_host) - if test "$ac_cv_has_x509_verify_param_set1_host" = "yes"; then - AC_DEFINE(HAVE_X509_VERIFY_PARAM_SET1_HOST, 1, - [Define if libssl has X509_VERIFY_PARAM_set1_host and related function]) - fi - - CPPFLAGS="$save_CPPFLAGS" - LDFLAGS="$save_LDFLAGS" - LIBS="$save_LIBS" -fi - # rpath to libssl and libcrypto AC_MSG_CHECKING(for --with-openssl-rpath) AC_ARG_WITH(openssl-rpath, |