diff options
-rw-r--r-- | Modules/_ssl.c | 45 | ||||
-rw-r--r-- | Modules/clinic/_ssl.c.h | 10 |
2 files changed, 30 insertions, 25 deletions
diff --git a/Modules/_ssl.c b/Modules/_ssl.c index ed6b7a8..52695fe 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -157,21 +157,26 @@ static void _PySSLFixErrno(void) { #endif #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation -# define HAVE_ALPN +# define HAVE_ALPN 1 +#else +# define HAVE_ALPN 0 #endif /* We cannot rely on OPENSSL_NO_NEXTPROTONEG because LibreSSL 2.6.1 dropped * NPN support but did not set OPENSSL_NO_NEXTPROTONEG for compatibility * reasons. The check for TLSEXT_TYPE_next_proto_neg works with * OpenSSL 1.0.1+ and LibreSSL. + * OpenSSL 1.1.1-pre1 dropped NPN but still has TLSEXT_TYPE_next_proto_neg. */ #ifdef OPENSSL_NO_NEXTPROTONEG -# define HAVE_NPN 0 +# define HAVE_NPN 0 +#elif (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(LIBRESSL_VERSION_NUMBER) +# define HAVE_NPN 0 #elif defined(TLSEXT_TYPE_next_proto_neg) -# define HAVE_NPN 1 +# define HAVE_NPN 1 #else -# define HAVE_NPN 0 -# endif +# define HAVE_NPN 0 +#endif #ifndef INVALID_SOCKET /* MS defines this */ #define INVALID_SOCKET (-1) @@ -341,11 +346,11 @@ static unsigned int _ssl_locks_count = 0; typedef struct { PyObject_HEAD SSL_CTX *ctx; -#ifdef HAVE_NPN +#if HAVE_NPN unsigned char *npn_protocols; int npn_protocols_len; #endif -#ifdef HAVE_ALPN +#if HAVE_ALPN unsigned char *alpn_protocols; unsigned int alpn_protocols_len; #endif @@ -1922,7 +1927,7 @@ _ssl__SSLSocket_version_impl(PySSLSocket *self) return PyUnicode_FromString(version); } -#ifdef HAVE_NPN +#if HAVE_NPN /*[clinic input] _ssl._SSLSocket.selected_npn_protocol [clinic start generated code]*/ @@ -1943,7 +1948,7 @@ _ssl__SSLSocket_selected_npn_protocol_impl(PySSLSocket *self) } #endif -#ifdef HAVE_ALPN +#if HAVE_ALPN /*[clinic input] _ssl._SSLSocket.selected_alpn_protocol [clinic start generated code]*/ @@ -2887,10 +2892,10 @@ _ssl__SSLContext_impl(PyTypeObject *type, int proto_version) self->ctx = ctx; self->hostflags = X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS; self->protocol = proto_version; -#ifdef HAVE_NPN +#if HAVE_NPN self->npn_protocols = NULL; #endif -#ifdef HAVE_ALPN +#if HAVE_ALPN self->alpn_protocols = NULL; #endif #ifndef OPENSSL_NO_TLSEXT @@ -3026,10 +3031,10 @@ context_dealloc(PySSLContext *self) PyObject_GC_UnTrack(self); context_clear(self); SSL_CTX_free(self->ctx); -#ifdef HAVE_NPN +#if HAVE_NPN PyMem_FREE(self->npn_protocols); #endif -#ifdef HAVE_ALPN +#if HAVE_ALPN PyMem_FREE(self->alpn_protocols); #endif Py_TYPE(self)->tp_free(self); @@ -3104,7 +3109,7 @@ _ssl__SSLContext_get_ciphers_impl(PySSLContext *self) #endif -#if defined(HAVE_NPN) || defined(HAVE_ALPN) +#if HAVE_NPN || HAVE_ALPN static int do_protocol_selection(int alpn, unsigned char **out, unsigned char *outlen, const unsigned char *server_protocols, unsigned int server_protocols_len, @@ -3130,7 +3135,7 @@ do_protocol_selection(int alpn, unsigned char **out, unsigned char *outlen, } #endif -#ifdef HAVE_NPN +#if HAVE_NPN /* this callback gets passed to SSL_CTX_set_next_protos_advertise_cb */ static int _advertiseNPN_cb(SSL *s, @@ -3173,7 +3178,7 @@ _ssl__SSLContext__set_npn_protocols_impl(PySSLContext *self, Py_buffer *protos) /*[clinic end generated code: output=72b002c3324390c6 input=319fcb66abf95bd7]*/ { -#ifdef HAVE_NPN +#if HAVE_NPN PyMem_Free(self->npn_protocols); self->npn_protocols = PyMem_Malloc(protos->len); if (self->npn_protocols == NULL) @@ -3198,7 +3203,7 @@ _ssl__SSLContext__set_npn_protocols_impl(PySSLContext *self, #endif } -#ifdef HAVE_ALPN +#if HAVE_ALPN static int _selectALPN_cb(SSL *s, const unsigned char **out, unsigned char *outlen, @@ -3223,7 +3228,7 @@ _ssl__SSLContext__set_alpn_protocols_impl(PySSLContext *self, Py_buffer *protos) /*[clinic end generated code: output=87599a7f76651a9b input=9bba964595d519be]*/ { -#ifdef HAVE_ALPN +#if HAVE_ALPN if ((size_t)protos->len > UINT_MAX) { PyErr_Format(PyExc_OverflowError, "protocols longer than %d bytes", UINT_MAX); @@ -5718,7 +5723,7 @@ PyInit__ssl(void) Py_INCREF(r); PyModule_AddObject(m, "HAS_ECDH", r); -#ifdef HAVE_NPN +#if HAVE_NPN r = Py_True; #else r = Py_False; @@ -5726,7 +5731,7 @@ PyInit__ssl(void) Py_INCREF(r); PyModule_AddObject(m, "HAS_NPN", r); -#ifdef HAVE_ALPN +#if HAVE_ALPN r = Py_True; #else r = Py_False; diff --git a/Modules/clinic/_ssl.c.h b/Modules/clinic/_ssl.c.h index 1ee1bfb..5ba34ec 100644 --- a/Modules/clinic/_ssl.c.h +++ b/Modules/clinic/_ssl.c.h @@ -132,7 +132,7 @@ _ssl__SSLSocket_version(PySSLSocket *self, PyObject *Py_UNUSED(ignored)) return _ssl__SSLSocket_version_impl(self); } -#if defined(HAVE_NPN) +#if (HAVE_NPN) PyDoc_STRVAR(_ssl__SSLSocket_selected_npn_protocol__doc__, "selected_npn_protocol($self, /)\n" @@ -151,9 +151,9 @@ _ssl__SSLSocket_selected_npn_protocol(PySSLSocket *self, PyObject *Py_UNUSED(ign return _ssl__SSLSocket_selected_npn_protocol_impl(self); } -#endif /* defined(HAVE_NPN) */ +#endif /* (HAVE_NPN) */ -#if defined(HAVE_ALPN) +#if (HAVE_ALPN) PyDoc_STRVAR(_ssl__SSLSocket_selected_alpn_protocol__doc__, "selected_alpn_protocol($self, /)\n" @@ -172,7 +172,7 @@ _ssl__SSLSocket_selected_alpn_protocol(PySSLSocket *self, PyObject *Py_UNUSED(ig return _ssl__SSLSocket_selected_alpn_protocol_impl(self); } -#endif /* defined(HAVE_ALPN) */ +#endif /* (HAVE_ALPN) */ PyDoc_STRVAR(_ssl__SSLSocket_compression__doc__, "compression($self, /)\n" @@ -1175,4 +1175,4 @@ exit: #ifndef _SSL_ENUM_CRLS_METHODDEF #define _SSL_ENUM_CRLS_METHODDEF #endif /* !defined(_SSL_ENUM_CRLS_METHODDEF) */ -/*[clinic end generated code: output=a00fef6a470cfc2c input=a9049054013a1b77]*/ +/*[clinic end generated code: output=e2417fee28666f7c input=a9049054013a1b77]*/ |