diff options
Diffstat (limited to 'Modules/_ssl.c')
| -rw-r--r-- | Modules/_ssl.c | 29 |
1 files changed, 21 insertions, 8 deletions
diff --git a/Modules/_ssl.c b/Modules/_ssl.c index 2136cbd..ed6b7a8 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -160,6 +160,19 @@ static void _PySSLFixErrno(void) { # define HAVE_ALPN #endif +/* We cannot rely on OPENSSL_NO_NEXTPROTONEG because LibreSSL 2.6.1 dropped + * NPN support but did not set OPENSSL_NO_NEXTPROTONEG for compatibility + * reasons. The check for TLSEXT_TYPE_next_proto_neg works with + * OpenSSL 1.0.1+ and LibreSSL. + */ +#ifdef OPENSSL_NO_NEXTPROTONEG +# define HAVE_NPN 0 +#elif defined(TLSEXT_TYPE_next_proto_neg) +# define HAVE_NPN 1 +#else +# define HAVE_NPN 0 +# endif + #ifndef INVALID_SOCKET /* MS defines this */ #define INVALID_SOCKET (-1) #endif @@ -328,7 +341,7 @@ static unsigned int _ssl_locks_count = 0; typedef struct { PyObject_HEAD SSL_CTX *ctx; -#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) +#ifdef HAVE_NPN unsigned char *npn_protocols; int npn_protocols_len; #endif @@ -1909,7 +1922,7 @@ _ssl__SSLSocket_version_impl(PySSLSocket *self) return PyUnicode_FromString(version); } -#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) +#ifdef HAVE_NPN /*[clinic input] _ssl._SSLSocket.selected_npn_protocol [clinic start generated code]*/ @@ -2874,7 +2887,7 @@ _ssl__SSLContext_impl(PyTypeObject *type, int proto_version) self->ctx = ctx; self->hostflags = X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS; self->protocol = proto_version; -#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) +#ifdef HAVE_NPN self->npn_protocols = NULL; #endif #ifdef HAVE_ALPN @@ -3013,7 +3026,7 @@ context_dealloc(PySSLContext *self) PyObject_GC_UnTrack(self); context_clear(self); SSL_CTX_free(self->ctx); -#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) +#ifdef HAVE_NPN PyMem_FREE(self->npn_protocols); #endif #ifdef HAVE_ALPN @@ -3091,7 +3104,7 @@ _ssl__SSLContext_get_ciphers_impl(PySSLContext *self) #endif -#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) || defined(HAVE_ALPN) +#if defined(HAVE_NPN) || defined(HAVE_ALPN) static int do_protocol_selection(int alpn, unsigned char **out, unsigned char *outlen, const unsigned char *server_protocols, unsigned int server_protocols_len, @@ -3117,7 +3130,7 @@ do_protocol_selection(int alpn, unsigned char **out, unsigned char *outlen, } #endif -#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) +#ifdef HAVE_NPN /* this callback gets passed to SSL_CTX_set_next_protos_advertise_cb */ static int _advertiseNPN_cb(SSL *s, @@ -3160,7 +3173,7 @@ _ssl__SSLContext__set_npn_protocols_impl(PySSLContext *self, Py_buffer *protos) /*[clinic end generated code: output=72b002c3324390c6 input=319fcb66abf95bd7]*/ { -#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) +#ifdef HAVE_NPN PyMem_Free(self->npn_protocols); self->npn_protocols = PyMem_Malloc(protos->len); if (self->npn_protocols == NULL) @@ -5705,7 +5718,7 @@ PyInit__ssl(void) Py_INCREF(r); PyModule_AddObject(m, "HAS_ECDH", r); -#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) +#ifdef HAVE_NPN r = Py_True; #else r = Py_False; |