From b9ac25d1c394714f0565845b274e7eebb402f1e7 Mon Sep 17 00:00:00 2001 From: Antoine Pitrou Date: Fri, 8 Jul 2011 18:47:06 +0200 Subject: Issue #12440: When testing whether some bits in SSLContext.options can be reset, check the version of the OpenSSL headers Python was compiled against, rather than the runtime version of the OpenSSL library. --- Lib/ssl.py | 2 ++ Lib/test/test_ssl.py | 2 +- Misc/NEWS | 4 ++++ Modules/_ssl.c | 34 +++++++++++++++++++++++++--------- 4 files changed, 32 insertions(+), 10 deletions(-) diff --git a/Lib/ssl.py b/Lib/ssl.py index e9e9aa8..ce9ebdf 100644 --- a/Lib/ssl.py +++ b/Lib/ssl.py @@ -77,6 +77,8 @@ from _ssl import ( ) from _ssl import HAS_SNI from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 +from _ssl import _OPENSSL_API_VERSION + _PROTOCOL_NAMES = { PROTOCOL_TLSv1: "TLSv1", PROTOCOL_SSLv23: "SSLv23", diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index 7edf5b2..869381a 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -60,7 +60,7 @@ def handle_error(prefix): def can_clear_options(): # 0.9.8m or higher - return ssl.OPENSSL_VERSION_INFO >= (0, 9, 8, 13, 15) + return ssl._OPENSSL_API_VERSION >= (0, 9, 8, 13, 15) def no_sslv2_implies_sslv3_hello(): # 0.9.7h or higher diff --git a/Misc/NEWS b/Misc/NEWS index 0bc7cd7..018d799 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -47,6 +47,10 @@ C-API Tests ----- +- Issue #12440: When testing whether some bits in SSLContext.options can be + reset, check the version of the OpenSSL headers Python was compiled against, + rather than the runtime version of the OpenSSL library. + - Issue #12497: Install test/data to prevent failures of the various codecmaps tests. diff --git a/Modules/_ssl.c b/Modules/_ssl.c index a813d5f..27dcdbc 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -2037,6 +2037,24 @@ static struct PyModuleDef _sslmodule = { NULL }; + +static void +parse_openssl_version(unsigned long libver, + unsigned int *major, unsigned int *minor, + unsigned int *fix, unsigned int *patch, + unsigned int *status) +{ + *status = libver & 0xF; + libver >>= 4; + *patch = libver & 0xFF; + libver >>= 8; + *fix = libver & 0xFF; + libver >>= 8; + *minor = libver & 0xFF; + libver >>= 8; + *major = libver & 0xFF; +} + PyMODINIT_FUNC PyInit__ssl(void) { @@ -2149,15 +2167,7 @@ PyInit__ssl(void) return NULL; if (PyModule_AddObject(m, "OPENSSL_VERSION_NUMBER", r)) return NULL; - status = libver & 0xF; - libver >>= 4; - patch = libver & 0xFF; - libver >>= 8; - fix = libver & 0xFF; - libver >>= 8; - minor = libver & 0xFF; - libver >>= 8; - major = libver & 0xFF; + parse_openssl_version(libver, &major, &minor, &fix, &patch, &status); r = Py_BuildValue("IIIII", major, minor, fix, patch, status); if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION_INFO", r)) return NULL; @@ -2165,5 +2175,11 @@ PyInit__ssl(void) if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION", r)) return NULL; + libver = OPENSSL_VERSION_NUMBER; + parse_openssl_version(libver, &major, &minor, &fix, &patch, &status); + r = Py_BuildValue("IIIII", major, minor, fix, patch, status); + if (r == NULL || PyModule_AddObject(m, "_OPENSSL_API_VERSION", r)) + return NULL; + return m; } -- cgit v0.12