mirror of
https://github.com/pyenv/pyenv.git
synced 2024-11-21 20:47:00 -05:00
Add OPENSSL_NO_SSL2
& OPENSSL_NO_SSL3
patch for 3.0.1, 3.1 and 3.1.2
This commit is contained in:
parent
68e8945f74
commit
3d1ba0c58c
8 changed files with 384 additions and 300 deletions
|
@ -1,75 +0,0 @@
|
||||||
diff -r -u ./Lib/ssl.py ../Python-3.0.1/Lib/ssl.py
|
|
||||||
--- ./Lib/ssl.py 2009-01-04 08:47:58.000000000 +0900
|
|
||||||
+++ ../Python-3.0.1/Lib/ssl.py 2013-05-08 19:58:59.000000000 +0900
|
|
||||||
@@ -60,8 +60,20 @@
|
|
||||||
|
|
||||||
from _ssl import SSLError
|
|
||||||
from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
|
|
||||||
-from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23,
|
|
||||||
+from _ssl import (PROTOCOL_SSLv3, PROTOCOL_SSLv23,
|
|
||||||
PROTOCOL_TLSv1)
|
|
||||||
+_PROTOCOL_NAMES = {
|
|
||||||
+ PROTOCOL_TLSv1: "TLSv1",
|
|
||||||
+ PROTOCOL_SSLv23: "SSLv23",
|
|
||||||
+ PROTOCOL_SSLv3: "SSLv3",
|
|
||||||
+}
|
|
||||||
+try:
|
|
||||||
+ from _ssl import PROTOCOL_SSLv2
|
|
||||||
+ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2
|
|
||||||
+except ImportError:
|
|
||||||
+ _SSLv2_IF_EXISTS = None
|
|
||||||
+else:
|
|
||||||
+ _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2"
|
|
||||||
from _ssl import RAND_status, RAND_egd, RAND_add
|
|
||||||
from _ssl import (
|
|
||||||
SSL_ERROR_ZERO_RETURN,
|
|
||||||
@@ -434,13 +446,4 @@
|
|
||||||
return DER_cert_to_PEM_cert(dercert)
|
|
||||||
|
|
||||||
def get_protocol_name(protocol_code):
|
|
||||||
- if protocol_code == PROTOCOL_TLSv1:
|
|
||||||
- return "TLSv1"
|
|
||||||
- elif protocol_code == PROTOCOL_SSLv23:
|
|
||||||
- return "SSLv23"
|
|
||||||
- elif protocol_code == PROTOCOL_SSLv2:
|
|
||||||
- return "SSLv2"
|
|
||||||
- elif protocol_code == PROTOCOL_SSLv3:
|
|
||||||
- return "SSLv3"
|
|
||||||
- else:
|
|
||||||
- return "<unknown>"
|
|
||||||
+ return _PROTOCOL_NAMES.get(protocol_code, '<unknown>')
|
|
||||||
diff -r -u ./Modules/_ssl.c ../Python-3.0.1/Modules/_ssl.c
|
|
||||||
--- ./Modules/_ssl.c 2009-02-03 05:41:29.000000000 +0900
|
|
||||||
+++ ../Python-3.0.1/Modules/_ssl.c 2013-05-08 19:57:38.000000000 +0900
|
|
||||||
@@ -62,7 +62,9 @@
|
|
||||||
};
|
|
||||||
|
|
||||||
enum py_ssl_version {
|
|
||||||
+#ifndef OPENSSL_NO_SSL2
|
|
||||||
PY_SSL_VERSION_SSL2,
|
|
||||||
+#endif
|
|
||||||
PY_SSL_VERSION_SSL3,
|
|
||||||
PY_SSL_VERSION_SSL23,
|
|
||||||
PY_SSL_VERSION_TLS1,
|
|
||||||
@@ -299,8 +301,10 @@
|
|
||||||
self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
|
|
||||||
else if (proto_version == PY_SSL_VERSION_SSL3)
|
|
||||||
self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
|
|
||||||
+#ifndef OPENSSL_NO_SSL2
|
|
||||||
else if (proto_version == PY_SSL_VERSION_SSL2)
|
|
||||||
self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
|
|
||||||
+#endif
|
|
||||||
else if (proto_version == PY_SSL_VERSION_SSL23)
|
|
||||||
self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
|
|
||||||
PySSL_END_ALLOW_THREADS
|
|
||||||
@@ -1691,8 +1695,10 @@
|
|
||||||
PY_SSL_CERT_REQUIRED);
|
|
||||||
|
|
||||||
/* protocol versions */
|
|
||||||
+#ifndef OPENSSL_NO_SSL2
|
|
||||||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
|
|
||||||
PY_SSL_VERSION_SSL2);
|
|
||||||
+#endif
|
|
||||||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
|
|
||||||
PY_SSL_VERSION_SSL3);
|
|
||||||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
|
|
|
@ -0,0 +1,96 @@
|
||||||
|
diff -r -u ../Python-3.1.2.orig/Lib/ssl.py ./Lib/ssl.py
|
||||||
|
--- ../Python-3.1.2.orig/Lib/ssl.py 2010-01-18 09:16:17.000000000 +0000
|
||||||
|
+++ ./Lib/ssl.py 2015-12-20 07:36:08.545346519 +0000
|
||||||
|
@@ -60,20 +60,23 @@
|
||||||
|
|
||||||
|
from _ssl import SSLError
|
||||||
|
from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
|
||||||
|
-from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23,
|
||||||
|
- PROTOCOL_TLSv1)
|
||||||
|
-from _ssl import RAND_status, RAND_egd, RAND_add
|
||||||
|
-from _ssl import (
|
||||||
|
- SSL_ERROR_ZERO_RETURN,
|
||||||
|
- SSL_ERROR_WANT_READ,
|
||||||
|
- SSL_ERROR_WANT_WRITE,
|
||||||
|
- SSL_ERROR_WANT_X509_LOOKUP,
|
||||||
|
- SSL_ERROR_SYSCALL,
|
||||||
|
- SSL_ERROR_SSL,
|
||||||
|
- SSL_ERROR_WANT_CONNECT,
|
||||||
|
- SSL_ERROR_EOF,
|
||||||
|
- SSL_ERROR_INVALID_ERROR_CODE,
|
||||||
|
- )
|
||||||
|
+from _ssl import RAND_status, RAND_add
|
||||||
|
+try:
|
||||||
|
+ from _ssl import RAND_egd
|
||||||
|
+except ImportError:
|
||||||
|
+ # LibreSSL does not provide RAND_egd
|
||||||
|
+ pass
|
||||||
|
+
|
||||||
|
+def _import_symbols(prefix):
|
||||||
|
+ for n in dir(_ssl):
|
||||||
|
+ if n.startswith(prefix):
|
||||||
|
+ globals()[n] = getattr(_ssl, n)
|
||||||
|
+
|
||||||
|
+_import_symbols('OP_')
|
||||||
|
+_import_symbols('SSL_ERROR_')
|
||||||
|
+_import_symbols('PROTOCOL_')
|
||||||
|
+
|
||||||
|
+_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')}
|
||||||
|
|
||||||
|
from socket import getnameinfo as _getnameinfo
|
||||||
|
from socket import error as socket_error
|
||||||
|
@@ -415,7 +418,7 @@
|
||||||
|
d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
|
||||||
|
return base64.decodebytes(d.encode('ASCII', 'strict'))
|
||||||
|
|
||||||
|
-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
|
||||||
|
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
|
||||||
|
"""Retrieve the certificate from the server at the specified address,
|
||||||
|
and return it as a PEM-encoded string.
|
||||||
|
If 'ca_certs' is specified, validate the server cert against it.
|
||||||
|
diff -r -u ../Python-3.1.2.orig/Modules/_ssl.c ./Modules/_ssl.c
|
||||||
|
--- ../Python-3.1.2.orig/Modules/_ssl.c 2010-03-02 22:49:30.000000000 +0000
|
||||||
|
+++ ./Modules/_ssl.c 2015-12-20 07:35:02.675100987 +0000
|
||||||
|
@@ -62,8 +62,12 @@
|
||||||
|
};
|
||||||
|
|
||||||
|
enum py_ssl_version {
|
||||||
|
+#ifndef OPENSSL_NO_SSL2
|
||||||
|
PY_SSL_VERSION_SSL2,
|
||||||
|
+#endif
|
||||||
|
+#ifndef OPENSSL_NO_SSL3
|
||||||
|
PY_SSL_VERSION_SSL3,
|
||||||
|
+#endif
|
||||||
|
PY_SSL_VERSION_SSL23,
|
||||||
|
PY_SSL_VERSION_TLS1,
|
||||||
|
};
|
||||||
|
@@ -299,10 +303,14 @@
|
||||||
|
PySSL_BEGIN_ALLOW_THREADS
|
||||||
|
if (proto_version == PY_SSL_VERSION_TLS1)
|
||||||
|
self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
|
||||||
|
+#ifndef OPENSSL_NO_SSL3
|
||||||
|
else if (proto_version == PY_SSL_VERSION_SSL3)
|
||||||
|
self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
|
||||||
|
+#endif
|
||||||
|
+#ifndef OPENSSL_NO_SSL2
|
||||||
|
else if (proto_version == PY_SSL_VERSION_SSL2)
|
||||||
|
self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
|
||||||
|
+#endif
|
||||||
|
else if (proto_version == PY_SSL_VERSION_SSL23)
|
||||||
|
self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
|
||||||
|
PySSL_END_ALLOW_THREADS
|
||||||
|
@@ -1698,10 +1706,14 @@
|
||||||
|
PY_SSL_CERT_REQUIRED);
|
||||||
|
|
||||||
|
/* protocol versions */
|
||||||
|
+#ifndef OPENSSL_NO_SSL2
|
||||||
|
PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
|
||||||
|
PY_SSL_VERSION_SSL2);
|
||||||
|
+#endif
|
||||||
|
+#ifndef OPENSSL_NO_SSL3
|
||||||
|
PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
|
||||||
|
PY_SSL_VERSION_SSL3);
|
||||||
|
+#endif
|
||||||
|
PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
|
||||||
|
PY_SSL_VERSION_SSL23);
|
||||||
|
PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",
|
|
@ -1,75 +0,0 @@
|
||||||
diff -r -u ../Python-3.1/Lib/ssl.py ./Lib/ssl.py
|
|
||||||
--- ../Python-3.1/Lib/ssl.py 2009-06-04 18:42:55.000000000 +0900
|
|
||||||
+++ ./Lib/ssl.py 2015-08-15 13:12:22.270915671 +0900
|
|
||||||
@@ -60,8 +60,20 @@
|
|
||||||
|
|
||||||
from _ssl import SSLError
|
|
||||||
from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
|
|
||||||
-from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23,
|
|
||||||
+from _ssl import (PROTOCOL_SSLv3, PROTOCOL_SSLv23,
|
|
||||||
PROTOCOL_TLSv1)
|
|
||||||
+_PROTOCOL_NAMES = {
|
|
||||||
+ PROTOCOL_TLSv1: "TLSv1",
|
|
||||||
+ PROTOCOL_SSLv23: "SSLv23",
|
|
||||||
+ PROTOCOL_SSLv3: "SSLv3",
|
|
||||||
+}
|
|
||||||
+try:
|
|
||||||
+ from _ssl import PROTOCOL_SSLv2
|
|
||||||
+ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2
|
|
||||||
+except ImportError:
|
|
||||||
+ _SSLv2_IF_EXISTS = None
|
|
||||||
+else:
|
|
||||||
+ _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2"
|
|
||||||
from _ssl import RAND_status, RAND_egd, RAND_add
|
|
||||||
from _ssl import (
|
|
||||||
SSL_ERROR_ZERO_RETURN,
|
|
||||||
@@ -434,13 +446,4 @@
|
|
||||||
return DER_cert_to_PEM_cert(dercert)
|
|
||||||
|
|
||||||
def get_protocol_name(protocol_code):
|
|
||||||
- if protocol_code == PROTOCOL_TLSv1:
|
|
||||||
- return "TLSv1"
|
|
||||||
- elif protocol_code == PROTOCOL_SSLv23:
|
|
||||||
- return "SSLv23"
|
|
||||||
- elif protocol_code == PROTOCOL_SSLv2:
|
|
||||||
- return "SSLv2"
|
|
||||||
- elif protocol_code == PROTOCOL_SSLv3:
|
|
||||||
- return "SSLv3"
|
|
||||||
- else:
|
|
||||||
- return "<unknown>"
|
|
||||||
+ return _PROTOCOL_NAMES.get(protocol_code, '<unknown>')
|
|
||||||
diff -r -u ../Python-3.1/Modules/_ssl.c ./Modules/_ssl.c
|
|
||||||
--- ../Python-3.1/Modules/_ssl.c 2009-05-06 07:31:58.000000000 +0900
|
|
||||||
+++ ./Modules/_ssl.c 2015-08-15 13:13:23.812369742 +0900
|
|
||||||
@@ -62,7 +62,9 @@
|
|
||||||
};
|
|
||||||
|
|
||||||
enum py_ssl_version {
|
|
||||||
+#ifndef OPENSSL_NO_SSL2
|
|
||||||
PY_SSL_VERSION_SSL2,
|
|
||||||
+#endif
|
|
||||||
PY_SSL_VERSION_SSL3,
|
|
||||||
PY_SSL_VERSION_SSL23,
|
|
||||||
PY_SSL_VERSION_TLS1,
|
|
||||||
@@ -301,8 +303,10 @@
|
|
||||||
self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
|
|
||||||
else if (proto_version == PY_SSL_VERSION_SSL3)
|
|
||||||
self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
|
|
||||||
+#ifndef OPENSSL_NO_SSL2
|
|
||||||
else if (proto_version == PY_SSL_VERSION_SSL2)
|
|
||||||
self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
|
|
||||||
+#endif
|
|
||||||
else if (proto_version == PY_SSL_VERSION_SSL23)
|
|
||||||
self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
|
|
||||||
PySSL_END_ALLOW_THREADS
|
|
||||||
@@ -1693,8 +1697,10 @@
|
|
||||||
PY_SSL_CERT_REQUIRED);
|
|
||||||
|
|
||||||
/* protocol versions */
|
|
||||||
+#ifndef OPENSSL_NO_SSL2
|
|
||||||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
|
|
||||||
PY_SSL_VERSION_SSL2);
|
|
||||||
+#endif
|
|
||||||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
|
|
||||||
PY_SSL_VERSION_SSL3);
|
|
||||||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
|
|
|
@ -0,0 +1,96 @@
|
||||||
|
diff -r -u ../Python-3.1.2.orig/Lib/ssl.py ./Lib/ssl.py
|
||||||
|
--- ../Python-3.1.2.orig/Lib/ssl.py 2010-01-18 09:16:17.000000000 +0000
|
||||||
|
+++ ./Lib/ssl.py 2015-12-20 07:36:08.545346519 +0000
|
||||||
|
@@ -60,20 +60,23 @@
|
||||||
|
|
||||||
|
from _ssl import SSLError
|
||||||
|
from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
|
||||||
|
-from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23,
|
||||||
|
- PROTOCOL_TLSv1)
|
||||||
|
-from _ssl import RAND_status, RAND_egd, RAND_add
|
||||||
|
-from _ssl import (
|
||||||
|
- SSL_ERROR_ZERO_RETURN,
|
||||||
|
- SSL_ERROR_WANT_READ,
|
||||||
|
- SSL_ERROR_WANT_WRITE,
|
||||||
|
- SSL_ERROR_WANT_X509_LOOKUP,
|
||||||
|
- SSL_ERROR_SYSCALL,
|
||||||
|
- SSL_ERROR_SSL,
|
||||||
|
- SSL_ERROR_WANT_CONNECT,
|
||||||
|
- SSL_ERROR_EOF,
|
||||||
|
- SSL_ERROR_INVALID_ERROR_CODE,
|
||||||
|
- )
|
||||||
|
+from _ssl import RAND_status, RAND_add
|
||||||
|
+try:
|
||||||
|
+ from _ssl import RAND_egd
|
||||||
|
+except ImportError:
|
||||||
|
+ # LibreSSL does not provide RAND_egd
|
||||||
|
+ pass
|
||||||
|
+
|
||||||
|
+def _import_symbols(prefix):
|
||||||
|
+ for n in dir(_ssl):
|
||||||
|
+ if n.startswith(prefix):
|
||||||
|
+ globals()[n] = getattr(_ssl, n)
|
||||||
|
+
|
||||||
|
+_import_symbols('OP_')
|
||||||
|
+_import_symbols('SSL_ERROR_')
|
||||||
|
+_import_symbols('PROTOCOL_')
|
||||||
|
+
|
||||||
|
+_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')}
|
||||||
|
|
||||||
|
from socket import getnameinfo as _getnameinfo
|
||||||
|
from socket import error as socket_error
|
||||||
|
@@ -415,7 +418,7 @@
|
||||||
|
d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
|
||||||
|
return base64.decodebytes(d.encode('ASCII', 'strict'))
|
||||||
|
|
||||||
|
-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
|
||||||
|
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
|
||||||
|
"""Retrieve the certificate from the server at the specified address,
|
||||||
|
and return it as a PEM-encoded string.
|
||||||
|
If 'ca_certs' is specified, validate the server cert against it.
|
||||||
|
diff -r -u ../Python-3.1.2.orig/Modules/_ssl.c ./Modules/_ssl.c
|
||||||
|
--- ../Python-3.1.2.orig/Modules/_ssl.c 2010-03-02 22:49:30.000000000 +0000
|
||||||
|
+++ ./Modules/_ssl.c 2015-12-20 07:35:02.675100987 +0000
|
||||||
|
@@ -62,8 +62,12 @@
|
||||||
|
};
|
||||||
|
|
||||||
|
enum py_ssl_version {
|
||||||
|
+#ifndef OPENSSL_NO_SSL2
|
||||||
|
PY_SSL_VERSION_SSL2,
|
||||||
|
+#endif
|
||||||
|
+#ifndef OPENSSL_NO_SSL3
|
||||||
|
PY_SSL_VERSION_SSL3,
|
||||||
|
+#endif
|
||||||
|
PY_SSL_VERSION_SSL23,
|
||||||
|
PY_SSL_VERSION_TLS1,
|
||||||
|
};
|
||||||
|
@@ -299,10 +303,14 @@
|
||||||
|
PySSL_BEGIN_ALLOW_THREADS
|
||||||
|
if (proto_version == PY_SSL_VERSION_TLS1)
|
||||||
|
self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
|
||||||
|
+#ifndef OPENSSL_NO_SSL3
|
||||||
|
else if (proto_version == PY_SSL_VERSION_SSL3)
|
||||||
|
self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
|
||||||
|
+#endif
|
||||||
|
+#ifndef OPENSSL_NO_SSL2
|
||||||
|
else if (proto_version == PY_SSL_VERSION_SSL2)
|
||||||
|
self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
|
||||||
|
+#endif
|
||||||
|
else if (proto_version == PY_SSL_VERSION_SSL23)
|
||||||
|
self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
|
||||||
|
PySSL_END_ALLOW_THREADS
|
||||||
|
@@ -1698,10 +1706,14 @@
|
||||||
|
PY_SSL_CERT_REQUIRED);
|
||||||
|
|
||||||
|
/* protocol versions */
|
||||||
|
+#ifndef OPENSSL_NO_SSL2
|
||||||
|
PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
|
||||||
|
PY_SSL_VERSION_SSL2);
|
||||||
|
+#endif
|
||||||
|
+#ifndef OPENSSL_NO_SSL3
|
||||||
|
PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
|
||||||
|
PY_SSL_VERSION_SSL3);
|
||||||
|
+#endif
|
||||||
|
PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
|
||||||
|
PY_SSL_VERSION_SSL23);
|
||||||
|
PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",
|
|
@ -1,75 +0,0 @@
|
||||||
diff -r -u ../Python-3.1/Lib/ssl.py ./Lib/ssl.py
|
|
||||||
--- ../Python-3.1/Lib/ssl.py 2009-06-04 18:42:55.000000000 +0900
|
|
||||||
+++ ./Lib/ssl.py 2015-08-15 13:12:22.270915671 +0900
|
|
||||||
@@ -60,8 +60,20 @@
|
|
||||||
|
|
||||||
from _ssl import SSLError
|
|
||||||
from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
|
|
||||||
-from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23,
|
|
||||||
+from _ssl import (PROTOCOL_SSLv3, PROTOCOL_SSLv23,
|
|
||||||
PROTOCOL_TLSv1)
|
|
||||||
+_PROTOCOL_NAMES = {
|
|
||||||
+ PROTOCOL_TLSv1: "TLSv1",
|
|
||||||
+ PROTOCOL_SSLv23: "SSLv23",
|
|
||||||
+ PROTOCOL_SSLv3: "SSLv3",
|
|
||||||
+}
|
|
||||||
+try:
|
|
||||||
+ from _ssl import PROTOCOL_SSLv2
|
|
||||||
+ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2
|
|
||||||
+except ImportError:
|
|
||||||
+ _SSLv2_IF_EXISTS = None
|
|
||||||
+else:
|
|
||||||
+ _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2"
|
|
||||||
from _ssl import RAND_status, RAND_egd, RAND_add
|
|
||||||
from _ssl import (
|
|
||||||
SSL_ERROR_ZERO_RETURN,
|
|
||||||
@@ -434,13 +446,4 @@
|
|
||||||
return DER_cert_to_PEM_cert(dercert)
|
|
||||||
|
|
||||||
def get_protocol_name(protocol_code):
|
|
||||||
- if protocol_code == PROTOCOL_TLSv1:
|
|
||||||
- return "TLSv1"
|
|
||||||
- elif protocol_code == PROTOCOL_SSLv23:
|
|
||||||
- return "SSLv23"
|
|
||||||
- elif protocol_code == PROTOCOL_SSLv2:
|
|
||||||
- return "SSLv2"
|
|
||||||
- elif protocol_code == PROTOCOL_SSLv3:
|
|
||||||
- return "SSLv3"
|
|
||||||
- else:
|
|
||||||
- return "<unknown>"
|
|
||||||
+ return _PROTOCOL_NAMES.get(protocol_code, '<unknown>')
|
|
||||||
diff -r -u ../Python-3.1/Modules/_ssl.c ./Modules/_ssl.c
|
|
||||||
--- ../Python-3.1/Modules/_ssl.c 2009-05-06 07:31:58.000000000 +0900
|
|
||||||
+++ ./Modules/_ssl.c 2015-08-15 13:13:23.812369742 +0900
|
|
||||||
@@ -62,7 +62,9 @@
|
|
||||||
};
|
|
||||||
|
|
||||||
enum py_ssl_version {
|
|
||||||
+#ifndef OPENSSL_NO_SSL2
|
|
||||||
PY_SSL_VERSION_SSL2,
|
|
||||||
+#endif
|
|
||||||
PY_SSL_VERSION_SSL3,
|
|
||||||
PY_SSL_VERSION_SSL23,
|
|
||||||
PY_SSL_VERSION_TLS1,
|
|
||||||
@@ -301,8 +303,10 @@
|
|
||||||
self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
|
|
||||||
else if (proto_version == PY_SSL_VERSION_SSL3)
|
|
||||||
self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
|
|
||||||
+#ifndef OPENSSL_NO_SSL2
|
|
||||||
else if (proto_version == PY_SSL_VERSION_SSL2)
|
|
||||||
self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
|
|
||||||
+#endif
|
|
||||||
else if (proto_version == PY_SSL_VERSION_SSL23)
|
|
||||||
self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
|
|
||||||
PySSL_END_ALLOW_THREADS
|
|
||||||
@@ -1693,8 +1697,10 @@
|
|
||||||
PY_SSL_CERT_REQUIRED);
|
|
||||||
|
|
||||||
/* protocol versions */
|
|
||||||
+#ifndef OPENSSL_NO_SSL2
|
|
||||||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
|
|
||||||
PY_SSL_VERSION_SSL2);
|
|
||||||
+#endif
|
|
||||||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
|
|
||||||
PY_SSL_VERSION_SSL3);
|
|
||||||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
|
|
|
@ -0,0 +1,96 @@
|
||||||
|
diff -r -u ../Python-3.1.2.orig/Lib/ssl.py ./Lib/ssl.py
|
||||||
|
--- ../Python-3.1.2.orig/Lib/ssl.py 2010-01-18 09:16:17.000000000 +0000
|
||||||
|
+++ ./Lib/ssl.py 2015-12-20 07:36:08.545346519 +0000
|
||||||
|
@@ -60,20 +60,23 @@
|
||||||
|
|
||||||
|
from _ssl import SSLError
|
||||||
|
from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
|
||||||
|
-from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23,
|
||||||
|
- PROTOCOL_TLSv1)
|
||||||
|
-from _ssl import RAND_status, RAND_egd, RAND_add
|
||||||
|
-from _ssl import (
|
||||||
|
- SSL_ERROR_ZERO_RETURN,
|
||||||
|
- SSL_ERROR_WANT_READ,
|
||||||
|
- SSL_ERROR_WANT_WRITE,
|
||||||
|
- SSL_ERROR_WANT_X509_LOOKUP,
|
||||||
|
- SSL_ERROR_SYSCALL,
|
||||||
|
- SSL_ERROR_SSL,
|
||||||
|
- SSL_ERROR_WANT_CONNECT,
|
||||||
|
- SSL_ERROR_EOF,
|
||||||
|
- SSL_ERROR_INVALID_ERROR_CODE,
|
||||||
|
- )
|
||||||
|
+from _ssl import RAND_status, RAND_add
|
||||||
|
+try:
|
||||||
|
+ from _ssl import RAND_egd
|
||||||
|
+except ImportError:
|
||||||
|
+ # LibreSSL does not provide RAND_egd
|
||||||
|
+ pass
|
||||||
|
+
|
||||||
|
+def _import_symbols(prefix):
|
||||||
|
+ for n in dir(_ssl):
|
||||||
|
+ if n.startswith(prefix):
|
||||||
|
+ globals()[n] = getattr(_ssl, n)
|
||||||
|
+
|
||||||
|
+_import_symbols('OP_')
|
||||||
|
+_import_symbols('SSL_ERROR_')
|
||||||
|
+_import_symbols('PROTOCOL_')
|
||||||
|
+
|
||||||
|
+_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')}
|
||||||
|
|
||||||
|
from socket import getnameinfo as _getnameinfo
|
||||||
|
from socket import error as socket_error
|
||||||
|
@@ -415,7 +418,7 @@
|
||||||
|
d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
|
||||||
|
return base64.decodebytes(d.encode('ASCII', 'strict'))
|
||||||
|
|
||||||
|
-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
|
||||||
|
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
|
||||||
|
"""Retrieve the certificate from the server at the specified address,
|
||||||
|
and return it as a PEM-encoded string.
|
||||||
|
If 'ca_certs' is specified, validate the server cert against it.
|
||||||
|
diff -r -u ../Python-3.1.2.orig/Modules/_ssl.c ./Modules/_ssl.c
|
||||||
|
--- ../Python-3.1.2.orig/Modules/_ssl.c 2010-03-02 22:49:30.000000000 +0000
|
||||||
|
+++ ./Modules/_ssl.c 2015-12-20 07:35:02.675100987 +0000
|
||||||
|
@@ -62,8 +62,12 @@
|
||||||
|
};
|
||||||
|
|
||||||
|
enum py_ssl_version {
|
||||||
|
+#ifndef OPENSSL_NO_SSL2
|
||||||
|
PY_SSL_VERSION_SSL2,
|
||||||
|
+#endif
|
||||||
|
+#ifndef OPENSSL_NO_SSL3
|
||||||
|
PY_SSL_VERSION_SSL3,
|
||||||
|
+#endif
|
||||||
|
PY_SSL_VERSION_SSL23,
|
||||||
|
PY_SSL_VERSION_TLS1,
|
||||||
|
};
|
||||||
|
@@ -299,10 +303,14 @@
|
||||||
|
PySSL_BEGIN_ALLOW_THREADS
|
||||||
|
if (proto_version == PY_SSL_VERSION_TLS1)
|
||||||
|
self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
|
||||||
|
+#ifndef OPENSSL_NO_SSL3
|
||||||
|
else if (proto_version == PY_SSL_VERSION_SSL3)
|
||||||
|
self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
|
||||||
|
+#endif
|
||||||
|
+#ifndef OPENSSL_NO_SSL2
|
||||||
|
else if (proto_version == PY_SSL_VERSION_SSL2)
|
||||||
|
self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
|
||||||
|
+#endif
|
||||||
|
else if (proto_version == PY_SSL_VERSION_SSL23)
|
||||||
|
self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
|
||||||
|
PySSL_END_ALLOW_THREADS
|
||||||
|
@@ -1698,10 +1706,14 @@
|
||||||
|
PY_SSL_CERT_REQUIRED);
|
||||||
|
|
||||||
|
/* protocol versions */
|
||||||
|
+#ifndef OPENSSL_NO_SSL2
|
||||||
|
PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
|
||||||
|
PY_SSL_VERSION_SSL2);
|
||||||
|
+#endif
|
||||||
|
+#ifndef OPENSSL_NO_SSL3
|
||||||
|
PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
|
||||||
|
PY_SSL_VERSION_SSL3);
|
||||||
|
+#endif
|
||||||
|
PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
|
||||||
|
PY_SSL_VERSION_SSL23);
|
||||||
|
PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",
|
|
@ -1,75 +0,0 @@
|
||||||
diff -r -u ../Python-3.1/Lib/ssl.py ./Lib/ssl.py
|
|
||||||
--- ../Python-3.1/Lib/ssl.py 2009-06-04 18:42:55.000000000 +0900
|
|
||||||
+++ ./Lib/ssl.py 2015-08-15 13:12:22.270915671 +0900
|
|
||||||
@@ -60,8 +60,20 @@
|
|
||||||
|
|
||||||
from _ssl import SSLError
|
|
||||||
from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
|
|
||||||
-from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23,
|
|
||||||
+from _ssl import (PROTOCOL_SSLv3, PROTOCOL_SSLv23,
|
|
||||||
PROTOCOL_TLSv1)
|
|
||||||
+_PROTOCOL_NAMES = {
|
|
||||||
+ PROTOCOL_TLSv1: "TLSv1",
|
|
||||||
+ PROTOCOL_SSLv23: "SSLv23",
|
|
||||||
+ PROTOCOL_SSLv3: "SSLv3",
|
|
||||||
+}
|
|
||||||
+try:
|
|
||||||
+ from _ssl import PROTOCOL_SSLv2
|
|
||||||
+ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2
|
|
||||||
+except ImportError:
|
|
||||||
+ _SSLv2_IF_EXISTS = None
|
|
||||||
+else:
|
|
||||||
+ _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2"
|
|
||||||
from _ssl import RAND_status, RAND_egd, RAND_add
|
|
||||||
from _ssl import (
|
|
||||||
SSL_ERROR_ZERO_RETURN,
|
|
||||||
@@ -434,13 +446,4 @@
|
|
||||||
return DER_cert_to_PEM_cert(dercert)
|
|
||||||
|
|
||||||
def get_protocol_name(protocol_code):
|
|
||||||
- if protocol_code == PROTOCOL_TLSv1:
|
|
||||||
- return "TLSv1"
|
|
||||||
- elif protocol_code == PROTOCOL_SSLv23:
|
|
||||||
- return "SSLv23"
|
|
||||||
- elif protocol_code == PROTOCOL_SSLv2:
|
|
||||||
- return "SSLv2"
|
|
||||||
- elif protocol_code == PROTOCOL_SSLv3:
|
|
||||||
- return "SSLv3"
|
|
||||||
- else:
|
|
||||||
- return "<unknown>"
|
|
||||||
+ return _PROTOCOL_NAMES.get(protocol_code, '<unknown>')
|
|
||||||
diff -r -u ../Python-3.1/Modules/_ssl.c ./Modules/_ssl.c
|
|
||||||
--- ../Python-3.1/Modules/_ssl.c 2009-05-06 07:31:58.000000000 +0900
|
|
||||||
+++ ./Modules/_ssl.c 2015-08-15 13:13:23.812369742 +0900
|
|
||||||
@@ -62,7 +62,9 @@
|
|
||||||
};
|
|
||||||
|
|
||||||
enum py_ssl_version {
|
|
||||||
+#ifndef OPENSSL_NO_SSL2
|
|
||||||
PY_SSL_VERSION_SSL2,
|
|
||||||
+#endif
|
|
||||||
PY_SSL_VERSION_SSL3,
|
|
||||||
PY_SSL_VERSION_SSL23,
|
|
||||||
PY_SSL_VERSION_TLS1,
|
|
||||||
@@ -301,8 +303,10 @@
|
|
||||||
self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
|
|
||||||
else if (proto_version == PY_SSL_VERSION_SSL3)
|
|
||||||
self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
|
|
||||||
+#ifndef OPENSSL_NO_SSL2
|
|
||||||
else if (proto_version == PY_SSL_VERSION_SSL2)
|
|
||||||
self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
|
|
||||||
+#endif
|
|
||||||
else if (proto_version == PY_SSL_VERSION_SSL23)
|
|
||||||
self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
|
|
||||||
PySSL_END_ALLOW_THREADS
|
|
||||||
@@ -1693,8 +1697,10 @@
|
|
||||||
PY_SSL_CERT_REQUIRED);
|
|
||||||
|
|
||||||
/* protocol versions */
|
|
||||||
+#ifndef OPENSSL_NO_SSL2
|
|
||||||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
|
|
||||||
PY_SSL_VERSION_SSL2);
|
|
||||||
+#endif
|
|
||||||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
|
|
||||||
PY_SSL_VERSION_SSL3);
|
|
||||||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
|
|
|
@ -0,0 +1,96 @@
|
||||||
|
diff -r -u ../Python-3.1.2.orig/Lib/ssl.py ./Lib/ssl.py
|
||||||
|
--- ../Python-3.1.2.orig/Lib/ssl.py 2010-01-18 09:16:17.000000000 +0000
|
||||||
|
+++ ./Lib/ssl.py 2015-12-20 07:36:08.545346519 +0000
|
||||||
|
@@ -60,20 +60,23 @@
|
||||||
|
|
||||||
|
from _ssl import SSLError
|
||||||
|
from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
|
||||||
|
-from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23,
|
||||||
|
- PROTOCOL_TLSv1)
|
||||||
|
-from _ssl import RAND_status, RAND_egd, RAND_add
|
||||||
|
-from _ssl import (
|
||||||
|
- SSL_ERROR_ZERO_RETURN,
|
||||||
|
- SSL_ERROR_WANT_READ,
|
||||||
|
- SSL_ERROR_WANT_WRITE,
|
||||||
|
- SSL_ERROR_WANT_X509_LOOKUP,
|
||||||
|
- SSL_ERROR_SYSCALL,
|
||||||
|
- SSL_ERROR_SSL,
|
||||||
|
- SSL_ERROR_WANT_CONNECT,
|
||||||
|
- SSL_ERROR_EOF,
|
||||||
|
- SSL_ERROR_INVALID_ERROR_CODE,
|
||||||
|
- )
|
||||||
|
+from _ssl import RAND_status, RAND_add
|
||||||
|
+try:
|
||||||
|
+ from _ssl import RAND_egd
|
||||||
|
+except ImportError:
|
||||||
|
+ # LibreSSL does not provide RAND_egd
|
||||||
|
+ pass
|
||||||
|
+
|
||||||
|
+def _import_symbols(prefix):
|
||||||
|
+ for n in dir(_ssl):
|
||||||
|
+ if n.startswith(prefix):
|
||||||
|
+ globals()[n] = getattr(_ssl, n)
|
||||||
|
+
|
||||||
|
+_import_symbols('OP_')
|
||||||
|
+_import_symbols('SSL_ERROR_')
|
||||||
|
+_import_symbols('PROTOCOL_')
|
||||||
|
+
|
||||||
|
+_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')}
|
||||||
|
|
||||||
|
from socket import getnameinfo as _getnameinfo
|
||||||
|
from socket import error as socket_error
|
||||||
|
@@ -415,7 +418,7 @@
|
||||||
|
d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
|
||||||
|
return base64.decodebytes(d.encode('ASCII', 'strict'))
|
||||||
|
|
||||||
|
-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
|
||||||
|
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
|
||||||
|
"""Retrieve the certificate from the server at the specified address,
|
||||||
|
and return it as a PEM-encoded string.
|
||||||
|
If 'ca_certs' is specified, validate the server cert against it.
|
||||||
|
diff -r -u ../Python-3.1.2.orig/Modules/_ssl.c ./Modules/_ssl.c
|
||||||
|
--- ../Python-3.1.2.orig/Modules/_ssl.c 2010-03-02 22:49:30.000000000 +0000
|
||||||
|
+++ ./Modules/_ssl.c 2015-12-20 07:35:02.675100987 +0000
|
||||||
|
@@ -62,8 +62,12 @@
|
||||||
|
};
|
||||||
|
|
||||||
|
enum py_ssl_version {
|
||||||
|
+#ifndef OPENSSL_NO_SSL2
|
||||||
|
PY_SSL_VERSION_SSL2,
|
||||||
|
+#endif
|
||||||
|
+#ifndef OPENSSL_NO_SSL3
|
||||||
|
PY_SSL_VERSION_SSL3,
|
||||||
|
+#endif
|
||||||
|
PY_SSL_VERSION_SSL23,
|
||||||
|
PY_SSL_VERSION_TLS1,
|
||||||
|
};
|
||||||
|
@@ -299,10 +303,14 @@
|
||||||
|
PySSL_BEGIN_ALLOW_THREADS
|
||||||
|
if (proto_version == PY_SSL_VERSION_TLS1)
|
||||||
|
self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
|
||||||
|
+#ifndef OPENSSL_NO_SSL3
|
||||||
|
else if (proto_version == PY_SSL_VERSION_SSL3)
|
||||||
|
self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
|
||||||
|
+#endif
|
||||||
|
+#ifndef OPENSSL_NO_SSL2
|
||||||
|
else if (proto_version == PY_SSL_VERSION_SSL2)
|
||||||
|
self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
|
||||||
|
+#endif
|
||||||
|
else if (proto_version == PY_SSL_VERSION_SSL23)
|
||||||
|
self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
|
||||||
|
PySSL_END_ALLOW_THREADS
|
||||||
|
@@ -1698,10 +1706,14 @@
|
||||||
|
PY_SSL_CERT_REQUIRED);
|
||||||
|
|
||||||
|
/* protocol versions */
|
||||||
|
+#ifndef OPENSSL_NO_SSL2
|
||||||
|
PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
|
||||||
|
PY_SSL_VERSION_SSL2);
|
||||||
|
+#endif
|
||||||
|
+#ifndef OPENSSL_NO_SSL3
|
||||||
|
PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
|
||||||
|
PY_SSL_VERSION_SSL3);
|
||||||
|
+#endif
|
||||||
|
PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
|
||||||
|
PY_SSL_VERSION_SSL23);
|
||||||
|
PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",
|
Loading…
Reference in a new issue