| @ -1,75 +0,0 @@ | |||
| diff -r -u ./Lib/ssl.py ../Python-3.0.1/Lib/ssl.py | |||
| --- ./Lib/ssl.py 2009-01-04 08:47:58.000000000 +0900 | |||
| +++ ../Python-3.0.1/Lib/ssl.py 2013-05-08 19:58:59.000000000 +0900 | |||
| @@ -60,8 +60,20 @@ | |||
| from _ssl import SSLError | |||
| from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED | |||
| -from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, | |||
| +from _ssl import (PROTOCOL_SSLv3, PROTOCOL_SSLv23, | |||
| PROTOCOL_TLSv1) | |||
| +_PROTOCOL_NAMES = { | |||
| + PROTOCOL_TLSv1: "TLSv1", | |||
| + PROTOCOL_SSLv23: "SSLv23", | |||
| + PROTOCOL_SSLv3: "SSLv3", | |||
| +} | |||
| +try: | |||
| + from _ssl import PROTOCOL_SSLv2 | |||
| + _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 | |||
| +except ImportError: | |||
| + _SSLv2_IF_EXISTS = None | |||
| +else: | |||
| + _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" | |||
| from _ssl import RAND_status, RAND_egd, RAND_add | |||
| from _ssl import ( | |||
| SSL_ERROR_ZERO_RETURN, | |||
| @@ -434,13 +446,4 @@ | |||
| return DER_cert_to_PEM_cert(dercert) | |||
| def get_protocol_name(protocol_code): | |||
| - if protocol_code == PROTOCOL_TLSv1: | |||
| - return "TLSv1" | |||
| - elif protocol_code == PROTOCOL_SSLv23: | |||
| - return "SSLv23" | |||
| - elif protocol_code == PROTOCOL_SSLv2: | |||
| - return "SSLv2" | |||
| - elif protocol_code == PROTOCOL_SSLv3: | |||
| - return "SSLv3" | |||
| - else: | |||
| - return "<unknown>" | |||
| + return _PROTOCOL_NAMES.get(protocol_code, '<unknown>') | |||
| diff -r -u ./Modules/_ssl.c ../Python-3.0.1/Modules/_ssl.c | |||
| --- ./Modules/_ssl.c 2009-02-03 05:41:29.000000000 +0900 | |||
| +++ ../Python-3.0.1/Modules/_ssl.c 2013-05-08 19:57:38.000000000 +0900 | |||
| @@ -62,7 +62,9 @@ | |||
| }; | |||
| enum py_ssl_version { | |||
| +#ifndef OPENSSL_NO_SSL2 | |||
| PY_SSL_VERSION_SSL2, | |||
| +#endif | |||
| PY_SSL_VERSION_SSL3, | |||
| PY_SSL_VERSION_SSL23, | |||
| PY_SSL_VERSION_TLS1, | |||
| @@ -299,8 +301,10 @@ | |||
| self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ | |||
| else if (proto_version == PY_SSL_VERSION_SSL3) | |||
| self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ | |||
| +#ifndef OPENSSL_NO_SSL2 | |||
| else if (proto_version == PY_SSL_VERSION_SSL2) | |||
| self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ | |||
| +#endif | |||
| else if (proto_version == PY_SSL_VERSION_SSL23) | |||
| self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */ | |||
| PySSL_END_ALLOW_THREADS | |||
| @@ -1691,8 +1695,10 @@ | |||
| PY_SSL_CERT_REQUIRED); | |||
| /* protocol versions */ | |||
| +#ifndef OPENSSL_NO_SSL2 | |||
| PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", | |||
| PY_SSL_VERSION_SSL2); | |||
| +#endif | |||
| PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", | |||
| PY_SSL_VERSION_SSL3); | |||
| PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", | |||
| @ -0,0 +1,96 @@ | |||
| diff -r -u ../Python-3.1.2.orig/Lib/ssl.py ./Lib/ssl.py | |||
| --- ../Python-3.1.2.orig/Lib/ssl.py 2010-01-18 09:16:17.000000000 +0000 | |||
| +++ ./Lib/ssl.py 2015-12-20 07:36:08.545346519 +0000 | |||
| @@ -60,20 +60,23 @@ | |||
| from _ssl import SSLError | |||
| from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED | |||
| -from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, | |||
| - PROTOCOL_TLSv1) | |||
| -from _ssl import RAND_status, RAND_egd, RAND_add | |||
| -from _ssl import ( | |||
| - SSL_ERROR_ZERO_RETURN, | |||
| - SSL_ERROR_WANT_READ, | |||
| - SSL_ERROR_WANT_WRITE, | |||
| - SSL_ERROR_WANT_X509_LOOKUP, | |||
| - SSL_ERROR_SYSCALL, | |||
| - SSL_ERROR_SSL, | |||
| - SSL_ERROR_WANT_CONNECT, | |||
| - SSL_ERROR_EOF, | |||
| - SSL_ERROR_INVALID_ERROR_CODE, | |||
| - ) | |||
| +from _ssl import RAND_status, RAND_add | |||
| +try: | |||
| + from _ssl import RAND_egd | |||
| +except ImportError: | |||
| + # LibreSSL does not provide RAND_egd | |||
| + pass | |||
| + | |||
| +def _import_symbols(prefix): | |||
| + for n in dir(_ssl): | |||
| + if n.startswith(prefix): | |||
| + globals()[n] = getattr(_ssl, n) | |||
| + | |||
| +_import_symbols('OP_') | |||
| +_import_symbols('SSL_ERROR_') | |||
| +_import_symbols('PROTOCOL_') | |||
| + | |||
| +_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} | |||
| from socket import getnameinfo as _getnameinfo | |||
| from socket import error as socket_error | |||
| @@ -415,7 +418,7 @@ | |||
| d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] | |||
| return base64.decodebytes(d.encode('ASCII', 'strict')) | |||
| -def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): | |||
| +def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): | |||
| """Retrieve the certificate from the server at the specified address, | |||
| and return it as a PEM-encoded string. | |||
| If 'ca_certs' is specified, validate the server cert against it. | |||
| diff -r -u ../Python-3.1.2.orig/Modules/_ssl.c ./Modules/_ssl.c | |||
| --- ../Python-3.1.2.orig/Modules/_ssl.c 2010-03-02 22:49:30.000000000 +0000 | |||
| +++ ./Modules/_ssl.c 2015-12-20 07:35:02.675100987 +0000 | |||
| @@ -62,8 +62,12 @@ | |||
| }; | |||
| enum py_ssl_version { | |||
| +#ifndef OPENSSL_NO_SSL2 | |||
| PY_SSL_VERSION_SSL2, | |||
| +#endif | |||
| +#ifndef OPENSSL_NO_SSL3 | |||
| PY_SSL_VERSION_SSL3, | |||
| +#endif | |||
| PY_SSL_VERSION_SSL23, | |||
| PY_SSL_VERSION_TLS1, | |||
| }; | |||
| @@ -299,10 +303,14 @@ | |||
| PySSL_BEGIN_ALLOW_THREADS | |||
| if (proto_version == PY_SSL_VERSION_TLS1) | |||
| self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ | |||
| +#ifndef OPENSSL_NO_SSL3 | |||
| else if (proto_version == PY_SSL_VERSION_SSL3) | |||
| self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ | |||
| +#endif | |||
| +#ifndef OPENSSL_NO_SSL2 | |||
| else if (proto_version == PY_SSL_VERSION_SSL2) | |||
| self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ | |||
| +#endif | |||
| else if (proto_version == PY_SSL_VERSION_SSL23) | |||
| self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */ | |||
| PySSL_END_ALLOW_THREADS | |||
| @@ -1698,10 +1706,14 @@ | |||
| PY_SSL_CERT_REQUIRED); | |||
| /* protocol versions */ | |||
| +#ifndef OPENSSL_NO_SSL2 | |||
| PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", | |||
| PY_SSL_VERSION_SSL2); | |||
| +#endif | |||
| +#ifndef OPENSSL_NO_SSL3 | |||
| PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", | |||
| PY_SSL_VERSION_SSL3); | |||
| +#endif | |||
| PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", | |||
| PY_SSL_VERSION_SSL23); | |||
| PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", | |||
| @ -1,75 +0,0 @@ | |||
| diff -r -u ../Python-3.1/Lib/ssl.py ./Lib/ssl.py | |||
| --- ../Python-3.1/Lib/ssl.py 2009-06-04 18:42:55.000000000 +0900 | |||
| +++ ./Lib/ssl.py 2015-08-15 13:12:22.270915671 +0900 | |||
| @@ -60,8 +60,20 @@ | |||
| from _ssl import SSLError | |||
| from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED | |||
| -from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, | |||
| +from _ssl import (PROTOCOL_SSLv3, PROTOCOL_SSLv23, | |||
| PROTOCOL_TLSv1) | |||
| +_PROTOCOL_NAMES = { | |||
| + PROTOCOL_TLSv1: "TLSv1", | |||
| + PROTOCOL_SSLv23: "SSLv23", | |||
| + PROTOCOL_SSLv3: "SSLv3", | |||
| +} | |||
| +try: | |||
| + from _ssl import PROTOCOL_SSLv2 | |||
| + _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 | |||
| +except ImportError: | |||
| + _SSLv2_IF_EXISTS = None | |||
| +else: | |||
| + _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" | |||
| from _ssl import RAND_status, RAND_egd, RAND_add | |||
| from _ssl import ( | |||
| SSL_ERROR_ZERO_RETURN, | |||
| @@ -434,13 +446,4 @@ | |||
| return DER_cert_to_PEM_cert(dercert) | |||
| def get_protocol_name(protocol_code): | |||
| - if protocol_code == PROTOCOL_TLSv1: | |||
| - return "TLSv1" | |||
| - elif protocol_code == PROTOCOL_SSLv23: | |||
| - return "SSLv23" | |||
| - elif protocol_code == PROTOCOL_SSLv2: | |||
| - return "SSLv2" | |||
| - elif protocol_code == PROTOCOL_SSLv3: | |||
| - return "SSLv3" | |||
| - else: | |||
| - return "<unknown>" | |||
| + return _PROTOCOL_NAMES.get(protocol_code, '<unknown>') | |||
| diff -r -u ../Python-3.1/Modules/_ssl.c ./Modules/_ssl.c | |||
| --- ../Python-3.1/Modules/_ssl.c 2009-05-06 07:31:58.000000000 +0900 | |||
| +++ ./Modules/_ssl.c 2015-08-15 13:13:23.812369742 +0900 | |||
| @@ -62,7 +62,9 @@ | |||
| }; | |||
| enum py_ssl_version { | |||
| +#ifndef OPENSSL_NO_SSL2 | |||
| PY_SSL_VERSION_SSL2, | |||
| +#endif | |||
| PY_SSL_VERSION_SSL3, | |||
| PY_SSL_VERSION_SSL23, | |||
| PY_SSL_VERSION_TLS1, | |||
| @@ -301,8 +303,10 @@ | |||
| self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ | |||
| else if (proto_version == PY_SSL_VERSION_SSL3) | |||
| self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ | |||
| +#ifndef OPENSSL_NO_SSL2 | |||
| else if (proto_version == PY_SSL_VERSION_SSL2) | |||
| self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ | |||
| +#endif | |||
| else if (proto_version == PY_SSL_VERSION_SSL23) | |||
| self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */ | |||
| PySSL_END_ALLOW_THREADS | |||
| @@ -1693,8 +1697,10 @@ | |||
| PY_SSL_CERT_REQUIRED); | |||
| /* protocol versions */ | |||
| +#ifndef OPENSSL_NO_SSL2 | |||
| PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", | |||
| PY_SSL_VERSION_SSL2); | |||
| +#endif | |||
| PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", | |||
| PY_SSL_VERSION_SSL3); | |||
| PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", | |||
| @ -0,0 +1,96 @@ | |||
| diff -r -u ../Python-3.1.2.orig/Lib/ssl.py ./Lib/ssl.py | |||
| --- ../Python-3.1.2.orig/Lib/ssl.py 2010-01-18 09:16:17.000000000 +0000 | |||
| +++ ./Lib/ssl.py 2015-12-20 07:36:08.545346519 +0000 | |||
| @@ -60,20 +60,23 @@ | |||
| from _ssl import SSLError | |||
| from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED | |||
| -from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, | |||
| - PROTOCOL_TLSv1) | |||
| -from _ssl import RAND_status, RAND_egd, RAND_add | |||
| -from _ssl import ( | |||
| - SSL_ERROR_ZERO_RETURN, | |||
| - SSL_ERROR_WANT_READ, | |||
| - SSL_ERROR_WANT_WRITE, | |||
| - SSL_ERROR_WANT_X509_LOOKUP, | |||
| - SSL_ERROR_SYSCALL, | |||
| - SSL_ERROR_SSL, | |||
| - SSL_ERROR_WANT_CONNECT, | |||
| - SSL_ERROR_EOF, | |||
| - SSL_ERROR_INVALID_ERROR_CODE, | |||
| - ) | |||
| +from _ssl import RAND_status, RAND_add | |||
| +try: | |||
| + from _ssl import RAND_egd | |||
| +except ImportError: | |||
| + # LibreSSL does not provide RAND_egd | |||
| + pass | |||
| + | |||
| +def _import_symbols(prefix): | |||
| + for n in dir(_ssl): | |||
| + if n.startswith(prefix): | |||
| + globals()[n] = getattr(_ssl, n) | |||
| + | |||
| +_import_symbols('OP_') | |||
| +_import_symbols('SSL_ERROR_') | |||
| +_import_symbols('PROTOCOL_') | |||
| + | |||
| +_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} | |||
| from socket import getnameinfo as _getnameinfo | |||
| from socket import error as socket_error | |||
| @@ -415,7 +418,7 @@ | |||
| d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] | |||
| return base64.decodebytes(d.encode('ASCII', 'strict')) | |||
| -def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): | |||
| +def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): | |||
| """Retrieve the certificate from the server at the specified address, | |||
| and return it as a PEM-encoded string. | |||
| If 'ca_certs' is specified, validate the server cert against it. | |||
| diff -r -u ../Python-3.1.2.orig/Modules/_ssl.c ./Modules/_ssl.c | |||
| --- ../Python-3.1.2.orig/Modules/_ssl.c 2010-03-02 22:49:30.000000000 +0000 | |||
| +++ ./Modules/_ssl.c 2015-12-20 07:35:02.675100987 +0000 | |||
| @@ -62,8 +62,12 @@ | |||
| }; | |||
| enum py_ssl_version { | |||
| +#ifndef OPENSSL_NO_SSL2 | |||
| PY_SSL_VERSION_SSL2, | |||
| +#endif | |||
| +#ifndef OPENSSL_NO_SSL3 | |||
| PY_SSL_VERSION_SSL3, | |||
| +#endif | |||
| PY_SSL_VERSION_SSL23, | |||
| PY_SSL_VERSION_TLS1, | |||
| }; | |||
| @@ -299,10 +303,14 @@ | |||
| PySSL_BEGIN_ALLOW_THREADS | |||
| if (proto_version == PY_SSL_VERSION_TLS1) | |||
| self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ | |||
| +#ifndef OPENSSL_NO_SSL3 | |||
| else if (proto_version == PY_SSL_VERSION_SSL3) | |||
| self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ | |||
| +#endif | |||
| +#ifndef OPENSSL_NO_SSL2 | |||
| else if (proto_version == PY_SSL_VERSION_SSL2) | |||
| self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ | |||
| +#endif | |||
| else if (proto_version == PY_SSL_VERSION_SSL23) | |||
| self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */ | |||
| PySSL_END_ALLOW_THREADS | |||
| @@ -1698,10 +1706,14 @@ | |||
| PY_SSL_CERT_REQUIRED); | |||
| /* protocol versions */ | |||
| +#ifndef OPENSSL_NO_SSL2 | |||
| PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", | |||
| PY_SSL_VERSION_SSL2); | |||
| +#endif | |||
| +#ifndef OPENSSL_NO_SSL3 | |||
| PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", | |||
| PY_SSL_VERSION_SSL3); | |||
| +#endif | |||
| PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", | |||
| PY_SSL_VERSION_SSL23); | |||
| PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", | |||
| @ -1,75 +0,0 @@ | |||
| diff -r -u ../Python-3.1/Lib/ssl.py ./Lib/ssl.py | |||
| --- ../Python-3.1/Lib/ssl.py 2009-06-04 18:42:55.000000000 +0900 | |||
| +++ ./Lib/ssl.py 2015-08-15 13:12:22.270915671 +0900 | |||
| @@ -60,8 +60,20 @@ | |||
| from _ssl import SSLError | |||
| from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED | |||
| -from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, | |||
| +from _ssl import (PROTOCOL_SSLv3, PROTOCOL_SSLv23, | |||
| PROTOCOL_TLSv1) | |||
| +_PROTOCOL_NAMES = { | |||
| + PROTOCOL_TLSv1: "TLSv1", | |||
| + PROTOCOL_SSLv23: "SSLv23", | |||
| + PROTOCOL_SSLv3: "SSLv3", | |||
| +} | |||
| +try: | |||
| + from _ssl import PROTOCOL_SSLv2 | |||
| + _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 | |||
| +except ImportError: | |||
| + _SSLv2_IF_EXISTS = None | |||
| +else: | |||
| + _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" | |||
| from _ssl import RAND_status, RAND_egd, RAND_add | |||
| from _ssl import ( | |||
| SSL_ERROR_ZERO_RETURN, | |||
| @@ -434,13 +446,4 @@ | |||
| return DER_cert_to_PEM_cert(dercert) | |||
| def get_protocol_name(protocol_code): | |||
| - if protocol_code == PROTOCOL_TLSv1: | |||
| - return "TLSv1" | |||
| - elif protocol_code == PROTOCOL_SSLv23: | |||
| - return "SSLv23" | |||
| - elif protocol_code == PROTOCOL_SSLv2: | |||
| - return "SSLv2" | |||
| - elif protocol_code == PROTOCOL_SSLv3: | |||
| - return "SSLv3" | |||
| - else: | |||
| - return "<unknown>" | |||
| + return _PROTOCOL_NAMES.get(protocol_code, '<unknown>') | |||
| diff -r -u ../Python-3.1/Modules/_ssl.c ./Modules/_ssl.c | |||
| --- ../Python-3.1/Modules/_ssl.c 2009-05-06 07:31:58.000000000 +0900 | |||
| +++ ./Modules/_ssl.c 2015-08-15 13:13:23.812369742 +0900 | |||
| @@ -62,7 +62,9 @@ | |||
| }; | |||
| enum py_ssl_version { | |||
| +#ifndef OPENSSL_NO_SSL2 | |||
| PY_SSL_VERSION_SSL2, | |||
| +#endif | |||
| PY_SSL_VERSION_SSL3, | |||
| PY_SSL_VERSION_SSL23, | |||
| PY_SSL_VERSION_TLS1, | |||
| @@ -301,8 +303,10 @@ | |||
| self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ | |||
| else if (proto_version == PY_SSL_VERSION_SSL3) | |||
| self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ | |||
| +#ifndef OPENSSL_NO_SSL2 | |||
| else if (proto_version == PY_SSL_VERSION_SSL2) | |||
| self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ | |||
| +#endif | |||
| else if (proto_version == PY_SSL_VERSION_SSL23) | |||
| self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */ | |||
| PySSL_END_ALLOW_THREADS | |||
| @@ -1693,8 +1697,10 @@ | |||
| PY_SSL_CERT_REQUIRED); | |||
| /* protocol versions */ | |||
| +#ifndef OPENSSL_NO_SSL2 | |||
| PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", | |||
| PY_SSL_VERSION_SSL2); | |||
| +#endif | |||
| PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", | |||
| PY_SSL_VERSION_SSL3); | |||
| PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", | |||
| @ -0,0 +1,96 @@ | |||
| diff -r -u ../Python-3.1.2.orig/Lib/ssl.py ./Lib/ssl.py | |||
| --- ../Python-3.1.2.orig/Lib/ssl.py 2010-01-18 09:16:17.000000000 +0000 | |||
| +++ ./Lib/ssl.py 2015-12-20 07:36:08.545346519 +0000 | |||
| @@ -60,20 +60,23 @@ | |||
| from _ssl import SSLError | |||
| from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED | |||
| -from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, | |||
| - PROTOCOL_TLSv1) | |||
| -from _ssl import RAND_status, RAND_egd, RAND_add | |||
| -from _ssl import ( | |||
| - SSL_ERROR_ZERO_RETURN, | |||
| - SSL_ERROR_WANT_READ, | |||
| - SSL_ERROR_WANT_WRITE, | |||
| - SSL_ERROR_WANT_X509_LOOKUP, | |||
| - SSL_ERROR_SYSCALL, | |||
| - SSL_ERROR_SSL, | |||
| - SSL_ERROR_WANT_CONNECT, | |||
| - SSL_ERROR_EOF, | |||
| - SSL_ERROR_INVALID_ERROR_CODE, | |||
| - ) | |||
| +from _ssl import RAND_status, RAND_add | |||
| +try: | |||
| + from _ssl import RAND_egd | |||
| +except ImportError: | |||
| + # LibreSSL does not provide RAND_egd | |||
| + pass | |||
| + | |||
| +def _import_symbols(prefix): | |||
| + for n in dir(_ssl): | |||
| + if n.startswith(prefix): | |||
| + globals()[n] = getattr(_ssl, n) | |||
| + | |||
| +_import_symbols('OP_') | |||
| +_import_symbols('SSL_ERROR_') | |||
| +_import_symbols('PROTOCOL_') | |||
| + | |||
| +_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} | |||
| from socket import getnameinfo as _getnameinfo | |||
| from socket import error as socket_error | |||
| @@ -415,7 +418,7 @@ | |||
| d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] | |||
| return base64.decodebytes(d.encode('ASCII', 'strict')) | |||
| -def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): | |||
| +def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): | |||
| """Retrieve the certificate from the server at the specified address, | |||
| and return it as a PEM-encoded string. | |||
| If 'ca_certs' is specified, validate the server cert against it. | |||
| diff -r -u ../Python-3.1.2.orig/Modules/_ssl.c ./Modules/_ssl.c | |||
| --- ../Python-3.1.2.orig/Modules/_ssl.c 2010-03-02 22:49:30.000000000 +0000 | |||
| +++ ./Modules/_ssl.c 2015-12-20 07:35:02.675100987 +0000 | |||
| @@ -62,8 +62,12 @@ | |||
| }; | |||
| enum py_ssl_version { | |||
| +#ifndef OPENSSL_NO_SSL2 | |||
| PY_SSL_VERSION_SSL2, | |||
| +#endif | |||
| +#ifndef OPENSSL_NO_SSL3 | |||
| PY_SSL_VERSION_SSL3, | |||
| +#endif | |||
| PY_SSL_VERSION_SSL23, | |||
| PY_SSL_VERSION_TLS1, | |||
| }; | |||
| @@ -299,10 +303,14 @@ | |||
| PySSL_BEGIN_ALLOW_THREADS | |||
| if (proto_version == PY_SSL_VERSION_TLS1) | |||
| self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ | |||
| +#ifndef OPENSSL_NO_SSL3 | |||
| else if (proto_version == PY_SSL_VERSION_SSL3) | |||
| self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ | |||
| +#endif | |||
| +#ifndef OPENSSL_NO_SSL2 | |||
| else if (proto_version == PY_SSL_VERSION_SSL2) | |||
| self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ | |||
| +#endif | |||
| else if (proto_version == PY_SSL_VERSION_SSL23) | |||
| self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */ | |||
| PySSL_END_ALLOW_THREADS | |||
| @@ -1698,10 +1706,14 @@ | |||
| PY_SSL_CERT_REQUIRED); | |||
| /* protocol versions */ | |||
| +#ifndef OPENSSL_NO_SSL2 | |||
| PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", | |||
| PY_SSL_VERSION_SSL2); | |||
| +#endif | |||
| +#ifndef OPENSSL_NO_SSL3 | |||
| PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", | |||
| PY_SSL_VERSION_SSL3); | |||
| +#endif | |||
| PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", | |||
| PY_SSL_VERSION_SSL23); | |||
| PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", | |||
| @ -1,75 +0,0 @@ | |||
| diff -r -u ../Python-3.1/Lib/ssl.py ./Lib/ssl.py | |||
| --- ../Python-3.1/Lib/ssl.py 2009-06-04 18:42:55.000000000 +0900 | |||
| +++ ./Lib/ssl.py 2015-08-15 13:12:22.270915671 +0900 | |||
| @@ -60,8 +60,20 @@ | |||
| from _ssl import SSLError | |||
| from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED | |||
| -from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, | |||
| +from _ssl import (PROTOCOL_SSLv3, PROTOCOL_SSLv23, | |||
| PROTOCOL_TLSv1) | |||
| +_PROTOCOL_NAMES = { | |||
| + PROTOCOL_TLSv1: "TLSv1", | |||
| + PROTOCOL_SSLv23: "SSLv23", | |||
| + PROTOCOL_SSLv3: "SSLv3", | |||
| +} | |||
| +try: | |||
| + from _ssl import PROTOCOL_SSLv2 | |||
| + _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 | |||
| +except ImportError: | |||
| + _SSLv2_IF_EXISTS = None | |||
| +else: | |||
| + _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" | |||
| from _ssl import RAND_status, RAND_egd, RAND_add | |||
| from _ssl import ( | |||
| SSL_ERROR_ZERO_RETURN, | |||
| @@ -434,13 +446,4 @@ | |||
| return DER_cert_to_PEM_cert(dercert) | |||
| def get_protocol_name(protocol_code): | |||
| - if protocol_code == PROTOCOL_TLSv1: | |||
| - return "TLSv1" | |||
| - elif protocol_code == PROTOCOL_SSLv23: | |||
| - return "SSLv23" | |||
| - elif protocol_code == PROTOCOL_SSLv2: | |||
| - return "SSLv2" | |||
| - elif protocol_code == PROTOCOL_SSLv3: | |||
| - return "SSLv3" | |||
| - else: | |||
| - return "<unknown>" | |||
| + return _PROTOCOL_NAMES.get(protocol_code, '<unknown>') | |||
| diff -r -u ../Python-3.1/Modules/_ssl.c ./Modules/_ssl.c | |||
| --- ../Python-3.1/Modules/_ssl.c 2009-05-06 07:31:58.000000000 +0900 | |||
| +++ ./Modules/_ssl.c 2015-08-15 13:13:23.812369742 +0900 | |||
| @@ -62,7 +62,9 @@ | |||
| }; | |||
| enum py_ssl_version { | |||
| +#ifndef OPENSSL_NO_SSL2 | |||
| PY_SSL_VERSION_SSL2, | |||
| +#endif | |||
| PY_SSL_VERSION_SSL3, | |||
| PY_SSL_VERSION_SSL23, | |||
| PY_SSL_VERSION_TLS1, | |||
| @@ -301,8 +303,10 @@ | |||
| self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ | |||
| else if (proto_version == PY_SSL_VERSION_SSL3) | |||
| self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ | |||
| +#ifndef OPENSSL_NO_SSL2 | |||
| else if (proto_version == PY_SSL_VERSION_SSL2) | |||
| self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ | |||
| +#endif | |||
| else if (proto_version == PY_SSL_VERSION_SSL23) | |||
| self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */ | |||
| PySSL_END_ALLOW_THREADS | |||
| @@ -1693,8 +1697,10 @@ | |||
| PY_SSL_CERT_REQUIRED); | |||
| /* protocol versions */ | |||
| +#ifndef OPENSSL_NO_SSL2 | |||
| PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", | |||
| PY_SSL_VERSION_SSL2); | |||
| +#endif | |||
| PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", | |||
| PY_SSL_VERSION_SSL3); | |||
| PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", | |||
| @ -0,0 +1,96 @@ | |||
| diff -r -u ../Python-3.1.2.orig/Lib/ssl.py ./Lib/ssl.py | |||
| --- ../Python-3.1.2.orig/Lib/ssl.py 2010-01-18 09:16:17.000000000 +0000 | |||
| +++ ./Lib/ssl.py 2015-12-20 07:36:08.545346519 +0000 | |||
| @@ -60,20 +60,23 @@ | |||
| from _ssl import SSLError | |||
| from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED | |||
| -from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, | |||
| - PROTOCOL_TLSv1) | |||
| -from _ssl import RAND_status, RAND_egd, RAND_add | |||
| -from _ssl import ( | |||
| - SSL_ERROR_ZERO_RETURN, | |||
| - SSL_ERROR_WANT_READ, | |||
| - SSL_ERROR_WANT_WRITE, | |||
| - SSL_ERROR_WANT_X509_LOOKUP, | |||
| - SSL_ERROR_SYSCALL, | |||
| - SSL_ERROR_SSL, | |||
| - SSL_ERROR_WANT_CONNECT, | |||
| - SSL_ERROR_EOF, | |||
| - SSL_ERROR_INVALID_ERROR_CODE, | |||
| - ) | |||
| +from _ssl import RAND_status, RAND_add | |||
| +try: | |||
| + from _ssl import RAND_egd | |||
| +except ImportError: | |||
| + # LibreSSL does not provide RAND_egd | |||
| + pass | |||
| + | |||
| +def _import_symbols(prefix): | |||
| + for n in dir(_ssl): | |||
| + if n.startswith(prefix): | |||
| + globals()[n] = getattr(_ssl, n) | |||
| + | |||
| +_import_symbols('OP_') | |||
| +_import_symbols('SSL_ERROR_') | |||
| +_import_symbols('PROTOCOL_') | |||
| + | |||
| +_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} | |||
| from socket import getnameinfo as _getnameinfo | |||
| from socket import error as socket_error | |||
| @@ -415,7 +418,7 @@ | |||
| d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] | |||
| return base64.decodebytes(d.encode('ASCII', 'strict')) | |||
| -def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): | |||
| +def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): | |||
| """Retrieve the certificate from the server at the specified address, | |||
| and return it as a PEM-encoded string. | |||
| If 'ca_certs' is specified, validate the server cert against it. | |||
| diff -r -u ../Python-3.1.2.orig/Modules/_ssl.c ./Modules/_ssl.c | |||
| --- ../Python-3.1.2.orig/Modules/_ssl.c 2010-03-02 22:49:30.000000000 +0000 | |||
| +++ ./Modules/_ssl.c 2015-12-20 07:35:02.675100987 +0000 | |||
| @@ -62,8 +62,12 @@ | |||
| }; | |||
| enum py_ssl_version { | |||
| +#ifndef OPENSSL_NO_SSL2 | |||
| PY_SSL_VERSION_SSL2, | |||
| +#endif | |||
| +#ifndef OPENSSL_NO_SSL3 | |||
| PY_SSL_VERSION_SSL3, | |||
| +#endif | |||
| PY_SSL_VERSION_SSL23, | |||
| PY_SSL_VERSION_TLS1, | |||
| }; | |||
| @@ -299,10 +303,14 @@ | |||
| PySSL_BEGIN_ALLOW_THREADS | |||
| if (proto_version == PY_SSL_VERSION_TLS1) | |||
| self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ | |||
| +#ifndef OPENSSL_NO_SSL3 | |||
| else if (proto_version == PY_SSL_VERSION_SSL3) | |||
| self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ | |||
| +#endif | |||
| +#ifndef OPENSSL_NO_SSL2 | |||
| else if (proto_version == PY_SSL_VERSION_SSL2) | |||
| self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ | |||
| +#endif | |||
| else if (proto_version == PY_SSL_VERSION_SSL23) | |||
| self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */ | |||
| PySSL_END_ALLOW_THREADS | |||
| @@ -1698,10 +1706,14 @@ | |||
| PY_SSL_CERT_REQUIRED); | |||
| /* protocol versions */ | |||
| +#ifndef OPENSSL_NO_SSL2 | |||
| PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", | |||
| PY_SSL_VERSION_SSL2); | |||
| +#endif | |||
| +#ifndef OPENSSL_NO_SSL3 | |||
| PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", | |||
| PY_SSL_VERSION_SSL3); | |||
| +#endif | |||
| PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", | |||
| PY_SSL_VERSION_SSL23); | |||
| PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", | |||