`OPENSSL_NO_SSL3` patch for 3.0.x, 3.1.x and 3.2.xpull/511/head
@ -1,75 +0,0 @@ | |||
diff -r -u ./Lib/ssl.py ../Python-3.0.1/Lib/ssl.py | |||
--- ./Lib/ssl.py 2009-01-04 08:47:58.000000000 +0900 | |||
+++ ../Python-3.0.1/Lib/ssl.py 2013-05-08 19:58:59.000000000 +0900 | |||
@@ -60,8 +60,20 @@ | |||
from _ssl import SSLError | |||
from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED | |||
-from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, | |||
+from _ssl import (PROTOCOL_SSLv3, PROTOCOL_SSLv23, | |||
PROTOCOL_TLSv1) | |||
+_PROTOCOL_NAMES = { | |||
+ PROTOCOL_TLSv1: "TLSv1", | |||
+ PROTOCOL_SSLv23: "SSLv23", | |||
+ PROTOCOL_SSLv3: "SSLv3", | |||
+} | |||
+try: | |||
+ from _ssl import PROTOCOL_SSLv2 | |||
+ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 | |||
+except ImportError: | |||
+ _SSLv2_IF_EXISTS = None | |||
+else: | |||
+ _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" | |||
from _ssl import RAND_status, RAND_egd, RAND_add | |||
from _ssl import ( | |||
SSL_ERROR_ZERO_RETURN, | |||
@@ -434,13 +446,4 @@ | |||
return DER_cert_to_PEM_cert(dercert) | |||
def get_protocol_name(protocol_code): | |||
- if protocol_code == PROTOCOL_TLSv1: | |||
- return "TLSv1" | |||
- elif protocol_code == PROTOCOL_SSLv23: | |||
- return "SSLv23" | |||
- elif protocol_code == PROTOCOL_SSLv2: | |||
- return "SSLv2" | |||
- elif protocol_code == PROTOCOL_SSLv3: | |||
- return "SSLv3" | |||
- else: | |||
- return "<unknown>" | |||
+ return _PROTOCOL_NAMES.get(protocol_code, '<unknown>') | |||
diff -r -u ./Modules/_ssl.c ../Python-3.0.1/Modules/_ssl.c | |||
--- ./Modules/_ssl.c 2009-02-03 05:41:29.000000000 +0900 | |||
+++ ../Python-3.0.1/Modules/_ssl.c 2013-05-08 19:57:38.000000000 +0900 | |||
@@ -62,7 +62,9 @@ | |||
}; | |||
enum py_ssl_version { | |||
+#ifndef OPENSSL_NO_SSL2 | |||
PY_SSL_VERSION_SSL2, | |||
+#endif | |||
PY_SSL_VERSION_SSL3, | |||
PY_SSL_VERSION_SSL23, | |||
PY_SSL_VERSION_TLS1, | |||
@@ -299,8 +301,10 @@ | |||
self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ | |||
else if (proto_version == PY_SSL_VERSION_SSL3) | |||
self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ | |||
+#ifndef OPENSSL_NO_SSL2 | |||
else if (proto_version == PY_SSL_VERSION_SSL2) | |||
self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ | |||
+#endif | |||
else if (proto_version == PY_SSL_VERSION_SSL23) | |||
self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */ | |||
PySSL_END_ALLOW_THREADS | |||
@@ -1691,8 +1695,10 @@ | |||
PY_SSL_CERT_REQUIRED); | |||
/* protocol versions */ | |||
+#ifndef OPENSSL_NO_SSL2 | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", | |||
PY_SSL_VERSION_SSL2); | |||
+#endif | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", | |||
PY_SSL_VERSION_SSL3); | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", |
@ -0,0 +1,96 @@ | |||
diff -r -u ../Python-3.1.2.orig/Lib/ssl.py ./Lib/ssl.py | |||
--- ../Python-3.1.2.orig/Lib/ssl.py 2010-01-18 09:16:17.000000000 +0000 | |||
+++ ./Lib/ssl.py 2015-12-20 07:36:08.545346519 +0000 | |||
@@ -60,20 +60,23 @@ | |||
from _ssl import SSLError | |||
from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED | |||
-from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, | |||
- PROTOCOL_TLSv1) | |||
-from _ssl import RAND_status, RAND_egd, RAND_add | |||
-from _ssl import ( | |||
- SSL_ERROR_ZERO_RETURN, | |||
- SSL_ERROR_WANT_READ, | |||
- SSL_ERROR_WANT_WRITE, | |||
- SSL_ERROR_WANT_X509_LOOKUP, | |||
- SSL_ERROR_SYSCALL, | |||
- SSL_ERROR_SSL, | |||
- SSL_ERROR_WANT_CONNECT, | |||
- SSL_ERROR_EOF, | |||
- SSL_ERROR_INVALID_ERROR_CODE, | |||
- ) | |||
+from _ssl import RAND_status, RAND_add | |||
+try: | |||
+ from _ssl import RAND_egd | |||
+except ImportError: | |||
+ # LibreSSL does not provide RAND_egd | |||
+ pass | |||
+ | |||
+def _import_symbols(prefix): | |||
+ for n in dir(_ssl): | |||
+ if n.startswith(prefix): | |||
+ globals()[n] = getattr(_ssl, n) | |||
+ | |||
+_import_symbols('OP_') | |||
+_import_symbols('SSL_ERROR_') | |||
+_import_symbols('PROTOCOL_') | |||
+ | |||
+_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} | |||
from socket import getnameinfo as _getnameinfo | |||
from socket import error as socket_error | |||
@@ -415,7 +418,7 @@ | |||
d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] | |||
return base64.decodebytes(d.encode('ASCII', 'strict')) | |||
-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): | |||
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): | |||
"""Retrieve the certificate from the server at the specified address, | |||
and return it as a PEM-encoded string. | |||
If 'ca_certs' is specified, validate the server cert against it. | |||
diff -r -u ../Python-3.1.2.orig/Modules/_ssl.c ./Modules/_ssl.c | |||
--- ../Python-3.1.2.orig/Modules/_ssl.c 2010-03-02 22:49:30.000000000 +0000 | |||
+++ ./Modules/_ssl.c 2015-12-20 07:35:02.675100987 +0000 | |||
@@ -62,8 +62,12 @@ | |||
}; | |||
enum py_ssl_version { | |||
+#ifndef OPENSSL_NO_SSL2 | |||
PY_SSL_VERSION_SSL2, | |||
+#endif | |||
+#ifndef OPENSSL_NO_SSL3 | |||
PY_SSL_VERSION_SSL3, | |||
+#endif | |||
PY_SSL_VERSION_SSL23, | |||
PY_SSL_VERSION_TLS1, | |||
}; | |||
@@ -299,10 +303,14 @@ | |||
PySSL_BEGIN_ALLOW_THREADS | |||
if (proto_version == PY_SSL_VERSION_TLS1) | |||
self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ | |||
+#ifndef OPENSSL_NO_SSL3 | |||
else if (proto_version == PY_SSL_VERSION_SSL3) | |||
self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ | |||
+#endif | |||
+#ifndef OPENSSL_NO_SSL2 | |||
else if (proto_version == PY_SSL_VERSION_SSL2) | |||
self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ | |||
+#endif | |||
else if (proto_version == PY_SSL_VERSION_SSL23) | |||
self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */ | |||
PySSL_END_ALLOW_THREADS | |||
@@ -1698,10 +1706,14 @@ | |||
PY_SSL_CERT_REQUIRED); | |||
/* protocol versions */ | |||
+#ifndef OPENSSL_NO_SSL2 | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", | |||
PY_SSL_VERSION_SSL2); | |||
+#endif | |||
+#ifndef OPENSSL_NO_SSL3 | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", | |||
PY_SSL_VERSION_SSL3); | |||
+#endif | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", | |||
PY_SSL_VERSION_SSL23); | |||
PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", |
@ -1,75 +0,0 @@ | |||
diff -r -u ../Python-3.1/Lib/ssl.py ./Lib/ssl.py | |||
--- ../Python-3.1/Lib/ssl.py 2009-06-04 18:42:55.000000000 +0900 | |||
+++ ./Lib/ssl.py 2015-08-15 13:12:22.270915671 +0900 | |||
@@ -60,8 +60,20 @@ | |||
from _ssl import SSLError | |||
from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED | |||
-from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, | |||
+from _ssl import (PROTOCOL_SSLv3, PROTOCOL_SSLv23, | |||
PROTOCOL_TLSv1) | |||
+_PROTOCOL_NAMES = { | |||
+ PROTOCOL_TLSv1: "TLSv1", | |||
+ PROTOCOL_SSLv23: "SSLv23", | |||
+ PROTOCOL_SSLv3: "SSLv3", | |||
+} | |||
+try: | |||
+ from _ssl import PROTOCOL_SSLv2 | |||
+ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 | |||
+except ImportError: | |||
+ _SSLv2_IF_EXISTS = None | |||
+else: | |||
+ _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" | |||
from _ssl import RAND_status, RAND_egd, RAND_add | |||
from _ssl import ( | |||
SSL_ERROR_ZERO_RETURN, | |||
@@ -434,13 +446,4 @@ | |||
return DER_cert_to_PEM_cert(dercert) | |||
def get_protocol_name(protocol_code): | |||
- if protocol_code == PROTOCOL_TLSv1: | |||
- return "TLSv1" | |||
- elif protocol_code == PROTOCOL_SSLv23: | |||
- return "SSLv23" | |||
- elif protocol_code == PROTOCOL_SSLv2: | |||
- return "SSLv2" | |||
- elif protocol_code == PROTOCOL_SSLv3: | |||
- return "SSLv3" | |||
- else: | |||
- return "<unknown>" | |||
+ return _PROTOCOL_NAMES.get(protocol_code, '<unknown>') | |||
diff -r -u ../Python-3.1/Modules/_ssl.c ./Modules/_ssl.c | |||
--- ../Python-3.1/Modules/_ssl.c 2009-05-06 07:31:58.000000000 +0900 | |||
+++ ./Modules/_ssl.c 2015-08-15 13:13:23.812369742 +0900 | |||
@@ -62,7 +62,9 @@ | |||
}; | |||
enum py_ssl_version { | |||
+#ifndef OPENSSL_NO_SSL2 | |||
PY_SSL_VERSION_SSL2, | |||
+#endif | |||
PY_SSL_VERSION_SSL3, | |||
PY_SSL_VERSION_SSL23, | |||
PY_SSL_VERSION_TLS1, | |||
@@ -301,8 +303,10 @@ | |||
self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ | |||
else if (proto_version == PY_SSL_VERSION_SSL3) | |||
self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ | |||
+#ifndef OPENSSL_NO_SSL2 | |||
else if (proto_version == PY_SSL_VERSION_SSL2) | |||
self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ | |||
+#endif | |||
else if (proto_version == PY_SSL_VERSION_SSL23) | |||
self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */ | |||
PySSL_END_ALLOW_THREADS | |||
@@ -1693,8 +1697,10 @@ | |||
PY_SSL_CERT_REQUIRED); | |||
/* protocol versions */ | |||
+#ifndef OPENSSL_NO_SSL2 | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", | |||
PY_SSL_VERSION_SSL2); | |||
+#endif | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", | |||
PY_SSL_VERSION_SSL3); | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", |
@ -0,0 +1,96 @@ | |||
diff -r -u ../Python-3.1.2.orig/Lib/ssl.py ./Lib/ssl.py | |||
--- ../Python-3.1.2.orig/Lib/ssl.py 2010-01-18 09:16:17.000000000 +0000 | |||
+++ ./Lib/ssl.py 2015-12-20 07:36:08.545346519 +0000 | |||
@@ -60,20 +60,23 @@ | |||
from _ssl import SSLError | |||
from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED | |||
-from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, | |||
- PROTOCOL_TLSv1) | |||
-from _ssl import RAND_status, RAND_egd, RAND_add | |||
-from _ssl import ( | |||
- SSL_ERROR_ZERO_RETURN, | |||
- SSL_ERROR_WANT_READ, | |||
- SSL_ERROR_WANT_WRITE, | |||
- SSL_ERROR_WANT_X509_LOOKUP, | |||
- SSL_ERROR_SYSCALL, | |||
- SSL_ERROR_SSL, | |||
- SSL_ERROR_WANT_CONNECT, | |||
- SSL_ERROR_EOF, | |||
- SSL_ERROR_INVALID_ERROR_CODE, | |||
- ) | |||
+from _ssl import RAND_status, RAND_add | |||
+try: | |||
+ from _ssl import RAND_egd | |||
+except ImportError: | |||
+ # LibreSSL does not provide RAND_egd | |||
+ pass | |||
+ | |||
+def _import_symbols(prefix): | |||
+ for n in dir(_ssl): | |||
+ if n.startswith(prefix): | |||
+ globals()[n] = getattr(_ssl, n) | |||
+ | |||
+_import_symbols('OP_') | |||
+_import_symbols('SSL_ERROR_') | |||
+_import_symbols('PROTOCOL_') | |||
+ | |||
+_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} | |||
from socket import getnameinfo as _getnameinfo | |||
from socket import error as socket_error | |||
@@ -415,7 +418,7 @@ | |||
d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] | |||
return base64.decodebytes(d.encode('ASCII', 'strict')) | |||
-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): | |||
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): | |||
"""Retrieve the certificate from the server at the specified address, | |||
and return it as a PEM-encoded string. | |||
If 'ca_certs' is specified, validate the server cert against it. | |||
diff -r -u ../Python-3.1.2.orig/Modules/_ssl.c ./Modules/_ssl.c | |||
--- ../Python-3.1.2.orig/Modules/_ssl.c 2010-03-02 22:49:30.000000000 +0000 | |||
+++ ./Modules/_ssl.c 2015-12-20 07:35:02.675100987 +0000 | |||
@@ -62,8 +62,12 @@ | |||
}; | |||
enum py_ssl_version { | |||
+#ifndef OPENSSL_NO_SSL2 | |||
PY_SSL_VERSION_SSL2, | |||
+#endif | |||
+#ifndef OPENSSL_NO_SSL3 | |||
PY_SSL_VERSION_SSL3, | |||
+#endif | |||
PY_SSL_VERSION_SSL23, | |||
PY_SSL_VERSION_TLS1, | |||
}; | |||
@@ -299,10 +303,14 @@ | |||
PySSL_BEGIN_ALLOW_THREADS | |||
if (proto_version == PY_SSL_VERSION_TLS1) | |||
self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ | |||
+#ifndef OPENSSL_NO_SSL3 | |||
else if (proto_version == PY_SSL_VERSION_SSL3) | |||
self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ | |||
+#endif | |||
+#ifndef OPENSSL_NO_SSL2 | |||
else if (proto_version == PY_SSL_VERSION_SSL2) | |||
self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ | |||
+#endif | |||
else if (proto_version == PY_SSL_VERSION_SSL23) | |||
self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */ | |||
PySSL_END_ALLOW_THREADS | |||
@@ -1698,10 +1706,14 @@ | |||
PY_SSL_CERT_REQUIRED); | |||
/* protocol versions */ | |||
+#ifndef OPENSSL_NO_SSL2 | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", | |||
PY_SSL_VERSION_SSL2); | |||
+#endif | |||
+#ifndef OPENSSL_NO_SSL3 | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", | |||
PY_SSL_VERSION_SSL3); | |||
+#endif | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", | |||
PY_SSL_VERSION_SSL23); | |||
PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", |
@ -1,75 +0,0 @@ | |||
diff -r -u ../Python-3.1/Lib/ssl.py ./Lib/ssl.py | |||
--- ../Python-3.1/Lib/ssl.py 2009-06-04 18:42:55.000000000 +0900 | |||
+++ ./Lib/ssl.py 2015-08-15 13:12:22.270915671 +0900 | |||
@@ -60,8 +60,20 @@ | |||
from _ssl import SSLError | |||
from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED | |||
-from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, | |||
+from _ssl import (PROTOCOL_SSLv3, PROTOCOL_SSLv23, | |||
PROTOCOL_TLSv1) | |||
+_PROTOCOL_NAMES = { | |||
+ PROTOCOL_TLSv1: "TLSv1", | |||
+ PROTOCOL_SSLv23: "SSLv23", | |||
+ PROTOCOL_SSLv3: "SSLv3", | |||
+} | |||
+try: | |||
+ from _ssl import PROTOCOL_SSLv2 | |||
+ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 | |||
+except ImportError: | |||
+ _SSLv2_IF_EXISTS = None | |||
+else: | |||
+ _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" | |||
from _ssl import RAND_status, RAND_egd, RAND_add | |||
from _ssl import ( | |||
SSL_ERROR_ZERO_RETURN, | |||
@@ -434,13 +446,4 @@ | |||
return DER_cert_to_PEM_cert(dercert) | |||
def get_protocol_name(protocol_code): | |||
- if protocol_code == PROTOCOL_TLSv1: | |||
- return "TLSv1" | |||
- elif protocol_code == PROTOCOL_SSLv23: | |||
- return "SSLv23" | |||
- elif protocol_code == PROTOCOL_SSLv2: | |||
- return "SSLv2" | |||
- elif protocol_code == PROTOCOL_SSLv3: | |||
- return "SSLv3" | |||
- else: | |||
- return "<unknown>" | |||
+ return _PROTOCOL_NAMES.get(protocol_code, '<unknown>') | |||
diff -r -u ../Python-3.1/Modules/_ssl.c ./Modules/_ssl.c | |||
--- ../Python-3.1/Modules/_ssl.c 2009-05-06 07:31:58.000000000 +0900 | |||
+++ ./Modules/_ssl.c 2015-08-15 13:13:23.812369742 +0900 | |||
@@ -62,7 +62,9 @@ | |||
}; | |||
enum py_ssl_version { | |||
+#ifndef OPENSSL_NO_SSL2 | |||
PY_SSL_VERSION_SSL2, | |||
+#endif | |||
PY_SSL_VERSION_SSL3, | |||
PY_SSL_VERSION_SSL23, | |||
PY_SSL_VERSION_TLS1, | |||
@@ -301,8 +303,10 @@ | |||
self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ | |||
else if (proto_version == PY_SSL_VERSION_SSL3) | |||
self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ | |||
+#ifndef OPENSSL_NO_SSL2 | |||
else if (proto_version == PY_SSL_VERSION_SSL2) | |||
self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ | |||
+#endif | |||
else if (proto_version == PY_SSL_VERSION_SSL23) | |||
self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */ | |||
PySSL_END_ALLOW_THREADS | |||
@@ -1693,8 +1697,10 @@ | |||
PY_SSL_CERT_REQUIRED); | |||
/* protocol versions */ | |||
+#ifndef OPENSSL_NO_SSL2 | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", | |||
PY_SSL_VERSION_SSL2); | |||
+#endif | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", | |||
PY_SSL_VERSION_SSL3); | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", |
@ -0,0 +1,96 @@ | |||
diff -r -u ../Python-3.1.2.orig/Lib/ssl.py ./Lib/ssl.py | |||
--- ../Python-3.1.2.orig/Lib/ssl.py 2010-01-18 09:16:17.000000000 +0000 | |||
+++ ./Lib/ssl.py 2015-12-20 07:36:08.545346519 +0000 | |||
@@ -60,20 +60,23 @@ | |||
from _ssl import SSLError | |||
from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED | |||
-from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, | |||
- PROTOCOL_TLSv1) | |||
-from _ssl import RAND_status, RAND_egd, RAND_add | |||
-from _ssl import ( | |||
- SSL_ERROR_ZERO_RETURN, | |||
- SSL_ERROR_WANT_READ, | |||
- SSL_ERROR_WANT_WRITE, | |||
- SSL_ERROR_WANT_X509_LOOKUP, | |||
- SSL_ERROR_SYSCALL, | |||
- SSL_ERROR_SSL, | |||
- SSL_ERROR_WANT_CONNECT, | |||
- SSL_ERROR_EOF, | |||
- SSL_ERROR_INVALID_ERROR_CODE, | |||
- ) | |||
+from _ssl import RAND_status, RAND_add | |||
+try: | |||
+ from _ssl import RAND_egd | |||
+except ImportError: | |||
+ # LibreSSL does not provide RAND_egd | |||
+ pass | |||
+ | |||
+def _import_symbols(prefix): | |||
+ for n in dir(_ssl): | |||
+ if n.startswith(prefix): | |||
+ globals()[n] = getattr(_ssl, n) | |||
+ | |||
+_import_symbols('OP_') | |||
+_import_symbols('SSL_ERROR_') | |||
+_import_symbols('PROTOCOL_') | |||
+ | |||
+_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} | |||
from socket import getnameinfo as _getnameinfo | |||
from socket import error as socket_error | |||
@@ -415,7 +418,7 @@ | |||
d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] | |||
return base64.decodebytes(d.encode('ASCII', 'strict')) | |||
-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): | |||
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): | |||
"""Retrieve the certificate from the server at the specified address, | |||
and return it as a PEM-encoded string. | |||
If 'ca_certs' is specified, validate the server cert against it. | |||
diff -r -u ../Python-3.1.2.orig/Modules/_ssl.c ./Modules/_ssl.c | |||
--- ../Python-3.1.2.orig/Modules/_ssl.c 2010-03-02 22:49:30.000000000 +0000 | |||
+++ ./Modules/_ssl.c 2015-12-20 07:35:02.675100987 +0000 | |||
@@ -62,8 +62,12 @@ | |||
}; | |||
enum py_ssl_version { | |||
+#ifndef OPENSSL_NO_SSL2 | |||
PY_SSL_VERSION_SSL2, | |||
+#endif | |||
+#ifndef OPENSSL_NO_SSL3 | |||
PY_SSL_VERSION_SSL3, | |||
+#endif | |||
PY_SSL_VERSION_SSL23, | |||
PY_SSL_VERSION_TLS1, | |||
}; | |||
@@ -299,10 +303,14 @@ | |||
PySSL_BEGIN_ALLOW_THREADS | |||
if (proto_version == PY_SSL_VERSION_TLS1) | |||
self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ | |||
+#ifndef OPENSSL_NO_SSL3 | |||
else if (proto_version == PY_SSL_VERSION_SSL3) | |||
self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ | |||
+#endif | |||
+#ifndef OPENSSL_NO_SSL2 | |||
else if (proto_version == PY_SSL_VERSION_SSL2) | |||
self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ | |||
+#endif | |||
else if (proto_version == PY_SSL_VERSION_SSL23) | |||
self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */ | |||
PySSL_END_ALLOW_THREADS | |||
@@ -1698,10 +1706,14 @@ | |||
PY_SSL_CERT_REQUIRED); | |||
/* protocol versions */ | |||
+#ifndef OPENSSL_NO_SSL2 | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", | |||
PY_SSL_VERSION_SSL2); | |||
+#endif | |||
+#ifndef OPENSSL_NO_SSL3 | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", | |||
PY_SSL_VERSION_SSL3); | |||
+#endif | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", | |||
PY_SSL_VERSION_SSL23); | |||
PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", |
@ -1,75 +0,0 @@ | |||
diff -r -u ./Lib/ssl.py ../Python-3.1.3/Lib/ssl.py | |||
--- ./Lib/ssl.py 2010-09-14 23:47:08.000000000 +0900 | |||
+++ ../Python-3.1.3/Lib/ssl.py 2013-05-23 12:03:38.000000000 +0900 | |||
@@ -60,8 +60,20 @@ | |||
from _ssl import SSLError | |||
from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED | |||
-from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, | |||
+from _ssl import (PROTOCOL_SSLv3, PROTOCOL_SSLv23, | |||
PROTOCOL_TLSv1) | |||
+_PROTOCOL_NAMES = { | |||
+ PROTOCOL_TLSv1: "TLSv1", | |||
+ PROTOCOL_SSLv23: "SSLv23", | |||
+ PROTOCOL_SSLv3: "SSLv3", | |||
+} | |||
+try: | |||
+ from _ssl import PROTOCOL_SSLv2 | |||
+ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 | |||
+except ImportError: | |||
+ _SSLv2_IF_EXISTS = None | |||
+else: | |||
+ _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" | |||
from _ssl import RAND_status, RAND_egd, RAND_add | |||
from _ssl import ( | |||
SSL_ERROR_ZERO_RETURN, | |||
@@ -427,13 +439,4 @@ | |||
return DER_cert_to_PEM_cert(dercert) | |||
def get_protocol_name(protocol_code): | |||
- if protocol_code == PROTOCOL_TLSv1: | |||
- return "TLSv1" | |||
- elif protocol_code == PROTOCOL_SSLv23: | |||
- return "SSLv23" | |||
- elif protocol_code == PROTOCOL_SSLv2: | |||
- return "SSLv2" | |||
- elif protocol_code == PROTOCOL_SSLv3: | |||
- return "SSLv3" | |||
- else: | |||
- return "<unknown>" | |||
+ return _PROTOCOL_NAMES.get(protocol_code, '<unknown>') | |||
diff -r -u ./Modules/_ssl.c ../Python-3.1.3/Modules/_ssl.c | |||
--- ./Modules/_ssl.c 2010-10-14 07:20:48.000000000 +0900 | |||
+++ ../Python-3.1.3/Modules/_ssl.c 2013-05-23 12:04:31.000000000 +0900 | |||
@@ -63,7 +63,9 @@ | |||
}; | |||
enum py_ssl_version { | |||
+#ifndef OPENSSL_NO_SSL2 | |||
PY_SSL_VERSION_SSL2, | |||
+#endif | |||
PY_SSL_VERSION_SSL3, | |||
PY_SSL_VERSION_SSL23, | |||
PY_SSL_VERSION_TLS1 | |||
@@ -306,8 +308,10 @@ | |||
self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ | |||
else if (proto_version == PY_SSL_VERSION_SSL3) | |||
self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ | |||
+#ifndef OPENSSL_NO_SSL2 | |||
else if (proto_version == PY_SSL_VERSION_SSL2) | |||
self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ | |||
+#endif | |||
else if (proto_version == PY_SSL_VERSION_SSL23) | |||
self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */ | |||
PySSL_END_ALLOW_THREADS | |||
@@ -1785,8 +1789,10 @@ | |||
PY_SSL_CERT_REQUIRED); | |||
/* protocol versions */ | |||
+#ifndef OPENSSL_NO_SSL2 | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", | |||
PY_SSL_VERSION_SSL2); | |||
+#endif | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", | |||
PY_SSL_VERSION_SSL3); | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", |
@ -0,0 +1,96 @@ | |||
diff -r -u ../Python-3.1.3.orig/Lib/ssl.py ./Lib/ssl.py | |||
--- ../Python-3.1.3.orig/Lib/ssl.py 2010-09-14 14:47:08.000000000 +0000 | |||
+++ ./Lib/ssl.py 2015-12-20 07:32:44.351880682 +0000 | |||
@@ -60,20 +60,23 @@ | |||
from _ssl import SSLError | |||
from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED | |||
-from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, | |||
- PROTOCOL_TLSv1) | |||
-from _ssl import RAND_status, RAND_egd, RAND_add | |||
-from _ssl import ( | |||
- SSL_ERROR_ZERO_RETURN, | |||
- SSL_ERROR_WANT_READ, | |||
- SSL_ERROR_WANT_WRITE, | |||
- SSL_ERROR_WANT_X509_LOOKUP, | |||
- SSL_ERROR_SYSCALL, | |||
- SSL_ERROR_SSL, | |||
- SSL_ERROR_WANT_CONNECT, | |||
- SSL_ERROR_EOF, | |||
- SSL_ERROR_INVALID_ERROR_CODE, | |||
- ) | |||
+from _ssl import RAND_status, RAND_add | |||
+try: | |||
+ from _ssl import RAND_egd | |||
+except ImportError: | |||
+ # LibreSSL does not provide RAND_egd | |||
+ pass | |||
+ | |||
+def _import_symbols(prefix): | |||
+ for n in dir(_ssl): | |||
+ if n.startswith(prefix): | |||
+ globals()[n] = getattr(_ssl, n) | |||
+ | |||
+_import_symbols('OP_') | |||
+_import_symbols('SSL_ERROR_') | |||
+_import_symbols('PROTOCOL_') | |||
+ | |||
+_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} | |||
from socket import getnameinfo as _getnameinfo | |||
from socket import error as socket_error | |||
@@ -408,7 +411,7 @@ | |||
d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] | |||
return base64.decodebytes(d.encode('ASCII', 'strict')) | |||
-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): | |||
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): | |||
"""Retrieve the certificate from the server at the specified address, | |||
and return it as a PEM-encoded string. | |||
If 'ca_certs' is specified, validate the server cert against it. | |||
diff -r -u ../Python-3.1.3.orig/Modules/_ssl.c ./Modules/_ssl.c | |||
--- ../Python-3.1.3.orig/Modules/_ssl.c 2010-10-13 22:20:48.000000000 +0000 | |||
+++ ./Modules/_ssl.c 2015-12-20 07:31:44.644359788 +0000 | |||
@@ -63,8 +63,12 @@ | |||
}; | |||
enum py_ssl_version { | |||
+#ifndef OPENSSL_NO_SSL2 | |||
PY_SSL_VERSION_SSL2, | |||
+#endif | |||
+#ifndef OPENSSL_NO_SSL3 | |||
PY_SSL_VERSION_SSL3, | |||
+#endif | |||
PY_SSL_VERSION_SSL23, | |||
PY_SSL_VERSION_TLS1 | |||
}; | |||
@@ -304,10 +308,14 @@ | |||
PySSL_BEGIN_ALLOW_THREADS | |||
if (proto_version == PY_SSL_VERSION_TLS1) | |||
self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ | |||
+#ifndef OPENSSL_NO_SSL3 | |||
else if (proto_version == PY_SSL_VERSION_SSL3) | |||
self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ | |||
+#endif | |||
+#ifndef OPENSSL_NO_SSL2 | |||
else if (proto_version == PY_SSL_VERSION_SSL2) | |||
self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ | |||
+#endif | |||
else if (proto_version == PY_SSL_VERSION_SSL23) | |||
self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */ | |||
PySSL_END_ALLOW_THREADS | |||
@@ -1785,10 +1793,14 @@ | |||
PY_SSL_CERT_REQUIRED); | |||
/* protocol versions */ | |||
+#ifndef OPENSSL_NO_SSL2 | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", | |||
PY_SSL_VERSION_SSL2); | |||
+#endif | |||
+#ifndef OPENSSL_NO_SSL3 | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", | |||
PY_SSL_VERSION_SSL3); | |||
+#endif | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", | |||
PY_SSL_VERSION_SSL23); | |||
PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", |
@ -0,0 +1,97 @@ | |||
diff -r -u ../Python-3.1.5.orig/Lib/ssl.py ./Lib/ssl.py | |||
--- ../Python-3.1.5.orig/Lib/ssl.py 2012-04-09 23:25:35.000000000 +0000 | |||
+++ ./Lib/ssl.py 2015-12-20 07:28:44.015492213 +0000 | |||
@@ -60,30 +60,28 @@ | |||
from _ssl import SSLError | |||
from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED | |||
-from _ssl import RAND_status, RAND_egd, RAND_add | |||
-from _ssl import ( | |||
- SSL_ERROR_ZERO_RETURN, | |||
- SSL_ERROR_WANT_READ, | |||
- SSL_ERROR_WANT_WRITE, | |||
- SSL_ERROR_WANT_X509_LOOKUP, | |||
- SSL_ERROR_SYSCALL, | |||
- SSL_ERROR_SSL, | |||
- SSL_ERROR_WANT_CONNECT, | |||
- SSL_ERROR_EOF, | |||
- SSL_ERROR_INVALID_ERROR_CODE, | |||
- ) | |||
-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 | |||
-_PROTOCOL_NAMES = { | |||
- PROTOCOL_TLSv1: "TLSv1", | |||
- PROTOCOL_SSLv23: "SSLv23", | |||
- PROTOCOL_SSLv3: "SSLv3", | |||
-} | |||
+from _ssl import RAND_status, RAND_add | |||
try: | |||
- from _ssl import PROTOCOL_SSLv2 | |||
+ from _ssl import RAND_egd | |||
except ImportError: | |||
+ # LibreSSL does not provide RAND_egd | |||
pass | |||
-else: | |||
- _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" | |||
+ | |||
+def _import_symbols(prefix): | |||
+ for n in dir(_ssl): | |||
+ if n.startswith(prefix): | |||
+ globals()[n] = getattr(_ssl, n) | |||
+ | |||
+_import_symbols('OP_') | |||
+_import_symbols('SSL_ERROR_') | |||
+_import_symbols('PROTOCOL_') | |||
+ | |||
+_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} | |||
+ | |||
+try: | |||
+ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 | |||
+except NameError: | |||
+ _SSLv2_IF_EXISTS = None | |||
from socket import getnameinfo as _getnameinfo | |||
from socket import error as socket_error | |||
@@ -418,7 +416,7 @@ | |||
d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] | |||
return base64.decodebytes(d.encode('ASCII', 'strict')) | |||
-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): | |||
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): | |||
"""Retrieve the certificate from the server at the specified address, | |||
and return it as a PEM-encoded string. | |||
If 'ca_certs' is specified, validate the server cert against it. | |||
diff -r -u ../Python-3.1.5.orig/Modules/_ssl.c ./Modules/_ssl.c | |||
--- ../Python-3.1.5.orig/Modules/_ssl.c 2012-04-09 23:25:36.000000000 +0000 | |||
+++ ./Modules/_ssl.c 2015-12-20 07:27:06.620775506 +0000 | |||
@@ -66,7 +66,9 @@ | |||
#ifndef OPENSSL_NO_SSL2 | |||
PY_SSL_VERSION_SSL2, | |||
#endif | |||
+#ifndef OPENSSL_NO_SSL3 | |||
PY_SSL_VERSION_SSL3=1, | |||
+#endif | |||
PY_SSL_VERSION_SSL23, | |||
PY_SSL_VERSION_TLS1 | |||
}; | |||
@@ -306,8 +308,10 @@ | |||
PySSL_BEGIN_ALLOW_THREADS | |||
if (proto_version == PY_SSL_VERSION_TLS1) | |||
self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ | |||
+#ifndef OPENSSL_NO_SSL3 | |||
else if (proto_version == PY_SSL_VERSION_SSL3) | |||
self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ | |||
+#endif | |||
#ifndef OPENSSL_NO_SSL2 | |||
else if (proto_version == PY_SSL_VERSION_SSL2) | |||
self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ | |||
@@ -1796,8 +1800,10 @@ | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", | |||
PY_SSL_VERSION_SSL2); | |||
#endif | |||
+#ifndef OPENSSL_NO_SSL3 | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", | |||
PY_SSL_VERSION_SSL3); | |||
+#endif | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", | |||
PY_SSL_VERSION_SSL23); | |||
PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", |
@ -0,0 +1,97 @@ | |||
diff -r -u ../Python-3.1.5.orig/Lib/ssl.py ./Lib/ssl.py | |||
--- ../Python-3.1.5.orig/Lib/ssl.py 2012-04-09 23:25:35.000000000 +0000 | |||
+++ ./Lib/ssl.py 2015-12-20 07:28:44.015492213 +0000 | |||
@@ -60,30 +60,28 @@ | |||
from _ssl import SSLError | |||
from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED | |||
-from _ssl import RAND_status, RAND_egd, RAND_add | |||
-from _ssl import ( | |||
- SSL_ERROR_ZERO_RETURN, | |||
- SSL_ERROR_WANT_READ, | |||
- SSL_ERROR_WANT_WRITE, | |||
- SSL_ERROR_WANT_X509_LOOKUP, | |||
- SSL_ERROR_SYSCALL, | |||
- SSL_ERROR_SSL, | |||
- SSL_ERROR_WANT_CONNECT, | |||
- SSL_ERROR_EOF, | |||
- SSL_ERROR_INVALID_ERROR_CODE, | |||
- ) | |||
-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 | |||
-_PROTOCOL_NAMES = { | |||
- PROTOCOL_TLSv1: "TLSv1", | |||
- PROTOCOL_SSLv23: "SSLv23", | |||
- PROTOCOL_SSLv3: "SSLv3", | |||
-} | |||
+from _ssl import RAND_status, RAND_add | |||
try: | |||
- from _ssl import PROTOCOL_SSLv2 | |||
+ from _ssl import RAND_egd | |||
except ImportError: | |||
+ # LibreSSL does not provide RAND_egd | |||
pass | |||
-else: | |||
- _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" | |||
+ | |||
+def _import_symbols(prefix): | |||
+ for n in dir(_ssl): | |||
+ if n.startswith(prefix): | |||
+ globals()[n] = getattr(_ssl, n) | |||
+ | |||
+_import_symbols('OP_') | |||
+_import_symbols('SSL_ERROR_') | |||
+_import_symbols('PROTOCOL_') | |||
+ | |||
+_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} | |||
+ | |||
+try: | |||
+ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 | |||
+except NameError: | |||
+ _SSLv2_IF_EXISTS = None | |||
from socket import getnameinfo as _getnameinfo | |||
from socket import error as socket_error | |||
@@ -418,7 +416,7 @@ | |||
d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] | |||
return base64.decodebytes(d.encode('ASCII', 'strict')) | |||
-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): | |||
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): | |||
"""Retrieve the certificate from the server at the specified address, | |||
and return it as a PEM-encoded string. | |||
If 'ca_certs' is specified, validate the server cert against it. | |||
diff -r -u ../Python-3.1.5.orig/Modules/_ssl.c ./Modules/_ssl.c | |||
--- ../Python-3.1.5.orig/Modules/_ssl.c 2012-04-09 23:25:36.000000000 +0000 | |||
+++ ./Modules/_ssl.c 2015-12-20 07:27:06.620775506 +0000 | |||
@@ -66,7 +66,9 @@ | |||
#ifndef OPENSSL_NO_SSL2 | |||
PY_SSL_VERSION_SSL2, | |||
#endif | |||
+#ifndef OPENSSL_NO_SSL3 | |||
PY_SSL_VERSION_SSL3=1, | |||
+#endif | |||
PY_SSL_VERSION_SSL23, | |||
PY_SSL_VERSION_TLS1 | |||
}; | |||
@@ -306,8 +308,10 @@ | |||
PySSL_BEGIN_ALLOW_THREADS | |||
if (proto_version == PY_SSL_VERSION_TLS1) | |||
self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ | |||
+#ifndef OPENSSL_NO_SSL3 | |||
else if (proto_version == PY_SSL_VERSION_SSL3) | |||
self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ | |||
+#endif | |||
#ifndef OPENSSL_NO_SSL2 | |||
else if (proto_version == PY_SSL_VERSION_SSL2) | |||
self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ | |||
@@ -1796,8 +1800,10 @@ | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", | |||
PY_SSL_VERSION_SSL2); | |||
#endif | |||
+#ifndef OPENSSL_NO_SSL3 | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", | |||
PY_SSL_VERSION_SSL3); | |||
+#endif | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", | |||
PY_SSL_VERSION_SSL23); | |||
PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", |
@ -1,75 +0,0 @@ | |||
diff -r -u ../Python-3.1/Lib/ssl.py ./Lib/ssl.py | |||
--- ../Python-3.1/Lib/ssl.py 2009-06-04 18:42:55.000000000 +0900 | |||
+++ ./Lib/ssl.py 2015-08-15 13:12:22.270915671 +0900 | |||
@@ -60,8 +60,20 @@ | |||
from _ssl import SSLError | |||
from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED | |||
-from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, | |||
+from _ssl import (PROTOCOL_SSLv3, PROTOCOL_SSLv23, | |||
PROTOCOL_TLSv1) | |||
+_PROTOCOL_NAMES = { | |||
+ PROTOCOL_TLSv1: "TLSv1", | |||
+ PROTOCOL_SSLv23: "SSLv23", | |||
+ PROTOCOL_SSLv3: "SSLv3", | |||
+} | |||
+try: | |||
+ from _ssl import PROTOCOL_SSLv2 | |||
+ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 | |||
+except ImportError: | |||
+ _SSLv2_IF_EXISTS = None | |||
+else: | |||
+ _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" | |||
from _ssl import RAND_status, RAND_egd, RAND_add | |||
from _ssl import ( | |||
SSL_ERROR_ZERO_RETURN, | |||
@@ -434,13 +446,4 @@ | |||
return DER_cert_to_PEM_cert(dercert) | |||
def get_protocol_name(protocol_code): | |||
- if protocol_code == PROTOCOL_TLSv1: | |||
- return "TLSv1" | |||
- elif protocol_code == PROTOCOL_SSLv23: | |||
- return "SSLv23" | |||
- elif protocol_code == PROTOCOL_SSLv2: | |||
- return "SSLv2" | |||
- elif protocol_code == PROTOCOL_SSLv3: | |||
- return "SSLv3" | |||
- else: | |||
- return "<unknown>" | |||
+ return _PROTOCOL_NAMES.get(protocol_code, '<unknown>') | |||
diff -r -u ../Python-3.1/Modules/_ssl.c ./Modules/_ssl.c | |||
--- ../Python-3.1/Modules/_ssl.c 2009-05-06 07:31:58.000000000 +0900 | |||
+++ ./Modules/_ssl.c 2015-08-15 13:13:23.812369742 +0900 | |||
@@ -62,7 +62,9 @@ | |||
}; | |||
enum py_ssl_version { | |||
+#ifndef OPENSSL_NO_SSL2 | |||
PY_SSL_VERSION_SSL2, | |||
+#endif | |||
PY_SSL_VERSION_SSL3, | |||
PY_SSL_VERSION_SSL23, | |||
PY_SSL_VERSION_TLS1, | |||
@@ -301,8 +303,10 @@ | |||
self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ | |||
else if (proto_version == PY_SSL_VERSION_SSL3) | |||
self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ | |||
+#ifndef OPENSSL_NO_SSL2 | |||
else if (proto_version == PY_SSL_VERSION_SSL2) | |||
self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ | |||
+#endif | |||
else if (proto_version == PY_SSL_VERSION_SSL23) | |||
self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */ | |||
PySSL_END_ALLOW_THREADS | |||
@@ -1693,8 +1697,10 @@ | |||
PY_SSL_CERT_REQUIRED); | |||
/* protocol versions */ | |||
+#ifndef OPENSSL_NO_SSL2 | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", | |||
PY_SSL_VERSION_SSL2); | |||
+#endif | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", | |||
PY_SSL_VERSION_SSL3); | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", |
@ -0,0 +1,96 @@ | |||
diff -r -u ../Python-3.1.2.orig/Lib/ssl.py ./Lib/ssl.py | |||
--- ../Python-3.1.2.orig/Lib/ssl.py 2010-01-18 09:16:17.000000000 +0000 | |||
+++ ./Lib/ssl.py 2015-12-20 07:36:08.545346519 +0000 | |||
@@ -60,20 +60,23 @@ | |||
from _ssl import SSLError | |||
from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED | |||
-from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, | |||
- PROTOCOL_TLSv1) | |||
-from _ssl import RAND_status, RAND_egd, RAND_add | |||
-from _ssl import ( | |||
- SSL_ERROR_ZERO_RETURN, | |||
- SSL_ERROR_WANT_READ, | |||
- SSL_ERROR_WANT_WRITE, | |||
- SSL_ERROR_WANT_X509_LOOKUP, | |||
- SSL_ERROR_SYSCALL, | |||
- SSL_ERROR_SSL, | |||
- SSL_ERROR_WANT_CONNECT, | |||
- SSL_ERROR_EOF, | |||
- SSL_ERROR_INVALID_ERROR_CODE, | |||
- ) | |||
+from _ssl import RAND_status, RAND_add | |||
+try: | |||
+ from _ssl import RAND_egd | |||
+except ImportError: | |||
+ # LibreSSL does not provide RAND_egd | |||
+ pass | |||
+ | |||
+def _import_symbols(prefix): | |||
+ for n in dir(_ssl): | |||
+ if n.startswith(prefix): | |||
+ globals()[n] = getattr(_ssl, n) | |||
+ | |||
+_import_symbols('OP_') | |||
+_import_symbols('SSL_ERROR_') | |||
+_import_symbols('PROTOCOL_') | |||
+ | |||
+_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} | |||
from socket import getnameinfo as _getnameinfo | |||
from socket import error as socket_error | |||
@@ -415,7 +418,7 @@ | |||
d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] | |||
return base64.decodebytes(d.encode('ASCII', 'strict')) | |||
-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): | |||
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): | |||
"""Retrieve the certificate from the server at the specified address, | |||
and return it as a PEM-encoded string. | |||
If 'ca_certs' is specified, validate the server cert against it. | |||
diff -r -u ../Python-3.1.2.orig/Modules/_ssl.c ./Modules/_ssl.c | |||
--- ../Python-3.1.2.orig/Modules/_ssl.c 2010-03-02 22:49:30.000000000 +0000 | |||
+++ ./Modules/_ssl.c 2015-12-20 07:35:02.675100987 +0000 | |||
@@ -62,8 +62,12 @@ | |||
}; | |||
enum py_ssl_version { | |||
+#ifndef OPENSSL_NO_SSL2 | |||
PY_SSL_VERSION_SSL2, | |||
+#endif | |||
+#ifndef OPENSSL_NO_SSL3 | |||
PY_SSL_VERSION_SSL3, | |||
+#endif | |||
PY_SSL_VERSION_SSL23, | |||
PY_SSL_VERSION_TLS1, | |||
}; | |||
@@ -299,10 +303,14 @@ | |||
PySSL_BEGIN_ALLOW_THREADS | |||
if (proto_version == PY_SSL_VERSION_TLS1) | |||
self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ | |||
+#ifndef OPENSSL_NO_SSL3 | |||
else if (proto_version == PY_SSL_VERSION_SSL3) | |||
self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ | |||
+#endif | |||
+#ifndef OPENSSL_NO_SSL2 | |||
else if (proto_version == PY_SSL_VERSION_SSL2) | |||
self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ | |||
+#endif | |||
else if (proto_version == PY_SSL_VERSION_SSL23) | |||
self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */ | |||
PySSL_END_ALLOW_THREADS | |||
@@ -1698,10 +1706,14 @@ | |||
PY_SSL_CERT_REQUIRED); | |||
/* protocol versions */ | |||
+#ifndef OPENSSL_NO_SSL2 | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", | |||
PY_SSL_VERSION_SSL2); | |||
+#endif | |||
+#ifndef OPENSSL_NO_SSL3 | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", | |||
PY_SSL_VERSION_SSL3); | |||
+#endif | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", | |||
PY_SSL_VERSION_SSL23); | |||
PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", |
@ -0,0 +1,101 @@ | |||
diff -r -u ../Python-3.2.1.orig/Lib/ssl.py ./Lib/ssl.py | |||
--- ../Python-3.2.1.orig/Lib/ssl.py 2011-07-09 06:58:49.000000000 +0000 | |||
+++ ./Lib/ssl.py 2015-12-20 07:06:01.609146268 +0000 | |||
@@ -62,32 +62,30 @@ | |||
from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION | |||
from _ssl import _SSLContext, SSLError | |||
from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED | |||
-from _ssl import OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1 | |||
-from _ssl import RAND_status, RAND_egd, RAND_add | |||
-from _ssl import ( | |||
- SSL_ERROR_ZERO_RETURN, | |||
- SSL_ERROR_WANT_READ, | |||
- SSL_ERROR_WANT_WRITE, | |||
- SSL_ERROR_WANT_X509_LOOKUP, | |||
- SSL_ERROR_SYSCALL, | |||
- SSL_ERROR_SSL, | |||
- SSL_ERROR_WANT_CONNECT, | |||
- SSL_ERROR_EOF, | |||
- SSL_ERROR_INVALID_ERROR_CODE, | |||
- ) | |||
-from _ssl import HAS_SNI | |||
-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 | |||
-_PROTOCOL_NAMES = { | |||
- PROTOCOL_TLSv1: "TLSv1", | |||
- PROTOCOL_SSLv23: "SSLv23", | |||
- PROTOCOL_SSLv3: "SSLv3", | |||
-} | |||
+from _ssl import RAND_status, RAND_add | |||
try: | |||
- from _ssl import PROTOCOL_SSLv2 | |||
+ from _ssl import RAND_egd | |||
except ImportError: | |||
+ # LibreSSL does not provide RAND_egd | |||
pass | |||
-else: | |||
- _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" | |||
+ | |||
+def _import_symbols(prefix): | |||
+ for n in dir(_ssl): | |||
+ if n.startswith(prefix): | |||
+ globals()[n] = getattr(_ssl, n) | |||
+ | |||
+_import_symbols('OP_') | |||
+_import_symbols('SSL_ERROR_') | |||
+_import_symbols('PROTOCOL_') | |||
+ | |||
+from _ssl import HAS_SNI | |||
+ | |||
+_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} | |||
+ | |||
+try: | |||
+ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 | |||
+except NameError: | |||
+ _SSLv2_IF_EXISTS = None | |||
from socket import getnameinfo as _getnameinfo | |||
from socket import error as socket_error | |||
@@ -545,7 +543,7 @@ | |||
d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] | |||
return base64.decodebytes(d.encode('ASCII', 'strict')) | |||
-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): | |||
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): | |||
"""Retrieve the certificate from the server at the specified address, | |||
and return it as a PEM-encoded string. | |||
If 'ca_certs' is specified, validate the server cert against it. | |||
diff -r -u ../Python-3.2.1.orig/Modules/_ssl.c ./Modules/_ssl.c | |||
--- ../Python-3.2.1.orig/Modules/_ssl.c 2011-07-09 06:58:54.000000000 +0000 | |||
+++ ./Modules/_ssl.c 2015-12-20 07:04:34.878266042 +0000 | |||
@@ -66,7 +66,9 @@ | |||
#ifndef OPENSSL_NO_SSL2 | |||
PY_SSL_VERSION_SSL2, | |||
#endif | |||
+#ifndef OPENSSL_NO_SSL3 | |||
PY_SSL_VERSION_SSL3=1, | |||
+#endif | |||
PY_SSL_VERSION_SSL23, | |||
PY_SSL_VERSION_TLS1 | |||
}; | |||
@@ -1450,8 +1452,10 @@ | |||
PySSL_BEGIN_ALLOW_THREADS | |||
if (proto_version == PY_SSL_VERSION_TLS1) | |||
ctx = SSL_CTX_new(TLSv1_method()); | |||
+#ifndef OPENSSL_NO_SSL3 | |||
else if (proto_version == PY_SSL_VERSION_SSL3) | |||
ctx = SSL_CTX_new(SSLv3_method()); | |||
+#endif | |||
#ifndef OPENSSL_NO_SSL2 | |||
else if (proto_version == PY_SSL_VERSION_SSL2) | |||
ctx = SSL_CTX_new(SSLv2_method()); | |||
@@ -2118,8 +2122,10 @@ | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", | |||
PY_SSL_VERSION_SSL2); | |||
#endif | |||
+#ifndef OPENSSL_NO_SSL3 | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", | |||
PY_SSL_VERSION_SSL3); | |||
+#endif | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", | |||
PY_SSL_VERSION_SSL23); | |||
PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", |
@ -0,0 +1,102 @@ | |||
diff -r -u ../Python-3.2.2.orig/Lib/ssl.py ./Lib/ssl.py | |||
--- ../Python-3.2.2.orig/Lib/ssl.py 2011-09-03 16:16:42.000000000 +0000 | |||
+++ ./Lib/ssl.py 2015-12-20 07:01:09.947260656 +0000 | |||
@@ -62,34 +62,30 @@ | |||
from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION | |||
from _ssl import _SSLContext, SSLError | |||
from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED | |||
-from _ssl import OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1 | |||
-from _ssl import RAND_status, RAND_egd, RAND_add | |||
-from _ssl import ( | |||
- SSL_ERROR_ZERO_RETURN, | |||
- SSL_ERROR_WANT_READ, | |||
- SSL_ERROR_WANT_WRITE, | |||
- SSL_ERROR_WANT_X509_LOOKUP, | |||
- SSL_ERROR_SYSCALL, | |||
- SSL_ERROR_SSL, | |||
- SSL_ERROR_WANT_CONNECT, | |||
- SSL_ERROR_EOF, | |||
- SSL_ERROR_INVALID_ERROR_CODE, | |||
- ) | |||
+from _ssl import RAND_status, RAND_add | |||
+try: | |||
+ from _ssl import RAND_egd | |||
+except ImportError: | |||
+ # LibreSSL does not provide RAND_egd | |||
+ pass | |||
+ | |||
+def _import_symbols(prefix): | |||
+ for n in dir(_ssl): | |||
+ if n.startswith(prefix): | |||
+ globals()[n] = getattr(_ssl, n) | |||
+ | |||
+_import_symbols('OP_') | |||
+_import_symbols('SSL_ERROR_') | |||
+_import_symbols('PROTOCOL_') | |||
+ | |||
from _ssl import HAS_SNI | |||
-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 | |||
from _ssl import _OPENSSL_API_VERSION | |||
-_PROTOCOL_NAMES = { | |||
- PROTOCOL_TLSv1: "TLSv1", | |||
- PROTOCOL_SSLv23: "SSLv23", | |||
- PROTOCOL_SSLv3: "SSLv3", | |||
-} | |||
+_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} | |||
try: | |||
- from _ssl import PROTOCOL_SSLv2 | |||
-except ImportError: | |||
- pass | |||
-else: | |||
- _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" | |||
+ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 | |||
+except NameError: | |||
+ _SSLv2_IF_EXISTS = None | |||
from socket import getnameinfo as _getnameinfo | |||
from socket import error as socket_error | |||
@@ -547,7 +543,7 @@ | |||
d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] | |||
return base64.decodebytes(d.encode('ASCII', 'strict')) | |||
-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): | |||
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): | |||
"""Retrieve the certificate from the server at the specified address, | |||
and return it as a PEM-encoded string. | |||
If 'ca_certs' is specified, validate the server cert against it. | |||
diff -r -u ../Python-3.2.2.orig/Modules/_ssl.c ./Modules/_ssl.c | |||
--- ../Python-3.2.2.orig/Modules/_ssl.c 2011-09-03 16:16:46.000000000 +0000 | |||
+++ ./Modules/_ssl.c 2015-12-20 06:59:12.632993190 +0000 | |||
@@ -66,7 +66,9 @@ | |||
#ifndef OPENSSL_NO_SSL2 | |||
PY_SSL_VERSION_SSL2, | |||
#endif | |||
+#ifndef OPENSSL_NO_SSL3 | |||
PY_SSL_VERSION_SSL3=1, | |||
+#endif | |||
PY_SSL_VERSION_SSL23, | |||
PY_SSL_VERSION_TLS1 | |||
}; | |||
@@ -1450,8 +1452,10 @@ | |||
PySSL_BEGIN_ALLOW_THREADS | |||
if (proto_version == PY_SSL_VERSION_TLS1) | |||
ctx = SSL_CTX_new(TLSv1_method()); | |||
+#ifndef OPENSSL_NO_SSL3 | |||
else if (proto_version == PY_SSL_VERSION_SSL3) | |||
ctx = SSL_CTX_new(SSLv3_method()); | |||
+#endif | |||
#ifndef OPENSSL_NO_SSL2 | |||
else if (proto_version == PY_SSL_VERSION_SSL2) | |||
ctx = SSL_CTX_new(SSLv2_method()); | |||
@@ -2136,8 +2140,10 @@ | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", | |||
PY_SSL_VERSION_SSL2); | |||
#endif | |||
+#ifndef OPENSSL_NO_SSL3 | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", | |||
PY_SSL_VERSION_SSL3); | |||
+#endif | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", | |||
PY_SSL_VERSION_SSL23); | |||
PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", |
@ -0,0 +1,100 @@ | |||
diff -r -u ../Python-3.2.6.orig/Lib/ssl.py ./Lib/ssl.py | |||
--- ../Python-3.2.6.orig/Lib/ssl.py 2014-10-12 06:52:02.000000000 +0000 | |||
+++ ./Lib/ssl.py 2015-12-20 06:40:11.895384463 +0000 | |||
@@ -62,35 +62,30 @@ | |||
from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION | |||
from _ssl import _SSLContext, SSLError | |||
from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED | |||
-from _ssl import OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1 | |||
from _ssl import RAND_status, RAND_egd, RAND_add | |||
-from _ssl import ( | |||
- SSL_ERROR_ZERO_RETURN, | |||
- SSL_ERROR_WANT_READ, | |||
- SSL_ERROR_WANT_WRITE, | |||
- SSL_ERROR_WANT_X509_LOOKUP, | |||
- SSL_ERROR_SYSCALL, | |||
- SSL_ERROR_SSL, | |||
- SSL_ERROR_WANT_CONNECT, | |||
- SSL_ERROR_EOF, | |||
- SSL_ERROR_INVALID_ERROR_CODE, | |||
- ) | |||
+try: | |||
+ from _ssl import RAND_egd | |||
+except ImportError: | |||
+ # LibreSSL does not provide RAND_egd | |||
+ pass | |||
+ | |||
+def _import_symbols(prefix): | |||
+ for n in dir(_ssl): | |||
+ if n.startswith(prefix): | |||
+ globals()[n] = getattr(_ssl, n) | |||
+ | |||
+_import_symbols('OP_') | |||
+_import_symbols('SSL_ERROR_') | |||
+_import_symbols('PROTOCOL_') | |||
+ | |||
from _ssl import HAS_SNI | |||
-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 | |||
from _ssl import _OPENSSL_API_VERSION | |||
-_PROTOCOL_NAMES = { | |||
- PROTOCOL_TLSv1: "TLSv1", | |||
- PROTOCOL_SSLv23: "SSLv23", | |||
- PROTOCOL_SSLv3: "SSLv3", | |||
-} | |||
+_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} | |||
try: | |||
- from _ssl import PROTOCOL_SSLv2 | |||
_SSLv2_IF_EXISTS = PROTOCOL_SSLv2 | |||
-except ImportError: | |||
+except NameError: | |||
_SSLv2_IF_EXISTS = None | |||
-else: | |||
- _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" | |||
from socket import getnameinfo as _getnameinfo | |||
from socket import error as socket_error | |||
@@ -557,7 +552,7 @@ | |||
d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] | |||
return base64.decodebytes(d.encode('ASCII', 'strict')) | |||
-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): | |||
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): | |||
"""Retrieve the certificate from the server at the specified address, | |||
and return it as a PEM-encoded string. | |||
If 'ca_certs' is specified, validate the server cert against it. | |||
diff -r -u ../Python-3.2.6.orig/Modules/_ssl.c ./Modules/_ssl.c | |||
--- ../Python-3.2.6.orig/Modules/_ssl.c 2014-10-12 06:52:03.000000000 +0000 | |||
+++ ./Modules/_ssl.c 2015-12-20 06:37:10.124337227 +0000 | |||
@@ -66,7 +66,9 @@ | |||
#ifndef OPENSSL_NO_SSL2 | |||
PY_SSL_VERSION_SSL2, | |||
#endif | |||
+#ifndef OPENSSL_NO_SSL3 | |||
PY_SSL_VERSION_SSL3=1, | |||
+#endif | |||
PY_SSL_VERSION_SSL23, | |||
PY_SSL_VERSION_TLS1 | |||
}; | |||
@@ -1512,8 +1514,10 @@ | |||
PySSL_BEGIN_ALLOW_THREADS | |||
if (proto_version == PY_SSL_VERSION_TLS1) | |||
ctx = SSL_CTX_new(TLSv1_method()); | |||
+#ifndef OPENSSL_NO_SSL3 | |||
else if (proto_version == PY_SSL_VERSION_SSL3) | |||
ctx = SSL_CTX_new(SSLv3_method()); | |||
+#endif | |||
#ifndef OPENSSL_NO_SSL2 | |||
else if (proto_version == PY_SSL_VERSION_SSL2) | |||
ctx = SSL_CTX_new(SSLv2_method()); | |||
@@ -2199,8 +2203,10 @@ | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", | |||
PY_SSL_VERSION_SSL2); | |||
#endif | |||
+#ifndef OPENSSL_NO_SSL3 | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", | |||
PY_SSL_VERSION_SSL3); | |||
+#endif | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", | |||
PY_SSL_VERSION_SSL23); | |||
PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", |
@ -0,0 +1,100 @@ | |||
diff -r -u ../Python-3.2.6.orig/Lib/ssl.py ./Lib/ssl.py | |||
--- ../Python-3.2.6.orig/Lib/ssl.py 2014-10-12 06:52:02.000000000 +0000 | |||
+++ ./Lib/ssl.py 2015-12-20 06:40:11.895384463 +0000 | |||
@@ -62,35 +62,30 @@ | |||
from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION | |||
from _ssl import _SSLContext, SSLError | |||
from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED | |||
-from _ssl import OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1 | |||
from _ssl import RAND_status, RAND_egd, RAND_add | |||
-from _ssl import ( | |||
- SSL_ERROR_ZERO_RETURN, | |||
- SSL_ERROR_WANT_READ, | |||
- SSL_ERROR_WANT_WRITE, | |||
- SSL_ERROR_WANT_X509_LOOKUP, | |||
- SSL_ERROR_SYSCALL, | |||
- SSL_ERROR_SSL, | |||
- SSL_ERROR_WANT_CONNECT, | |||
- SSL_ERROR_EOF, | |||
- SSL_ERROR_INVALID_ERROR_CODE, | |||
- ) | |||
+try: | |||
+ from _ssl import RAND_egd | |||
+except ImportError: | |||
+ # LibreSSL does not provide RAND_egd | |||
+ pass | |||
+ | |||
+def _import_symbols(prefix): | |||
+ for n in dir(_ssl): | |||
+ if n.startswith(prefix): | |||
+ globals()[n] = getattr(_ssl, n) | |||
+ | |||
+_import_symbols('OP_') | |||
+_import_symbols('SSL_ERROR_') | |||
+_import_symbols('PROTOCOL_') | |||
+ | |||
from _ssl import HAS_SNI | |||
-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 | |||
from _ssl import _OPENSSL_API_VERSION | |||
-_PROTOCOL_NAMES = { | |||
- PROTOCOL_TLSv1: "TLSv1", | |||
- PROTOCOL_SSLv23: "SSLv23", | |||
- PROTOCOL_SSLv3: "SSLv3", | |||
-} | |||
+_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} | |||
try: | |||
- from _ssl import PROTOCOL_SSLv2 | |||
_SSLv2_IF_EXISTS = PROTOCOL_SSLv2 | |||
-except ImportError: | |||
+except NameError: | |||
_SSLv2_IF_EXISTS = None | |||
-else: | |||
- _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" | |||
from socket import getnameinfo as _getnameinfo | |||
from socket import error as socket_error | |||
@@ -557,7 +552,7 @@ | |||
d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] | |||
return base64.decodebytes(d.encode('ASCII', 'strict')) | |||
-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): | |||
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): | |||
"""Retrieve the certificate from the server at the specified address, | |||
and return it as a PEM-encoded string. | |||
If 'ca_certs' is specified, validate the server cert against it. | |||
diff -r -u ../Python-3.2.6.orig/Modules/_ssl.c ./Modules/_ssl.c | |||
--- ../Python-3.2.6.orig/Modules/_ssl.c 2014-10-12 06:52:03.000000000 +0000 | |||
+++ ./Modules/_ssl.c 2015-12-20 06:37:10.124337227 +0000 | |||
@@ -66,7 +66,9 @@ | |||
#ifndef OPENSSL_NO_SSL2 | |||
PY_SSL_VERSION_SSL2, | |||
#endif | |||
+#ifndef OPENSSL_NO_SSL3 | |||
PY_SSL_VERSION_SSL3=1, | |||
+#endif | |||
PY_SSL_VERSION_SSL23, | |||
PY_SSL_VERSION_TLS1 | |||
}; | |||
@@ -1512,8 +1514,10 @@ | |||
PySSL_BEGIN_ALLOW_THREADS | |||
if (proto_version == PY_SSL_VERSION_TLS1) | |||
ctx = SSL_CTX_new(TLSv1_method()); | |||
+#ifndef OPENSSL_NO_SSL3 | |||
else if (proto_version == PY_SSL_VERSION_SSL3) | |||
ctx = SSL_CTX_new(SSLv3_method()); | |||
+#endif | |||
#ifndef OPENSSL_NO_SSL2 | |||
else if (proto_version == PY_SSL_VERSION_SSL2) | |||
ctx = SSL_CTX_new(SSLv2_method()); | |||
@@ -2199,8 +2203,10 @@ | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", | |||
PY_SSL_VERSION_SSL2); | |||
#endif | |||
+#ifndef OPENSSL_NO_SSL3 | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", | |||
PY_SSL_VERSION_SSL3); | |||
+#endif | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", | |||
PY_SSL_VERSION_SSL23); | |||
PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", |
@ -0,0 +1,100 @@ | |||
diff -r -u ../Python-3.2.6.orig/Lib/ssl.py ./Lib/ssl.py | |||
--- ../Python-3.2.6.orig/Lib/ssl.py 2014-10-12 06:52:02.000000000 +0000 | |||
+++ ./Lib/ssl.py 2015-12-20 06:40:11.895384463 +0000 | |||
@@ -62,35 +62,30 @@ | |||
from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION | |||
from _ssl import _SSLContext, SSLError | |||
from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED | |||
-from _ssl import OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1 | |||
from _ssl import RAND_status, RAND_egd, RAND_add | |||
-from _ssl import ( | |||
- SSL_ERROR_ZERO_RETURN, | |||
- SSL_ERROR_WANT_READ, | |||
- SSL_ERROR_WANT_WRITE, | |||
- SSL_ERROR_WANT_X509_LOOKUP, | |||
- SSL_ERROR_SYSCALL, | |||
- SSL_ERROR_SSL, | |||
- SSL_ERROR_WANT_CONNECT, | |||
- SSL_ERROR_EOF, | |||
- SSL_ERROR_INVALID_ERROR_CODE, | |||
- ) | |||
+try: | |||
+ from _ssl import RAND_egd | |||
+except ImportError: | |||
+ # LibreSSL does not provide RAND_egd | |||
+ pass | |||
+ | |||
+def _import_symbols(prefix): | |||
+ for n in dir(_ssl): | |||
+ if n.startswith(prefix): | |||
+ globals()[n] = getattr(_ssl, n) | |||
+ | |||
+_import_symbols('OP_') | |||
+_import_symbols('SSL_ERROR_') | |||
+_import_symbols('PROTOCOL_') | |||
+ | |||
from _ssl import HAS_SNI | |||
-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 | |||
from _ssl import _OPENSSL_API_VERSION | |||
-_PROTOCOL_NAMES = { | |||
- PROTOCOL_TLSv1: "TLSv1", | |||
- PROTOCOL_SSLv23: "SSLv23", | |||
- PROTOCOL_SSLv3: "SSLv3", | |||
-} | |||
+_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} | |||
try: | |||
- from _ssl import PROTOCOL_SSLv2 | |||
_SSLv2_IF_EXISTS = PROTOCOL_SSLv2 | |||
-except ImportError: | |||
+except NameError: | |||
_SSLv2_IF_EXISTS = None | |||
-else: | |||
- _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" | |||
from socket import getnameinfo as _getnameinfo | |||
from socket import error as socket_error | |||
@@ -557,7 +552,7 @@ | |||
d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] | |||
return base64.decodebytes(d.encode('ASCII', 'strict')) | |||
-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): | |||
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): | |||
"""Retrieve the certificate from the server at the specified address, | |||
and return it as a PEM-encoded string. | |||
If 'ca_certs' is specified, validate the server cert against it. | |||
diff -r -u ../Python-3.2.6.orig/Modules/_ssl.c ./Modules/_ssl.c | |||
--- ../Python-3.2.6.orig/Modules/_ssl.c 2014-10-12 06:52:03.000000000 +0000 | |||
+++ ./Modules/_ssl.c 2015-12-20 06:37:10.124337227 +0000 | |||
@@ -66,7 +66,9 @@ | |||
#ifndef OPENSSL_NO_SSL2 | |||
PY_SSL_VERSION_SSL2, | |||
#endif | |||
+#ifndef OPENSSL_NO_SSL3 | |||
PY_SSL_VERSION_SSL3=1, | |||
+#endif | |||
PY_SSL_VERSION_SSL23, | |||
PY_SSL_VERSION_TLS1 | |||
}; | |||
@@ -1512,8 +1514,10 @@ | |||
PySSL_BEGIN_ALLOW_THREADS | |||
if (proto_version == PY_SSL_VERSION_TLS1) | |||
ctx = SSL_CTX_new(TLSv1_method()); | |||
+#ifndef OPENSSL_NO_SSL3 | |||
else if (proto_version == PY_SSL_VERSION_SSL3) | |||
ctx = SSL_CTX_new(SSLv3_method()); | |||
+#endif | |||
#ifndef OPENSSL_NO_SSL2 | |||
else if (proto_version == PY_SSL_VERSION_SSL2) | |||
ctx = SSL_CTX_new(SSLv2_method()); | |||
@@ -2199,8 +2203,10 @@ | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", | |||
PY_SSL_VERSION_SSL2); | |||
#endif | |||
+#ifndef OPENSSL_NO_SSL3 | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", | |||
PY_SSL_VERSION_SSL3); | |||
+#endif | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", | |||
PY_SSL_VERSION_SSL23); | |||
PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", |
@ -0,0 +1,100 @@ | |||
diff -r -u ../Python-3.2.6.orig/Lib/ssl.py ./Lib/ssl.py | |||
--- ../Python-3.2.6.orig/Lib/ssl.py 2014-10-12 06:52:02.000000000 +0000 | |||
+++ ./Lib/ssl.py 2015-12-20 06:40:11.895384463 +0000 | |||
@@ -62,35 +62,30 @@ | |||
from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION | |||
from _ssl import _SSLContext, SSLError | |||
from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED | |||
-from _ssl import OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1 | |||
from _ssl import RAND_status, RAND_egd, RAND_add | |||
-from _ssl import ( | |||
- SSL_ERROR_ZERO_RETURN, | |||
- SSL_ERROR_WANT_READ, | |||
- SSL_ERROR_WANT_WRITE, | |||
- SSL_ERROR_WANT_X509_LOOKUP, | |||
- SSL_ERROR_SYSCALL, | |||
- SSL_ERROR_SSL, | |||
- SSL_ERROR_WANT_CONNECT, | |||
- SSL_ERROR_EOF, | |||
- SSL_ERROR_INVALID_ERROR_CODE, | |||
- ) | |||
+try: | |||
+ from _ssl import RAND_egd | |||
+except ImportError: | |||
+ # LibreSSL does not provide RAND_egd | |||
+ pass | |||
+ | |||
+def _import_symbols(prefix): | |||
+ for n in dir(_ssl): | |||
+ if n.startswith(prefix): | |||
+ globals()[n] = getattr(_ssl, n) | |||
+ | |||
+_import_symbols('OP_') | |||
+_import_symbols('SSL_ERROR_') | |||
+_import_symbols('PROTOCOL_') | |||
+ | |||
from _ssl import HAS_SNI | |||
-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 | |||
from _ssl import _OPENSSL_API_VERSION | |||
-_PROTOCOL_NAMES = { | |||
- PROTOCOL_TLSv1: "TLSv1", | |||
- PROTOCOL_SSLv23: "SSLv23", | |||
- PROTOCOL_SSLv3: "SSLv3", | |||
-} | |||
+_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} | |||
try: | |||
- from _ssl import PROTOCOL_SSLv2 | |||
_SSLv2_IF_EXISTS = PROTOCOL_SSLv2 | |||
-except ImportError: | |||
+except NameError: | |||
_SSLv2_IF_EXISTS = None | |||
-else: | |||
- _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" | |||
from socket import getnameinfo as _getnameinfo | |||
from socket import error as socket_error | |||
@@ -557,7 +552,7 @@ | |||
d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] | |||
return base64.decodebytes(d.encode('ASCII', 'strict')) | |||
-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): | |||
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): | |||
"""Retrieve the certificate from the server at the specified address, | |||
and return it as a PEM-encoded string. | |||
If 'ca_certs' is specified, validate the server cert against it. | |||
diff -r -u ../Python-3.2.6.orig/Modules/_ssl.c ./Modules/_ssl.c | |||
--- ../Python-3.2.6.orig/Modules/_ssl.c 2014-10-12 06:52:03.000000000 +0000 | |||
+++ ./Modules/_ssl.c 2015-12-20 06:37:10.124337227 +0000 | |||
@@ -66,7 +66,9 @@ | |||
#ifndef OPENSSL_NO_SSL2 | |||
PY_SSL_VERSION_SSL2, | |||
#endif | |||
+#ifndef OPENSSL_NO_SSL3 | |||
PY_SSL_VERSION_SSL3=1, | |||
+#endif | |||
PY_SSL_VERSION_SSL23, | |||
PY_SSL_VERSION_TLS1 | |||
}; | |||
@@ -1512,8 +1514,10 @@ | |||
PySSL_BEGIN_ALLOW_THREADS | |||
if (proto_version == PY_SSL_VERSION_TLS1) | |||
ctx = SSL_CTX_new(TLSv1_method()); | |||
+#ifndef OPENSSL_NO_SSL3 | |||
else if (proto_version == PY_SSL_VERSION_SSL3) | |||
ctx = SSL_CTX_new(SSLv3_method()); | |||
+#endif | |||
#ifndef OPENSSL_NO_SSL2 | |||
else if (proto_version == PY_SSL_VERSION_SSL2) | |||
ctx = SSL_CTX_new(SSLv2_method()); | |||
@@ -2199,8 +2203,10 @@ | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", | |||
PY_SSL_VERSION_SSL2); | |||
#endif | |||
+#ifndef OPENSSL_NO_SSL3 | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", | |||
PY_SSL_VERSION_SSL3); | |||
+#endif | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", | |||
PY_SSL_VERSION_SSL23); | |||
PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", |
@ -1,75 +0,0 @@ | |||
diff -r -u ./Lib/ssl.py ../Python-3.2/Lib/ssl.py | |||
--- ./Lib/ssl.py 2010-10-23 03:19:07.000000000 +0900 | |||
+++ ../Python-3.2/Lib/ssl.py 2013-05-23 11:56:30.000000000 +0900 | |||
@@ -62,8 +62,20 @@ | |||
from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION | |||
from _ssl import _SSLContext, SSLError | |||
from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED | |||
-from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, | |||
+from _ssl import (PROTOCOL_SSLv3, PROTOCOL_SSLv23, | |||
PROTOCOL_TLSv1) | |||
+_PROTOCOL_NAMES = { | |||
+ PROTOCOL_TLSv1: "TLSv1", | |||
+ PROTOCOL_SSLv23: "SSLv23", | |||
+ PROTOCOL_SSLv3: "SSLv3", | |||
+} | |||
+try: | |||
+ from _ssl import PROTOCOL_SSLv2 | |||
+ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 | |||
+except ImportError: | |||
+ _SSLv2_IF_EXISTS = None | |||
+else: | |||
+ _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" | |||
from _ssl import OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1 | |||
from _ssl import RAND_status, RAND_egd, RAND_add | |||
from _ssl import ( | |||
@@ -537,13 +549,4 @@ | |||
return DER_cert_to_PEM_cert(dercert) | |||
def get_protocol_name(protocol_code): | |||
- if protocol_code == PROTOCOL_TLSv1: | |||
- return "TLSv1" | |||
- elif protocol_code == PROTOCOL_SSLv23: | |||
- return "SSLv23" | |||
- elif protocol_code == PROTOCOL_SSLv2: | |||
- return "SSLv2" | |||
- elif protocol_code == PROTOCOL_SSLv3: | |||
- return "SSLv3" | |||
- else: | |||
- return "<unknown>" | |||
+ return _PROTOCOL_NAMES.get(protocol_code, '<unknown>') | |||
diff -r -u ./Modules/_ssl.c ../Python-3.2/Modules/_ssl.c | |||
--- ./Modules/_ssl.c 2011-01-29 20:31:20.000000000 +0900 | |||
+++ ../Python-3.2/Modules/_ssl.c 2013-05-23 11:57:44.000000000 +0900 | |||
@@ -63,7 +63,9 @@ | |||
}; | |||
enum py_ssl_version { | |||
+#ifndef OPENSSL_NO_SSL2 | |||
PY_SSL_VERSION_SSL2, | |||
+#endif | |||
PY_SSL_VERSION_SSL3, | |||
PY_SSL_VERSION_SSL23, | |||
PY_SSL_VERSION_TLS1 | |||
@@ -1450,8 +1452,10 @@ | |||
ctx = SSL_CTX_new(TLSv1_method()); | |||
else if (proto_version == PY_SSL_VERSION_SSL3) | |||
ctx = SSL_CTX_new(SSLv3_method()); | |||
+#ifndef OPENSSL_NO_SSL2 | |||
else if (proto_version == PY_SSL_VERSION_SSL2) | |||
ctx = SSL_CTX_new(SSLv2_method()); | |||
+#endif | |||
else if (proto_version == PY_SSL_VERSION_SSL23) | |||
ctx = SSL_CTX_new(SSLv23_method()); | |||
else | |||
@@ -2110,8 +2114,10 @@ | |||
PY_SSL_CERT_REQUIRED); | |||
/* protocol versions */ | |||
+#ifndef OPENSSL_NO_SSL2 | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", | |||
PY_SSL_VERSION_SSL2); | |||
+#endif | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", | |||
PY_SSL_VERSION_SSL3); | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", |
@ -0,0 +1,100 @@ | |||
diff -r -u ../Python-3.2.orig/Lib/ssl.py ./Lib/ssl.py | |||
--- ../Python-3.2.orig/Lib/ssl.py 2010-10-22 18:19:07.000000000 +0000 | |||
+++ ./Lib/ssl.py 2015-12-20 07:12:00.759323661 +0000 | |||
@@ -62,23 +62,26 @@ | |||
from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION | |||
from _ssl import _SSLContext, SSLError | |||
from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED | |||
-from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, | |||
- PROTOCOL_TLSv1) | |||
-from _ssl import OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1 | |||
-from _ssl import RAND_status, RAND_egd, RAND_add | |||
-from _ssl import ( | |||
- SSL_ERROR_ZERO_RETURN, | |||
- SSL_ERROR_WANT_READ, | |||
- SSL_ERROR_WANT_WRITE, | |||
- SSL_ERROR_WANT_X509_LOOKUP, | |||
- SSL_ERROR_SYSCALL, | |||
- SSL_ERROR_SSL, | |||
- SSL_ERROR_WANT_CONNECT, | |||
- SSL_ERROR_EOF, | |||
- SSL_ERROR_INVALID_ERROR_CODE, | |||
- ) | |||
+from _ssl import RAND_status, RAND_add | |||
+try: | |||
+ from _ssl import RAND_egd | |||
+except ImportError: | |||
+ # LibreSSL does not provide RAND_egd | |||
+ pass | |||
+ | |||
+def _import_symbols(prefix): | |||
+ for n in dir(_ssl): | |||
+ if n.startswith(prefix): | |||
+ globals()[n] = getattr(_ssl, n) | |||
+ | |||
+_import_symbols('OP_') | |||
+_import_symbols('SSL_ERROR_') | |||
+_import_symbols('PROTOCOL_') | |||
+ | |||
from _ssl import HAS_SNI | |||
+_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} | |||
+ | |||
from socket import getnameinfo as _getnameinfo | |||
from socket import error as socket_error | |||
from socket import socket, AF_INET, SOCK_STREAM | |||
@@ -518,7 +521,7 @@ | |||
d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] | |||
return base64.decodebytes(d.encode('ASCII', 'strict')) | |||
-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): | |||
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): | |||
"""Retrieve the certificate from the server at the specified address, | |||
and return it as a PEM-encoded string. | |||
If 'ca_certs' is specified, validate the server cert against it. | |||
diff -r -u ../Python-3.2.orig/Modules/_ssl.c ./Modules/_ssl.c | |||
--- ../Python-3.2.orig/Modules/_ssl.c 2011-01-29 11:31:20.000000000 +0000 | |||
+++ ./Modules/_ssl.c 2015-12-20 07:10:38.285929662 +0000 | |||
@@ -63,8 +63,12 @@ | |||
}; | |||
enum py_ssl_version { | |||
+#ifndef OPENSSL_NO_SSL2 | |||
PY_SSL_VERSION_SSL2, | |||
+#endif | |||
+#ifndef OPENSSL_NO_SSL3 | |||
PY_SSL_VERSION_SSL3, | |||
+#endif | |||
PY_SSL_VERSION_SSL23, | |||
PY_SSL_VERSION_TLS1 | |||
}; | |||
@@ -1448,10 +1452,14 @@ | |||
PySSL_BEGIN_ALLOW_THREADS | |||
if (proto_version == PY_SSL_VERSION_TLS1) | |||
ctx = SSL_CTX_new(TLSv1_method()); | |||
+#ifndef OPENSSL_NO_SSL3 | |||
else if (proto_version == PY_SSL_VERSION_SSL3) | |||
ctx = SSL_CTX_new(SSLv3_method()); | |||
+#endif | |||
+#ifndef OPENSSL_NO_SSL2 | |||
else if (proto_version == PY_SSL_VERSION_SSL2) | |||
ctx = SSL_CTX_new(SSLv2_method()); | |||
+#endif | |||
else if (proto_version == PY_SSL_VERSION_SSL23) | |||
ctx = SSL_CTX_new(SSLv23_method()); | |||
else | |||
@@ -2110,10 +2118,14 @@ | |||
PY_SSL_CERT_REQUIRED); | |||
/* protocol versions */ | |||
+#ifndef OPENSSL_NO_SSL2 | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", | |||
PY_SSL_VERSION_SSL2); | |||
+#endif | |||
+#ifndef OPENSSL_NO_SSL3 | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", | |||
PY_SSL_VERSION_SSL3); | |||
+#endif | |||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", | |||
PY_SSL_VERSION_SSL23); | |||
PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", |