Author: Matti Picus <matti.pi...@gmail.com> Branch: stdlib-2.7.16 Changeset: r96685:580e7f2d8380 Date: 2019-05-26 00:56 +0300 http://bitbucket.org/pypy/pypy/changeset/580e7f2d8380/
Log: partially update _cffi_ssl to get TLSv1_3 diff --git a/lib_pypy/_cffi_ssl/_cffi_src/openssl/ssl.py b/lib_pypy/_cffi_ssl/_cffi_src/openssl/ssl.py --- a/lib_pypy/_cffi_ssl/_cffi_src/openssl/ssl.py +++ b/lib_pypy/_cffi_ssl/_cffi_src/openssl/ssl.py @@ -17,6 +17,7 @@ static const long Cryptography_HAS_SSL3_METHOD; static const long Cryptography_HAS_TLSv1_1; static const long Cryptography_HAS_TLSv1_2; +static const long Cryptography_HAS_TLSv1_3; static const long Cryptography_HAS_SECURE_RENEGOTIATION; static const long Cryptography_HAS_COMPRESSION; static const long Cryptography_HAS_TLSEXT_STATUS_REQ_CB; @@ -39,13 +40,12 @@ * supported */ static const long Cryptography_HAS_OP_NO_COMPRESSION; - static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING; static const long Cryptography_HAS_SSL_SET_SSL_CTX; static const long Cryptography_HAS_SSL_OP_NO_TICKET; static const long Cryptography_HAS_NETBSD_D1_METH; +static const long Cryptography_HAS_ALPN; static const long Cryptography_HAS_NEXTPROTONEG; -static const long Cryptography_HAS_ALPN; static const long Cryptography_HAS_SET_CERT_CB; static const long SSL_FILETYPE_PEM; @@ -65,13 +65,13 @@ static const long SSL_OP_NO_TLSv1; static const long SSL_OP_NO_TLSv1_1; static const long SSL_OP_NO_TLSv1_2; +static const long SSL_OP_NO_TLSv1_3; static const long SSL_OP_NO_COMPRESSION; static const long SSL_OP_SINGLE_DH_USE; static const long SSL_OP_EPHEMERAL_RSA; static const long SSL_OP_MICROSOFT_SESS_ID_BUG; static const long SSL_OP_NETSCAPE_CHALLENGE_BUG; static const long SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG; -static const long SSL_OP_NO_SSLv2; static const long SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG; static const long SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER; static const long SSL_OP_MSIE_SSLV2_RSA_PADDING; @@ -356,7 +356,7 @@ void SSL_set_tlsext_host_name(SSL *, char *); void SSL_CTX_set_tlsext_servername_callback( SSL_CTX *, - int (*)(const SSL *, int *, void *)); + int (*)(SSL *, int *, void *)); void SSL_CTX_set_tlsext_servername_arg( SSL_CTX *, void *); @@ -514,10 +514,12 @@ memcpy(out, session->master_key, outlen); return outlen; } - -int SSL_SESSION_has_ticket(const SSL_SESSION *s) { +/* from ssl/ssl_sess.c */ +int SSL_SESSION_has_ticket(const SSL_SESSION *s) +{ return (s->tlsext_ticklen > 0) ? 1 : 0; } +/* from ssl/ssl_sess.c */ unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s) { return s->tlsext_tick_lifetime_hint; @@ -729,4 +731,19 @@ static const long OPENSSL_NPN_NEGOTIATED = -1; static const long Cryptography_HAS_NPN_NEGOTIATED = 0; #endif +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 +static const long Cryptography_HAS_TLSv1_3 = 0; +static const long SSL_OP_NO_TLSv1_3 = 0; +static const long SSL_VERIFY_POST_HANDSHAKE = 0; +int (*SSL_CTX_set_ciphersuites)(SSL_CTX *, const char *) = NULL; +int (*SSL_verify_client_post_handshake)(SSL *) = NULL; +void (*SSL_CTX_set_post_handshake_auth)(SSL_CTX *, int) = NULL; +void (*SSL_set_post_handshake_auth)(SSL *, int) = NULL; +uint32_t (*SSL_SESSION_get_max_early_data)(const SSL_SESSION *) = NULL; +int (*SSL_write_early_data)(SSL *, const void *, size_t, size_t *) = NULL; +int (*SSL_read_early_data)(SSL *, void *, size_t, size_t *) = NULL; +int (*SSL_CTX_set_max_early_data)(SSL_CTX *, uint32_t) = NULL; +#else +static const long Cryptography_HAS_TLSv1_3 = 1; +#endif """ diff --git a/lib_pypy/_cffi_ssl/_stdssl/__init__.py b/lib_pypy/_cffi_ssl/_stdssl/__init__.py --- a/lib_pypy/_cffi_ssl/_stdssl/__init__.py +++ b/lib_pypy/_cffi_ssl/_stdssl/__init__.py @@ -87,6 +87,10 @@ PROTOCOL_TLSv1 = 3 PROTOCOL_TLSv1_1 = 4 PROTOCOL_TLSv1_2 = 5 +if lib.Cryptography_HAS_TLSv1_3: + HAS_TLSv1_3 = True +else: + HAS_TLSv1_3 = False PROTOCOL_TLS_CLIENT = 0x10 PROTOCOL_TLS_SERVER = 0x11 diff --git a/pypy/module/cpyext/include/patchlevel.h b/pypy/module/cpyext/include/patchlevel.h --- a/pypy/module/cpyext/include/patchlevel.h +++ b/pypy/module/cpyext/include/patchlevel.h @@ -26,7 +26,7 @@ #define PY_RELEASE_SERIAL 0 /* Version as a string */ -#define PY_VERSION "2.7.13" +#define PY_VERSION "2.7.16" /* PyPy version as a string: make sure to keep this in sync with: * module/sys/version.py _______________________________________________ pypy-commit mailing list pypy-commit@python.org https://mail.python.org/mailman/listinfo/pypy-commit