https://github.com/python/cpython/commit/c41fce08a5d7aae8fd9e3fa25e0ba521600e097c commit: c41fce08a5d7aae8fd9e3fa25e0ba521600e097c branch: main author: David Benjamin <[email protected]> committer: gpshead <[email protected]> date: 2025-11-22T09:17:45-08:00 summary:
gh-141801: Use accessors for ASN1_STRING fields in libssl (GH-141802) * gh-141801: Use accessors for ASN1_STRING fields While ASN1_STRING is currently exposed, it is better to use the accessors. See https://github.com/openssl/openssl/issues/29117 where, if the type were opaque, OpenSSL's X509 objects could be much more memory-efficient. * Update Modules/_ssl.c Co-authored-by: Bénédikt Tran <[email protected]> * Update Modules/_ssl.c Co-authored-by: Bénédikt Tran <[email protected]> --------- Co-authored-by: Bénédikt Tran <[email protected]> files: M Modules/_ssl.c diff --git a/Modules/_ssl.c b/Modules/_ssl.c index 4b75e455f402ff..25fcea6aaf128d 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -1437,14 +1437,14 @@ _get_peer_alt_names (_sslmodulestate *state, X509 *certificate) { } PyTuple_SET_ITEM(t, 0, v); - if (name->d.ip->length == 4) { - unsigned char *p = name->d.ip->data; + if (ASN1_STRING_length(name->d.ip) == 4) { + const unsigned char *p = ASN1_STRING_get0_data(name->d.ip); v = PyUnicode_FromFormat( "%d.%d.%d.%d", p[0], p[1], p[2], p[3] ); - } else if (name->d.ip->length == 16) { - unsigned char *p = name->d.ip->data; + } else if (ASN1_STRING_length(name->d.ip) == 16) { + const unsigned char *p = ASN1_STRING_get0_data(name->d.ip); v = PyUnicode_FromFormat( "%X:%X:%X:%X:%X:%X:%X:%X", p[0] << 8 | p[1], @@ -1575,8 +1575,9 @@ _get_aia_uri(X509 *certificate, int nid) { continue; } uri = ad->location->d.uniformResourceIdentifier; - ostr = PyUnicode_FromStringAndSize((char *)uri->data, - uri->length); + ostr = PyUnicode_FromStringAndSize( + (const char *)ASN1_STRING_get0_data(uri), + ASN1_STRING_length(uri)); if (ostr == NULL) { goto fail; } @@ -1642,8 +1643,9 @@ _get_crl_dp(X509 *certificate) { continue; } uri = gn->d.uniformResourceIdentifier; - ouri = PyUnicode_FromStringAndSize((char *)uri->data, - uri->length); + ouri = PyUnicode_FromStringAndSize( + (const char *)ASN1_STRING_get0_data(uri), + ASN1_STRING_length(uri)); if (ouri == NULL) goto done; _______________________________________________ Python-checkins mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3//lists/python-checkins.python.org Member address: [email protected]
