Bernard Spil <pyt...@bachfreund.nl> added the comment:
My pleasure! Glad we sorted this out for no-nextprotoneg and LibreSSL :D
--
___
Python tracker <rep...@bugs.python.org>
<https://bugs.python
Bernard Spil <pyt...@bachfreund.nl> added the comment:
See also https://github.com/python/cpython/pull/5343
Note: I am Sp1l on Github, spil here, CLA has been signed.
--
nosy: +spil
pull_requests: +5190
___
Python tracker <rep...@bugs.p
Bernard Spil added the comment:
Sorry for the noise Christian, I thought the former EGD handling was still in
place. That was fixed with
https://github.com/python/cpython/commit/968ec1d29b44ca7a600df5984adff00a78392368
on 07 Jul 2016
--
___
Python
Bernard Spil added the comment:
Hi Christian,
Great stuff!
Please can you replace the HAVE_RAND_EGD ifdefs into OPENSSL_NO_EGD checks?
Then the RAND_egd checks in configure.ac can also be removed.
This was introduced by OpenSSL in
https://github.com/openssl/openssl/commit
Bernard Spil added the comment:
Can you please replace the HAVE_RAND_EGD bits with OPENSSL_NO_EGD as defined by
both OpenSSL 1.1 and LibreSSL?
EGD default disabled
https://github.com/openssl/openssl/blob/master/Configure#L363
EGD methods not available
https://github.com/openssl/openssl/blob
Bernard Spil added the comment:
It's been a year since this was created. Can we move this forward?
For the OpenSSL 1.1 changes, see
https://github.com/openssl/openssl/blob/master/Configure#L363
(egd is disabled in the default configuration)
and
https://github.com/openssl/openssl/blob/master
Bernard Spil added the comment:
Checking version numbers to see if a feature is available is a bad practice.
How can features ever be removed this way! Would be better to check for the
feature itself (using autoconf).
The patch was mostly OK but any check for OPENSSL_VERSION_NUMBER for now
Bernard Spil added the comment:
Testing this patch on HardenedBSD/LibreSSL (base SSL libs replaced with
LibreSSL)
--
nosy: +spil
___
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/i
Bernard Spil added the comment:
This is now also required for the upcoming OpenSSL 1.1.0 which also removed EGD
by default
--
___
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/i
Bernard Spil added the comment:
Checking if the method is actually defined is the smart way to go
>From include/openssl/tls1.h
# define TLSEXT_TYPE_application_layer_protocol_negotiation
So #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
would show you if the feature is availa
Bernard Spil added the comment:
ALPN was removed originally but added again later
http://marc.info/?l=openbsd-announce=142193407304782
--
___
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/i
New submission from Bernard Spil:
LibreSSL added a define OPENSSL_NO_EGD to their headers in version 2.2.0 in
line with the defines of the other removed features.
These patches remove detection of RAND_egd from configure and replace the
detection in the source code.
--
messages
Bernard Spil added the comment:
LibreSSL defines in opensslv.h
#define LIBRESSL_VERSION_NUMBER 0x2000L
#define OPENSSL_VERSION_NUMBER 0x2000L
And FreeBSD replaces
#define OPENSSL_VERSION_NUMBER 0x1000107fL
Proper way would be to check for LIBRESSL_VERSION_NUMBER string, FreeBSD
Bernard Spil added the comment:
Note that the FreeBSD port modifies the OPENSSL_VERSION_NUMBER and sets the
version number to 1.0.1g.
https://svnweb.freebsd.org/ports?view=revisionrevision=361642
--
nosy: +spil
___
Python tracker rep
Bernard Spil added the comment:
When configure is called with correct LDFLAGS and CPPFLAGS for LibreSSL these
patches to configure, Modules/_ssl.c and Lib/_ssl.py will detect not having
RAND_egd support in OpenSSL and make the build succeed.
--
Added file: http://bugs.python.org
Changes by Bernard Spil pyt...@bachfreund.nl:
Added file: http://bugs.python.org/file37300/patch-Lib_ssl.py
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21356
Changes by Bernard Spil pyt...@bachfreund.nl:
Added file: http://bugs.python.org/file37301/patch-Modules__ssl.c
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21356
Changes by Bernard Spil pyt...@bachfreund.nl:
Removed file: http://bugs.python.org/file37242/patch-Modules__ssl.c
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21356
Bernard Spil added the comment:
Victor: That is a change that has been implemented in the downstream port to
fix wxPython, see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=192365 this
ended up in this patch as my primary objective was to fix it for the FreeBSD
port.
Antoine: Sorry, I'm
Bernard Spil added the comment:
Remove https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=192365 patch from this
patch-set
--
Added file: http://bugs.python.org/file37302/patch-configure.ac
___
Python tracker rep...@bugs.python.org
http
Changes by Bernard Spil pyt...@bachfreund.nl:
Removed file: http://bugs.python.org/file37299/patch-configure.ac
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21356
Bernard Spil added the comment:
FAILED (failures=2, errors=2, skipped=5)
That is OK, as these 2 tests should fail with LibreSSL since SSLv2 and SSLv3
support has been removed from LibreSSL.
ERROR: test_protocol_sslv23 (__main__.ThreadedTests)
ERROR: test_protocol_sslv3 (__main__.ThreadedTests
Bernard Spil added the comment:
Merged the patch from haypo back into the FreeBSD port for 2.7 at
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=192511
In the process I discovered during test_ssl that I had to patch Lib/socket.py
as well to make RAND_egd conditional
Bernard Spil added the comment:
Hi,
I think this can be found in LibreSSL's opensslv.h
An ifdef LIBRESSL_VERSION_NUMBER should work
See
https://github.com/libressl-portable/openbsd/blob/master/src/lib/libssl/src/crypto/opensslv.h
_ssl.c includes crypto.h which in turn includes opensslv.h
Bernard Spil added the comment:
EGD was only necessary for some commercial UNIX systems, versions that needed
it all reached end of life. It no longer makes sense to have any code referring
to it.
EGD needed untilOS release date
IRIX6.5.19 feb 2003
Solaris
25 matches
Mail list logo
