mirror of https://github.com/python/cpython
Issue #8813: X509_VERIFY_PARAM is only available on OpenSSL 0.9.8+
The patch removes the verify_flags feature on Mac OS X 10.4 with OpenSSL 0.9.7l 28 Sep 2006.
This commit is contained in:
parent
4a281a12f1
commit
2427b50fdd
|
@ -1126,6 +1126,7 @@ to speed up repeated connections from the same clients.
|
||||||
The flags for certificate verification operations. You can set flags like
|
The flags for certificate verification operations. You can set flags like
|
||||||
:data:`VERIFY_CRL_CHECK_LEAF` by ORing them together. By default OpenSSL
|
:data:`VERIFY_CRL_CHECK_LEAF` by ORing them together. By default OpenSSL
|
||||||
does neither require nor verify certificate revocation lists (CRLs).
|
does neither require nor verify certificate revocation lists (CRLs).
|
||||||
|
Available only with openssl version 0.9.8+.
|
||||||
|
|
||||||
.. versionadded:: 3.4
|
.. versionadded:: 3.4
|
||||||
|
|
||||||
|
|
|
@ -82,6 +82,10 @@ def no_sslv2_implies_sslv3_hello():
|
||||||
# 0.9.7h or higher
|
# 0.9.7h or higher
|
||||||
return ssl.OPENSSL_VERSION_INFO >= (0, 9, 7, 8, 15)
|
return ssl.OPENSSL_VERSION_INFO >= (0, 9, 7, 8, 15)
|
||||||
|
|
||||||
|
def have_verify_flags():
|
||||||
|
# 0.9.8 or higher
|
||||||
|
return ssl.OPENSSL_VERSION_INFO >= (0, 9, 8, 0, 15)
|
||||||
|
|
||||||
def asn1time(cert_time):
|
def asn1time(cert_time):
|
||||||
# Some versions of OpenSSL ignore seconds, see #18207
|
# Some versions of OpenSSL ignore seconds, see #18207
|
||||||
# 0.9.8.i
|
# 0.9.8.i
|
||||||
|
@ -667,6 +671,8 @@ class ContextTests(unittest.TestCase):
|
||||||
with self.assertRaises(ValueError):
|
with self.assertRaises(ValueError):
|
||||||
ctx.verify_mode = 42
|
ctx.verify_mode = 42
|
||||||
|
|
||||||
|
@unittest.skipUnless(have_verify_flags(),
|
||||||
|
"verify_flags need OpenSSL > 0.9.8")
|
||||||
def test_verify_flags(self):
|
def test_verify_flags(self):
|
||||||
ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
|
ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
|
||||||
# default value by OpenSSL
|
# default value by OpenSSL
|
||||||
|
@ -1809,6 +1815,8 @@ else:
|
||||||
self.assertLess(before, after)
|
self.assertLess(before, after)
|
||||||
s.close()
|
s.close()
|
||||||
|
|
||||||
|
@unittest.skipUnless(have_verify_flags(),
|
||||||
|
"verify_flags need OpenSSL > 0.9.8")
|
||||||
def test_crl_check(self):
|
def test_crl_check(self):
|
||||||
if support.verbose:
|
if support.verbose:
|
||||||
sys.stdout.write("\n")
|
sys.stdout.write("\n")
|
||||||
|
|
|
@ -198,6 +198,11 @@ static unsigned int _ssl_locks_count = 0;
|
||||||
# define OPENSSL_NO_COMP
|
# define OPENSSL_NO_COMP
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
/* X509_VERIFY_PARAM got added to OpenSSL in 0.9.8 */
|
||||||
|
#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
|
||||||
|
# define HAVE_OPENSSL_VERIFY_PARAM
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
||||||
typedef struct {
|
typedef struct {
|
||||||
PyObject_HEAD
|
PyObject_HEAD
|
||||||
|
@ -2230,6 +2235,7 @@ set_verify_mode(PySSLContext *self, PyObject *arg, void *c)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef HAVE_OPENSSL_VERIFY_PARAM
|
||||||
static PyObject *
|
static PyObject *
|
||||||
get_verify_flags(PySSLContext *self, void *c)
|
get_verify_flags(PySSLContext *self, void *c)
|
||||||
{
|
{
|
||||||
|
@ -2267,6 +2273,7 @@ set_verify_flags(PySSLContext *self, PyObject *arg, void *c)
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
static PyObject *
|
static PyObject *
|
||||||
get_options(PySSLContext *self, void *c)
|
get_options(PySSLContext *self, void *c)
|
||||||
|
@ -3088,8 +3095,10 @@ get_ca_certs(PySSLContext *self, PyObject *args, PyObject *kwds)
|
||||||
static PyGetSetDef context_getsetlist[] = {
|
static PyGetSetDef context_getsetlist[] = {
|
||||||
{"options", (getter) get_options,
|
{"options", (getter) get_options,
|
||||||
(setter) set_options, NULL},
|
(setter) set_options, NULL},
|
||||||
|
#ifdef HAVE_OPENSSL_VERIFY_PARAM
|
||||||
{"verify_flags", (getter) get_verify_flags,
|
{"verify_flags", (getter) get_verify_flags,
|
||||||
(setter) set_verify_flags, NULL},
|
(setter) set_verify_flags, NULL},
|
||||||
|
#endif
|
||||||
{"verify_mode", (getter) get_verify_mode,
|
{"verify_mode", (getter) get_verify_mode,
|
||||||
(setter) set_verify_mode, NULL},
|
(setter) set_verify_mode, NULL},
|
||||||
{NULL}, /* sentinel */
|
{NULL}, /* sentinel */
|
||||||
|
|
Loading…
Reference in New Issue