Mirror
/
cpython
mirror of https://github.com/python/cpython
4
1
Fork 0
Code Issues Releases Wiki Activity

gh-103242: Migrate SSLContext.set_ecdh_curve not to use deprecated APIs (#103378) 

Migrate `SSLContext.set_ecdh_curve()` not to use deprecated OpenSSL APIs.
This commit is contained in:
Dong-hee Na 2023-04-09 02:56:42 +09:00 committed by GitHub
parent 0ba0ca05d2
commit 35167043e3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Misc/NEWS.d/next/Core and Builtins/2023-04-08-17-13-07.gh-issue-103242.ysI1b3.rst Normal file
View File

@ -0,0 +1,2 @@
Migrate :meth:`~ssl.SSLContext.set_ecdh_curve` method not to use deprecated
OpenSSL APIs. Patch by Dong-hee Na.

11
Modules/_ssl.c
View File

@ -4336,8 +4336,6 @@ _ssl__SSLContext_set_ecdh_curve(PySSLContext *self, PyObject *name)
{ {
PyObject *name_bytes; PyObject *name_bytes;
int nid; int nid;
EC_KEY *key;
if (!PyUnicode_FSConverter(name, &name_bytes)) if (!PyUnicode_FSConverter(name, &name_bytes))
return NULL; return NULL;
assert(PyBytes_Check(name_bytes)); assert(PyBytes_Check(name_bytes));
@ -4348,13 +4346,20 @@ _ssl__SSLContext_set_ecdh_curve(PySSLContext *self, PyObject *name)
"unknown elliptic curve name %R", name); "unknown elliptic curve name %R", name);
return NULL; return NULL;
} }
key = EC_KEY_new_by_curve_name(nid); #if OPENSSL_VERSION_MAJOR < 3
EC_KEY *key = EC_KEY_new_by_curve_name(nid);
if (key == NULL) { if (key == NULL) {
_setSSLError(get_state_ctx(self), NULL, 0, __FILE__, __LINE__); _setSSLError(get_state_ctx(self), NULL, 0, __FILE__, __LINE__);
return NULL; return NULL;
} }
SSL_CTX_set_tmp_ecdh(self->ctx, key); SSL_CTX_set_tmp_ecdh(self->ctx, key);
EC_KEY_free(key); EC_KEY_free(key);
#else
if (!SSL_CTX_set1_groups(self->ctx, &nid, 1)) {
_setSSLError(get_state_ctx(self), NULL, 0, __FILE__, __LINE__);
return NULL;
}
#endif
Py_RETURN_NONE; Py_RETURN_NONE;
} }