Fix ssl module compilation if ECDH support was disabled in the OpenSSL build.
(followup to issue #13627)
This commit is contained in:
Antoine Pitrou
parent
822c790527
commit
501da61671
|
|
@ -445,6 +445,14 @@ Constants
|
||||||
|
|
||||||
.. versionadded:: 3.3
|
.. versionadded:: 3.3
|
||||||
|
|
||||||
|
.. data:: HAS_ECDH
|
||||||
|
|
||||||
|
Whether the OpenSSL library has built-in support for Elliptic Curve-based
|
||||||
|
Diffie-Hellman key exchange. This should be true unless the feature was
|
||||||
|
explicitly disabled by the distributor.
|
||||||
|
|
||||||
|
.. versionadded:: 3.3
|
||||||
|
|
||||||
.. data:: HAS_SNI
|
.. data:: HAS_SNI
|
||||||
|
|
||||||
Whether the OpenSSL library has built-in support for the *Server Name
|
Whether the OpenSSL library has built-in support for the *Server Name
|
||||||
|
|
@ -711,6 +719,8 @@ to speed up repeated connections from the same clients.
|
||||||
This setting doesn't apply to client sockets. You can also use the
|
This setting doesn't apply to client sockets. You can also use the
|
||||||
:data:`OP_SINGLE_ECDH_USE` option to further improve security.
|
:data:`OP_SINGLE_ECDH_USE` option to further improve security.
|
||||||
|
|
||||||
|
This method is not available if :data:`HAS_ECDH` is False.
|
||||||
|
|
||||||
.. versionadded:: 3.3
|
.. versionadded:: 3.3
|
||||||
|
|
||||||
.. seealso::
|
.. seealso::
|
||||||
|
|
|
||||||
|
|
@ -86,7 +86,7 @@ from _ssl import (
|
||||||
SSL_ERROR_EOF,
|
SSL_ERROR_EOF,
|
||||||
SSL_ERROR_INVALID_ERROR_CODE,
|
SSL_ERROR_INVALID_ERROR_CODE,
|
||||||
)
|
)
|
||||||
from _ssl import HAS_SNI
|
from _ssl import HAS_SNI, HAS_ECDH
|
||||||
from _ssl import (PROTOCOL_SSLv3, PROTOCOL_SSLv23,
|
from _ssl import (PROTOCOL_SSLv3, PROTOCOL_SSLv23,
|
||||||
PROTOCOL_TLSv1)
|
PROTOCOL_TLSv1)
|
||||||
from _ssl import _OPENSSL_API_VERSION
|
from _ssl import _OPENSSL_API_VERSION
|
||||||
|
|
|
||||||
|
|
@ -103,6 +103,7 @@ class BasicSocketTests(unittest.TestCase):
|
||||||
if ssl.OPENSSL_VERSION_INFO >= (1, 0):
|
if ssl.OPENSSL_VERSION_INFO >= (1, 0):
|
||||||
ssl.OP_NO_COMPRESSION
|
ssl.OP_NO_COMPRESSION
|
||||||
self.assertIn(ssl.HAS_SNI, {True, False})
|
self.assertIn(ssl.HAS_SNI, {True, False})
|
||||||
|
self.assertIn(ssl.HAS_ECDH, {True, False})
|
||||||
|
|
||||||
def test_random(self):
|
def test_random(self):
|
||||||
v = ssl.RAND_status()
|
v = ssl.RAND_status()
|
||||||
|
|
@ -561,6 +562,7 @@ class ContextTests(unittest.TestCase):
|
||||||
ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
|
ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
|
||||||
ctx.set_default_verify_paths()
|
ctx.set_default_verify_paths()
|
||||||
|
|
||||||
|
@unittest.skipUnless(ssl.HAS_ECDH, "ECDH disabled on this OpenSSL build")
|
||||||
def test_set_ecdh_curve(self):
|
def test_set_ecdh_curve(self):
|
||||||
ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
|
ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
|
||||||
ctx.set_ecdh_curve("prime256v1")
|
ctx.set_ecdh_curve("prime256v1")
|
||||||
|
|
|
||||||
|
|
@ -2006,6 +2006,7 @@ set_default_verify_paths(PySSLContext *self, PyObject *unused)
|
||||||
Py_RETURN_NONE;
|
Py_RETURN_NONE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifndef OPENSSL_NO_ECDH
|
||||||
static PyObject *
|
static PyObject *
|
||||||
set_ecdh_curve(PySSLContext *self, PyObject *name)
|
set_ecdh_curve(PySSLContext *self, PyObject *name)
|
||||||
{
|
{
|
||||||
|
|
@ -2032,6 +2033,7 @@ set_ecdh_curve(PySSLContext *self, PyObject *name)
|
||||||
EC_KEY_free(key);
|
EC_KEY_free(key);
|
||||||
Py_RETURN_NONE;
|
Py_RETURN_NONE;
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
static PyGetSetDef context_getsetlist[] = {
|
static PyGetSetDef context_getsetlist[] = {
|
||||||
{"options", (getter) get_options,
|
{"options", (getter) get_options,
|
||||||
|
|
@ -2054,8 +2056,10 @@ static struct PyMethodDef context_methods[] = {
|
||||||
METH_NOARGS, NULL},
|
METH_NOARGS, NULL},
|
||||||
{"set_default_verify_paths", (PyCFunction) set_default_verify_paths,
|
{"set_default_verify_paths", (PyCFunction) set_default_verify_paths,
|
||||||
METH_NOARGS, NULL},
|
METH_NOARGS, NULL},
|
||||||
|
#ifndef OPENSSL_NO_ECDH
|
||||||
{"set_ecdh_curve", (PyCFunction) set_ecdh_curve,
|
{"set_ecdh_curve", (PyCFunction) set_ecdh_curve,
|
||||||
METH_O, NULL},
|
METH_O, NULL},
|
||||||
|
#endif
|
||||||
{NULL, NULL} /* sentinel */
|
{NULL, NULL} /* sentinel */
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
@ -2523,6 +2527,14 @@ PyInit__ssl(void)
|
||||||
Py_INCREF(r);
|
Py_INCREF(r);
|
||||||
PyModule_AddObject(m, "HAS_TLS_UNIQUE", r);
|
PyModule_AddObject(m, "HAS_TLS_UNIQUE", r);
|
||||||
|
|
||||||
|
#ifdef OPENSSL_NO_ECDH
|
||||||
|
r = Py_False;
|
||||||
|
#else
|
||||||
|
r = Py_True;
|
||||||
|
#endif
|
||||||
|
Py_INCREF(r);
|
||||||
|
PyModule_AddObject(m, "HAS_ECDH", r);
|
||||||
|
|
||||||
/* OpenSSL version */
|
/* OpenSSL version */
|
||||||
/* SSLeay() gives us the version of the library linked against,
|
/* SSLeay() gives us the version of the library linked against,
|
||||||
which could be different from the headers version.
|
which could be different from the headers version.
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue