bpo-40515: Require OPENSSL_THREADS (GH-19953)

The ``ssl`` and ``hashlib`` modules now actively check that OpenSSL is
build with thread support. Python 3.7.0 made thread support mandatory and no
longer works safely with a no-thread builds.

Signed-off-by: Christian Heimes <christian@python.org>
This commit is contained in:
Christian Heimes 2020-05-15 20:55:25 +02:00 committed by GitHub
parent 62d618c06b
commit c087a268a4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 12 additions and 1 deletions

View File

@ -0,0 +1,3 @@
The :mod:`ssl` and :mod:`hashlib` modules now actively check that OpenSSL is
build with thread support. Python 3.7.0 made thread support mandatory and no
longer works safely with a no-thread builds.

View File

@ -27,6 +27,10 @@
#include <openssl/crypto.h> // FIPS_mode() #include <openssl/crypto.h> // FIPS_mode()
#ifndef OPENSSL_THREADS
# error "OPENSSL_THREADS is not defined, Python requires thread-safe OpenSSL"
#endif
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) #if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
/* OpenSSL < 1.1.0 */ /* OpenSSL < 1.1.0 */
#define EVP_MD_CTX_new EVP_MD_CTX_create #define EVP_MD_CTX_new EVP_MD_CTX_create

View File

@ -73,6 +73,10 @@ static PySocketModule_APIObject PySocketModule;
# endif # endif
#endif #endif
#ifndef OPENSSL_THREADS
# error "OPENSSL_THREADS is not defined, Python requires thread-safe OpenSSL"
#endif
/* SSL error object */ /* SSL error object */
static PyObject *PySSLErrorObject; static PyObject *PySSLErrorObject;
static PyObject *PySSLCertVerificationErrorObject; static PyObject *PySSLCertVerificationErrorObject;
@ -6005,7 +6009,7 @@ PyInit__ssl(void)
if (!_setup_ssl_threads()) { if (!_setup_ssl_threads()) {
return NULL; return NULL;
} }
#elif OPENSSL_VERSION_1_1 && defined(OPENSSL_THREADS) #elif OPENSSL_VERSION_1_1
/* OpenSSL 1.1.0 builtin thread support is enabled */ /* OpenSSL 1.1.0 builtin thread support is enabled */
_ssl_locks_count++; _ssl_locks_count++;
#endif #endif