bpo-40515: Require OPENSSL_THREADS (GH-19953)
The ``ssl`` and ``hashlib`` modules now actively check that OpenSSL is build with thread support. Python 3.7.0 made thread support mandatory and no longer works safely with a no-thread builds. Signed-off-by: Christian Heimes <christian@python.org>
This commit is contained in:
parent
62d618c06b
commit
c087a268a4
|
@ -0,0 +1,3 @@
|
||||||
|
The :mod:`ssl` and :mod:`hashlib` modules now actively check that OpenSSL is
|
||||||
|
build with thread support. Python 3.7.0 made thread support mandatory and no
|
||||||
|
longer works safely with a no-thread builds.
|
|
@ -27,6 +27,10 @@
|
||||||
|
|
||||||
#include <openssl/crypto.h> // FIPS_mode()
|
#include <openssl/crypto.h> // FIPS_mode()
|
||||||
|
|
||||||
|
#ifndef OPENSSL_THREADS
|
||||||
|
# error "OPENSSL_THREADS is not defined, Python requires thread-safe OpenSSL"
|
||||||
|
#endif
|
||||||
|
|
||||||
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
|
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
|
||||||
/* OpenSSL < 1.1.0 */
|
/* OpenSSL < 1.1.0 */
|
||||||
#define EVP_MD_CTX_new EVP_MD_CTX_create
|
#define EVP_MD_CTX_new EVP_MD_CTX_create
|
||||||
|
|
|
@ -73,6 +73,10 @@ static PySocketModule_APIObject PySocketModule;
|
||||||
# endif
|
# endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifndef OPENSSL_THREADS
|
||||||
|
# error "OPENSSL_THREADS is not defined, Python requires thread-safe OpenSSL"
|
||||||
|
#endif
|
||||||
|
|
||||||
/* SSL error object */
|
/* SSL error object */
|
||||||
static PyObject *PySSLErrorObject;
|
static PyObject *PySSLErrorObject;
|
||||||
static PyObject *PySSLCertVerificationErrorObject;
|
static PyObject *PySSLCertVerificationErrorObject;
|
||||||
|
@ -6005,7 +6009,7 @@ PyInit__ssl(void)
|
||||||
if (!_setup_ssl_threads()) {
|
if (!_setup_ssl_threads()) {
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
#elif OPENSSL_VERSION_1_1 && defined(OPENSSL_THREADS)
|
#elif OPENSSL_VERSION_1_1
|
||||||
/* OpenSSL 1.1.0 builtin thread support is enabled */
|
/* OpenSSL 1.1.0 builtin thread support is enabled */
|
||||||
_ssl_locks_count++;
|
_ssl_locks_count++;
|
||||||
#endif
|
#endif
|
||||||
|
|
Loading…
Reference in New Issue