bpo-35926: Add support for OpenSSL 1.1.1b on Windows (GH-11779)

This commit is contained in:
Paul Monson 2019-05-15 15:38:55 -07:00 committed by Steve Dower
parent d9e006bcef
commit fb7e7505ed
12 changed files with 71 additions and 43 deletions

View File

@ -59,7 +59,7 @@ jobs:
variables: variables:
testRunTitle: '$(build.sourceBranchName)-linux' testRunTitle: '$(build.sourceBranchName)-linux'
testRunPlatform: linux testRunPlatform: linux
openssl_version: 1.1.0j openssl_version: 1.1.1b
steps: steps:
- template: ./posix-steps.yml - template: ./posix-steps.yml
@ -116,7 +116,7 @@ jobs:
variables: variables:
testRunTitle: '$(Build.SourceBranchName)-linux-coverage' testRunTitle: '$(Build.SourceBranchName)-linux-coverage'
testRunPlatform: linux-coverage testRunPlatform: linux-coverage
openssl_version: 1.1.0j openssl_version: 1.1.1b
steps: steps:
- template: ./posix-steps.yml - template: ./posix-steps.yml

View File

@ -497,8 +497,8 @@ class BaseStartTLS(func_tests.FunctionalTestCaseMixin):
server_context = test_utils.simple_server_sslcontext() server_context = test_utils.simple_server_sslcontext()
client_context = test_utils.simple_client_sslcontext() client_context = test_utils.simple_client_sslcontext()
if sys.platform.startswith('freebsd'): if sys.platform.startswith('freebsd') or sys.platform.startswith('win'):
# bpo-35031: Some FreeBSD buildbots fail to run this test # bpo-35031: Some FreeBSD and Windows buildbots fail to run this test
# as the eof was not being received by the server if the payload # as the eof was not being received by the server if the payload
# size is not big enough. This behaviour only appears if the # size is not big enough. This behaviour only appears if the
# client is using TLS1.3. # client is using TLS1.3.

View File

@ -2188,7 +2188,7 @@ class ThreadedEchoServer(threading.Thread):
self.sock, server_side=True) self.sock, server_side=True)
self.server.selected_npn_protocols.append(self.sslconn.selected_npn_protocol()) self.server.selected_npn_protocols.append(self.sslconn.selected_npn_protocol())
self.server.selected_alpn_protocols.append(self.sslconn.selected_alpn_protocol()) self.server.selected_alpn_protocols.append(self.sslconn.selected_alpn_protocol())
except (ConnectionResetError, BrokenPipeError) as e: except (ConnectionResetError, BrokenPipeError, ConnectionAbortedError) as e:
# We treat ConnectionResetError as though it were an # We treat ConnectionResetError as though it were an
# SSLError - OpenSSL on Ubuntu abruptly closes the # SSLError - OpenSSL on Ubuntu abruptly closes the
# connection when asked to use an unsupported protocol. # connection when asked to use an unsupported protocol.
@ -2196,6 +2196,9 @@ class ThreadedEchoServer(threading.Thread):
# BrokenPipeError is raised in TLS 1.3 mode, when OpenSSL # BrokenPipeError is raised in TLS 1.3 mode, when OpenSSL
# tries to send session tickets after handshake. # tries to send session tickets after handshake.
# https://github.com/openssl/openssl/issues/6342 # https://github.com/openssl/openssl/issues/6342
#
# ConnectionAbortedError is raised in TLS 1.3 mode, when OpenSSL
# tries to send session tickets after handshake when using WinSock.
self.server.conn_errors.append(str(e)) self.server.conn_errors.append(str(e))
if self.server.chatty: if self.server.chatty:
handle_error("\n server: bad connection attempt from " + repr(self.addr) + ":\n") handle_error("\n server: bad connection attempt from " + repr(self.addr) + ":\n")
@ -2326,7 +2329,7 @@ class ThreadedEchoServer(threading.Thread):
sys.stdout.write(" server: read %r (%s), sending back %r (%s)...\n" sys.stdout.write(" server: read %r (%s), sending back %r (%s)...\n"
% (msg, ctype, msg.lower(), ctype)) % (msg, ctype, msg.lower(), ctype))
self.write(msg.lower()) self.write(msg.lower())
except ConnectionResetError: except (ConnectionResetError, ConnectionAbortedError):
# XXX: OpenSSL 1.1.1 sometimes raises ConnectionResetError # XXX: OpenSSL 1.1.1 sometimes raises ConnectionResetError
# when connection is not shut down gracefully. # when connection is not shut down gracefully.
if self.server.chatty and support.verbose: if self.server.chatty and support.verbose:
@ -2336,6 +2339,18 @@ class ThreadedEchoServer(threading.Thread):
) )
self.close() self.close()
self.running = False self.running = False
except ssl.SSLError as err:
# On Windows sometimes test_pha_required_nocert receives the
# PEER_DID_NOT_RETURN_A_CERTIFICATE exception
# before the 'tlsv13 alert certificate required' exception.
# If the server is stopped when PEER_DID_NOT_RETURN_A_CERTIFICATE
# is received test_pha_required_nocert fails with ConnectionResetError
# because the underlying socket is closed
if 'PEER_DID_NOT_RETURN_A_CERTIFICATE' == err.reason:
if self.server.chatty and support.verbose:
sys.stdout.write(err.args[1])
# test_pha_required_nocert is expecting this exception
raise ssl.SSLError('tlsv13 alert certificate required')
except OSError: except OSError:
if self.server.chatty: if self.server.chatty:
handle_error("Test server failure:\n") handle_error("Test server failure:\n")

View File

@ -1104,6 +1104,7 @@ Florian Mladitsch
Doug Moen Doug Moen
Jakub Molinski Jakub Molinski
Juliette Monsel Juliette Monsel
Paul Monson
The Dragon De Monsyne The Dragon De Monsyne
Bastien Montagne Bastien Montagne
Skip Montanaro Skip Montanaro

View File

@ -0,0 +1 @@
Update to OpenSSL 1.1.1b for Windows.

View File

@ -669,7 +669,7 @@ fill_and_set_sslerror(PySSLSocket *sslsock, PyObject *type, int ssl_errno,
if (msg == NULL) if (msg == NULL)
goto fail; goto fail;
init_value = Py_BuildValue("iN", ssl_errno, msg); init_value = Py_BuildValue("iN", ERR_GET_REASON(ssl_errno), msg);
if (init_value == NULL) if (init_value == NULL)
goto fail; goto fail;

View File

@ -53,7 +53,7 @@ echo.Fetching external libraries...
set libraries= set libraries=
set libraries=%libraries% bzip2-1.0.6 set libraries=%libraries% bzip2-1.0.6
if NOT "%IncludeLibffiSrc%"=="false" set libraries=%libraries% libffi-3.3.0-rc0-r1 if NOT "%IncludeLibffiSrc%"=="false" set libraries=%libraries% libffi-3.3.0-rc0-r1
if NOT "%IncludeSSLSrc%"=="false" set libraries=%libraries% openssl-1.1.0j if NOT "%IncludeSSLSrc%"=="false" set libraries=%libraries% openssl-1.1.1b
set libraries=%libraries% sqlite-3.21.0.0 set libraries=%libraries% sqlite-3.21.0.0
if NOT "%IncludeTkinterSrc%"=="false" set libraries=%libraries% tcl-core-8.6.9.0 if NOT "%IncludeTkinterSrc%"=="false" set libraries=%libraries% tcl-core-8.6.9.0
if NOT "%IncludeTkinterSrc%"=="false" set libraries=%libraries% tk-8.6.9.0 if NOT "%IncludeTkinterSrc%"=="false" set libraries=%libraries% tk-8.6.9.0
@ -77,7 +77,7 @@ echo.Fetching external binaries...
set binaries= set binaries=
if NOT "%IncludeLibffi%"=="false" set binaries=%binaries% libffi if NOT "%IncludeLibffi%"=="false" set binaries=%binaries% libffi
if NOT "%IncludeSSL%"=="false" set binaries=%binaries% openssl-bin-1.1.0j if NOT "%IncludeSSL%"=="false" set binaries=%binaries% openssl-bin-1.1.1b
if NOT "%IncludeTkinter%"=="false" set binaries=%binaries% tcltk-8.6.9.0 if NOT "%IncludeTkinter%"=="false" set binaries=%binaries% tcltk-8.6.9.0
if NOT "%IncludeSSLSrc%"=="false" set binaries=%binaries% nasm-2.11.06 if NOT "%IncludeSSLSrc%"=="false" set binaries=%binaries% nasm-2.11.06

View File

@ -11,7 +11,8 @@
</ItemDefinitionGroup> </ItemDefinitionGroup>
<PropertyGroup> <PropertyGroup>
<_DLLSuffix>-1_1</_DLLSuffix> <_DLLSuffix>-1_1</_DLLSuffix>
<_DLLSuffix Condition="$(Platform) == 'x64'">$(_DLLSuffix)-x64</_DLLSuffix> <_DLLSuffix Condition="$(Platform) == 'ARM'">$(_DLLSuffix)-arm</_DLLSuffix>
<_DLLSuffix Condition="$(Platform) == 'ARM64'">$(_DLLSuffix)-arm64</_DLLSuffix>
</PropertyGroup> </PropertyGroup>
<ItemGroup> <ItemGroup>
<_SSLDLL Include="$(opensslOutDir)\libcrypto$(_DLLSuffix).dll" /> <_SSLDLL Include="$(opensslOutDir)\libcrypto$(_DLLSuffix).dll" />

View File

@ -1,38 +1,22 @@
<?xml version="1.0" encoding="utf-8"?> <?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> <Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations"> <ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32"> <ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration> <Configuration>Release</Configuration>
<Platform>Win32</Platform> <Platform>Win32</Platform>
</ProjectConfiguration> </ProjectConfiguration>
<ProjectConfiguration Include="PGInstrument|Win32">
<Configuration>PGInstrument</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="PGInstrument|x64">
<Configuration>PGInstrument</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="PGUpdate|Win32">
<Configuration>PGUpdate</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="PGUpdate|x64">
<Configuration>PGUpdate</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|x64">
<Configuration>Debug</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64"> <ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration> <Configuration>Release</Configuration>
<Platform>x64</Platform> <Platform>x64</Platform>
</ProjectConfiguration> </ProjectConfiguration>
<ProjectConfiguration Include="Release|ARM">
<Configuration>Release</Configuration>
<Platform>ARM</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|ARM64">
<Configuration>Release</Configuration>
<Platform>ARM64</Platform>
</ProjectConfiguration>
</ItemGroup> </ItemGroup>
<PropertyGroup Label="Globals"> <PropertyGroup Label="Globals">
<ProjectGuid>{B5FD6F1D-129E-4BFF-9340-03606FAC7283}</ProjectGuid> <ProjectGuid>{B5FD6F1D-129E-4BFF-9340-03606FAC7283}</ProjectGuid>
@ -40,15 +24,36 @@
<Import Project="python.props" /> <Import Project="python.props" />
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" /> <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Label="Configuration"> <PropertyGroup Label="Configuration" Condition="$(Platform) == 'Win32'">
<ConfigurationType>Makefile</ConfigurationType> <ConfigurationType>Makefile</ConfigurationType>
<Bitness>32</Bitness> <Bitness>32</Bitness>
<Bitness Condition="$(Platform) == 'x64'">64</Bitness>
<ArchName>x86</ArchName> <ArchName>x86</ArchName>
<ArchName Condition="$(Platform) == 'x64'">amd64</ArchName>
<OpenSSLPlatform>VC-WIN32</OpenSSLPlatform> <OpenSSLPlatform>VC-WIN32</OpenSSLPlatform>
<OpenSSLPlatform Condition="$(Platform) == 'x64'">VC-WIN64A</OpenSSLPlatform> <SupportSigning>true</SupportSigning>
</PropertyGroup>
<PropertyGroup Label="Configuration" Condition="$(Platform) == 'x64'">
<ConfigurationType>Makefile</ConfigurationType>
<Bitness>64</Bitness>
<ArchName>amd64</ArchName>
<OpenSSLPlatform>VC-WIN64A-masm</OpenSSLPlatform>
<SupportSigning>true</SupportSigning>
</PropertyGroup>
<PropertyGroup Label="Configuration" Condition="$(Platform) == 'ARM'">
<ConfigurationType>Makefile</ConfigurationType>
<Bitness>ARM</Bitness>
<ArchName>ARM</ArchName>
<OpenSSLPlatform>VC-WIN32-ARM</OpenSSLPlatform>
<SupportSigning>true</SupportSigning>
</PropertyGroup>
<PropertyGroup Label="Configuration" Condition="$(Platform) == 'ARM64'">
<ConfigurationType>Makefile</ConfigurationType>
<Bitness>ARM64</Bitness>
<ArchName>ARM64</ArchName>
<OpenSSLPlatform>VC-WIN64-ARM</OpenSSLPlatform>
<SupportSigning>true</SupportSigning> <SupportSigning>true</SupportSigning>
</PropertyGroup> </PropertyGroup>

View File

@ -42,7 +42,7 @@ if ERRORLEVEL 1 (echo Cannot locate MSBuild.exe on PATH or as MSBUILD variable &
call "%PCBUILD%\find_python.bat" "%PYTHON%" call "%PCBUILD%\find_python.bat" "%PYTHON%"
if ERRORLEVEL 1 (echo Cannot locate python.exe on PATH or as PYTHON variable & exit /b 3) if ERRORLEVEL 1 (echo Cannot locate python.exe on PATH or as PYTHON variable & exit /b 3)
call "%PCBUILD%\get_externals.bat" --openssl-src %ORG_SETTING% call "%PCBUILD%\get_externals.bat" --openssl-src --no-openssl %ORG_SETTING%
if "%PERL%" == "" where perl > "%TEMP%\perl.loc" 2> nul && set /P PERL= <"%TEMP%\perl.loc" & del "%TEMP%\perl.loc" if "%PERL%" == "" where perl > "%TEMP%\perl.loc" 2> nul && set /P PERL= <"%TEMP%\perl.loc" & del "%TEMP%\perl.loc"
if "%PERL%" == "" (echo Cannot locate perl.exe on PATH or as PERL variable & exit /b 4) if "%PERL%" == "" (echo Cannot locate perl.exe on PATH or as PERL variable & exit /b 4)
@ -51,4 +51,8 @@ if "%PERL%" == "" (echo Cannot locate perl.exe on PATH or as PERL variable & exi
if errorlevel 1 exit /b if errorlevel 1 exit /b
%MSBUILD% "%PCBUILD%\openssl.vcxproj" /p:Configuration=Release /p:Platform=x64 %MSBUILD% "%PCBUILD%\openssl.vcxproj" /p:Configuration=Release /p:Platform=x64
if errorlevel 1 exit /b if errorlevel 1 exit /b
%MSBUILD% "%PCBUILD%\openssl.vcxproj" /p:Configuration=Release /p:Platform=ARM
if errorlevel 1 exit /b
%MSBUILD% "%PCBUILD%\openssl.vcxproj" /p:Configuration=Release /p:Platform=ARM64
if errorlevel 1 exit /b

View File

@ -26,6 +26,7 @@
--> -->
<ArchName Condition="'$(ArchName)' == '' and $(Platform) == 'x64'">amd64</ArchName> <ArchName Condition="'$(ArchName)' == '' and $(Platform) == 'x64'">amd64</ArchName>
<ArchName Condition="'$(ArchName)' == '' and $(Platform) == 'ARM'">arm32</ArchName> <ArchName Condition="'$(ArchName)' == '' and $(Platform) == 'ARM'">arm32</ArchName>
<ArchName Condition="'$(ArchName)' == '' and $(Platform) == 'ARM64'">arm64</ArchName>
<ArchName Condition="'$(ArchName)' == ''">win32</ArchName> <ArchName Condition="'$(ArchName)' == ''">win32</ArchName>
<!-- Root directory of the repository --> <!-- Root directory of the repository -->
@ -56,8 +57,8 @@
<libffiDir>$(ExternalsDir)libffi\</libffiDir> <libffiDir>$(ExternalsDir)libffi\</libffiDir>
<libffiOutDir>$(ExternalsDir)libffi\$(ArchName)\</libffiOutDir> <libffiOutDir>$(ExternalsDir)libffi\$(ArchName)\</libffiOutDir>
<libffiIncludeDir>$(libffiOutDir)include</libffiIncludeDir> <libffiIncludeDir>$(libffiOutDir)include</libffiIncludeDir>
<opensslDir>$(ExternalsDir)openssl-1.1.0j\</opensslDir> <opensslDir>$(ExternalsDir)openssl-1.1.1b\</opensslDir>
<opensslOutDir>$(ExternalsDir)openssl-bin-1.1.0j\$(ArchName)\</opensslOutDir> <opensslOutDir>$(ExternalsDir)openssl-bin-1.1.1b\$(ArchName)\</opensslOutDir>
<opensslIncludeDir>$(opensslOutDir)include</opensslIncludeDir> <opensslIncludeDir>$(opensslOutDir)include</opensslIncludeDir>
<nasmDir>$(ExternalsDir)\nasm-2.11.06\</nasmDir> <nasmDir>$(ExternalsDir)\nasm-2.11.06\</nasmDir>
<zlibDir>$(ExternalsDir)\zlib-1.2.11\</zlibDir> <zlibDir>$(ExternalsDir)\zlib-1.2.11\</zlibDir>

View File

@ -165,7 +165,7 @@ _lzma
Homepage: Homepage:
http://tukaani.org/xz/ http://tukaani.org/xz/
_ssl _ssl
Python wrapper for version 1.1.0h of the OpenSSL secure sockets Python wrapper for version 1.1.1b of the OpenSSL secure sockets
library, which is downloaded from our binaries repository at library, which is downloaded from our binaries repository at
https://github.com/python/cpython-bin-deps. https://github.com/python/cpython-bin-deps.