mirror of
https://github.com/openbsd/ports.git
synced 2026-06-18 07:24:23 +02:00
tb
112 lines
4.1 KiB
Plaintext
112 lines
4.1 KiB
Plaintext
#1: XXX maybe this can go away now we have auto-init, I'm not sure exactly
|
|
what python's lock protects
|
|
|
|
#2: ERR_get_state is no longer used in OpenSSL 3.0 or libressl as of 20240303
|
|
|
|
#3 - #6: treat ASN1_STRING as opaque
|
|
|
|
#7, #8: Drop CRYPTO_THREADID noops
|
|
|
|
Index: Modules/_ssl.c
|
|
--- Modules/_ssl.c.orig
|
|
+++ Modules/_ssl.c
|
|
@@ -164,6 +164,9 @@ struct py_ssl_library_code {
|
|
#if defined(OPENSSL_VERSION_1_1) && !defined(OPENSSL_NO_SSL2)
|
|
#define OPENSSL_NO_SSL2
|
|
#endif
|
|
+#if defined(LIBRESSL_VERSION_NUMBER) && defined(WITH_THREAD)
|
|
+#define HAVE_OPENSSL_CRYPTO_LOCK
|
|
+#endif
|
|
|
|
#ifndef PY_OPENSSL_1_1_API
|
|
/* OpenSSL 1.1 API shims for OpenSSL < 1.1.0 and LibreSSL < 2.7.0 */
|
|
@@ -592,7 +595,6 @@ newPySSLSocket(PySSLContext *sslctx, PySocketSockObjec
|
|
Py_INCREF(sslctx);
|
|
|
|
/* Make sure the SSL error state is initialized */
|
|
- (void) ERR_get_state();
|
|
ERR_clear_error();
|
|
|
|
PySSL_BEGIN_ALLOW_THREADS
|
|
@@ -956,18 +958,18 @@ _get_peer_alt_names (X509 *certificate) {
|
|
goto fail;
|
|
}
|
|
|
|
- p = X509_EXTENSION_get_data(ext)->data;
|
|
+ p = ASN1_STRING_get0_data(X509_EXTENSION_get_data(ext));
|
|
if (method->it)
|
|
names = (GENERAL_NAMES*)
|
|
(ASN1_item_d2i(NULL,
|
|
&p,
|
|
- X509_EXTENSION_get_data(ext)->length,
|
|
+ ASN1_STRING_length(X509_EXTENSION_get_data(ext)),
|
|
ASN1_ITEM_ptr(method->it)));
|
|
else
|
|
names = (GENERAL_NAMES*)
|
|
(method->d2i(NULL,
|
|
&p,
|
|
- X509_EXTENSION_get_data(ext)->length));
|
|
+ ASN1_STRING_length(X509_EXTENSION_get_data(ext))));
|
|
|
|
for(j = 0; j < sk_GENERAL_NAME_num(names); j++) {
|
|
/* get a rendering of each name in the set of names */
|
|
@@ -1028,7 +1030,7 @@ _get_peer_alt_names (X509 *certificate) {
|
|
goto fail;
|
|
}
|
|
PyTuple_SET_ITEM(t, 0, v);
|
|
- v = PyString_FromStringAndSize((char *)ASN1_STRING_data(as),
|
|
+ v = PyString_FromStringAndSize((char *)ASN1_STRING_get0_data(as),
|
|
ASN1_STRING_length(as));
|
|
if (v == NULL) {
|
|
Py_DECREF(t);
|
|
@@ -1173,8 +1175,8 @@ _get_aia_uri(X509 *certificate, int nid) {
|
|
continue;
|
|
}
|
|
uri = ad->location->d.uniformResourceIdentifier;
|
|
- ostr = PyUnicode_FromStringAndSize((char *)uri->data,
|
|
- uri->length);
|
|
+ ostr = PyUnicode_FromStringAndSize((char *)ASN1_STRING_get0_data(uri),
|
|
+ ASN1_STRING_length(uri));
|
|
if (ostr == NULL) {
|
|
goto fail;
|
|
}
|
|
@@ -1240,8 +1242,8 @@ _get_crl_dp(X509 *certificate) {
|
|
continue;
|
|
}
|
|
uri = gn->d.uniformResourceIdentifier;
|
|
- ouri = PyUnicode_FromStringAndSize((char *)uri->data,
|
|
- uri->length);
|
|
+ ouri = PyUnicode_FromStringAndSize((char *)ASN1_STRING_get0_data(uri),
|
|
+ ASN1_STRING_length(uri));
|
|
if (ouri == NULL)
|
|
goto done;
|
|
|
|
@@ -4078,15 +4080,7 @@ static PyMethodDef PySSL_methods[] = {
|
|
|
|
static PyThread_type_lock *_ssl_locks = NULL;
|
|
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10000000
|
|
-/* use new CRYPTO_THREADID API. */
|
|
-static void
|
|
-_ssl_threadid_callback(CRYPTO_THREADID *id)
|
|
-{
|
|
- CRYPTO_THREADID_set_numeric(id,
|
|
- (unsigned long)PyThread_get_thread_ident());
|
|
-}
|
|
-#else
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10000000
|
|
/* deprecated CRYPTO_set_id_callback() API. */
|
|
static unsigned long
|
|
_ssl_thread_id_function (void) {
|
|
@@ -4146,9 +4140,7 @@ static int _setup_ssl_threads(void) {
|
|
}
|
|
}
|
|
CRYPTO_set_locking_callback(_ssl_thread_locking_function);
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10000000
|
|
- CRYPTO_THREADID_set_callback(_ssl_threadid_callback);
|
|
-#else
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10000000
|
|
CRYPTO_set_id_callback(_ssl_thread_id_function);
|
|
#endif
|
|
}
|