[pypy-commit] pypy openssl-1.1: Copy behavioural change from cpython: OpenSSL has ecdh enabled by default.

stefanor Fri, 28 Oct 2016 16:37:36 -0700

Author: Stefano Rivera <stef...@rivera.za.net>
Branch: openssl-1.1
Changeset: r87982:201233507447
Date: 2016-10-28 15:38 -0700
http://bitbucket.org/pypy/pypy/changeset/201233507447/


Log:    Copy behavioural change from cpython: OpenSSL has ecdh enabled by
        default.

diff --git a/pypy/module/_ssl/interp_ssl.py b/pypy/module/_ssl/interp_ssl.py
--- a/pypy/module/_ssl/interp_ssl.py
+++ b/pypy/module/_ssl/interp_ssl.py
@@ -1310,6 +1310,7 @@
             # OpenSSL 1.0.2+), or use prime256v1 by default.
             # This is Apache mod_ssl's initialization
             # policy, so we should be safe.
+            # OpenSSL 1.1 has it enabled by default.
             if libssl_SSL_CTX_set_ecdh_auto:
                 libssl_SSL_CTX_set_ecdh_auto(self.ctx, 1)
             else:
diff --git a/rpython/rlib/ropenssl.py b/rpython/rlib/ropenssl.py
--- a/rpython/rlib/ropenssl.py
+++ b/rpython/rlib/ropenssl.py
@@ -344,7 +344,7 @@
              lltype.Void, macro=True)
 ssl_external('SSL_CTX_set_tlsext_servername_arg', [SSL_CTX, rffi.VOIDP], 
lltype.Void, macro=True)
 ssl_external('SSL_CTX_set_tmp_ecdh', [SSL_CTX, EC_KEY], lltype.Void, 
macro=True)
-if OPENSSL_VERSION_NUMBER >= 0x10002000:
+if 0x10100000 > OPENSSL_VERSION_NUMBER >= 0x10002000:
     ssl_external('SSL_CTX_set_ecdh_auto', [SSL_CTX, rffi.INT], lltype.Void,
                  macro=True)
 else:
_______________________________________________
pypy-commit mailing list
pypy-commit@python.org
https://mail.python.org/mailman/listinfo/pypy-commit

[pypy-commit] pypy openssl-1.1: Copy behavioural change from cpython: OpenSSL has ecdh enabled by default.

Reply via email to