Author: Matti Picus <[email protected]>
Branch: stdlib-2.7.16
Changeset: r96685:580e7f2d8380
Date: 2019-05-26 00:56 +0300
http://bitbucket.org/pypy/pypy/changeset/580e7f2d8380/
Log: partially update _cffi_ssl to get TLSv1_3
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/openssl/ssl.py
b/lib_pypy/_cffi_ssl/_cffi_src/openssl/ssl.py
--- a/lib_pypy/_cffi_ssl/_cffi_src/openssl/ssl.py
+++ b/lib_pypy/_cffi_ssl/_cffi_src/openssl/ssl.py
@@ -17,6 +17,7 @@
static const long Cryptography_HAS_SSL3_METHOD;
static const long Cryptography_HAS_TLSv1_1;
static const long Cryptography_HAS_TLSv1_2;
+static const long Cryptography_HAS_TLSv1_3;
static const long Cryptography_HAS_SECURE_RENEGOTIATION;
static const long Cryptography_HAS_COMPRESSION;
static const long Cryptography_HAS_TLSEXT_STATUS_REQ_CB;
@@ -39,13 +40,12 @@
* supported
*/
static const long Cryptography_HAS_OP_NO_COMPRESSION;
-
static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING;
static const long Cryptography_HAS_SSL_SET_SSL_CTX;
static const long Cryptography_HAS_SSL_OP_NO_TICKET;
static const long Cryptography_HAS_NETBSD_D1_METH;
+static const long Cryptography_HAS_ALPN;
static const long Cryptography_HAS_NEXTPROTONEG;
-static const long Cryptography_HAS_ALPN;
static const long Cryptography_HAS_SET_CERT_CB;
static const long SSL_FILETYPE_PEM;
@@ -65,13 +65,13 @@
static const long SSL_OP_NO_TLSv1;
static const long SSL_OP_NO_TLSv1_1;
static const long SSL_OP_NO_TLSv1_2;
+static const long SSL_OP_NO_TLSv1_3;
static const long SSL_OP_NO_COMPRESSION;
static const long SSL_OP_SINGLE_DH_USE;
static const long SSL_OP_EPHEMERAL_RSA;
static const long SSL_OP_MICROSOFT_SESS_ID_BUG;
static const long SSL_OP_NETSCAPE_CHALLENGE_BUG;
static const long SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG;
-static const long SSL_OP_NO_SSLv2;
static const long SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG;
static const long SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER;
static const long SSL_OP_MSIE_SSLV2_RSA_PADDING;
@@ -356,7 +356,7 @@
void SSL_set_tlsext_host_name(SSL *, char *);
void SSL_CTX_set_tlsext_servername_callback(
SSL_CTX *,
- int (*)(const SSL *, int *, void *));
+ int (*)(SSL *, int *, void *));
void SSL_CTX_set_tlsext_servername_arg(
SSL_CTX *, void *);
@@ -514,10 +514,12 @@
memcpy(out, session->master_key, outlen);
return outlen;
}
-
-int SSL_SESSION_has_ticket(const SSL_SESSION *s) {
+/* from ssl/ssl_sess.c */
+int SSL_SESSION_has_ticket(const SSL_SESSION *s)
+{
return (s->tlsext_ticklen > 0) ? 1 : 0;
}
+/* from ssl/ssl_sess.c */
unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s)
{
return s->tlsext_tick_lifetime_hint;
@@ -729,4 +731,19 @@
static const long OPENSSL_NPN_NEGOTIATED = -1;
static const long Cryptography_HAS_NPN_NEGOTIATED = 0;
#endif
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111
+static const long Cryptography_HAS_TLSv1_3 = 0;
+static const long SSL_OP_NO_TLSv1_3 = 0;
+static const long SSL_VERIFY_POST_HANDSHAKE = 0;
+int (*SSL_CTX_set_ciphersuites)(SSL_CTX *, const char *) = NULL;
+int (*SSL_verify_client_post_handshake)(SSL *) = NULL;
+void (*SSL_CTX_set_post_handshake_auth)(SSL_CTX *, int) = NULL;
+void (*SSL_set_post_handshake_auth)(SSL *, int) = NULL;
+uint32_t (*SSL_SESSION_get_max_early_data)(const SSL_SESSION *) = NULL;
+int (*SSL_write_early_data)(SSL *, const void *, size_t, size_t *) = NULL;
+int (*SSL_read_early_data)(SSL *, void *, size_t, size_t *) = NULL;
+int (*SSL_CTX_set_max_early_data)(SSL_CTX *, uint32_t) = NULL;
+#else
+static const long Cryptography_HAS_TLSv1_3 = 1;
+#endif
"""
diff --git a/lib_pypy/_cffi_ssl/_stdssl/__init__.py
b/lib_pypy/_cffi_ssl/_stdssl/__init__.py
--- a/lib_pypy/_cffi_ssl/_stdssl/__init__.py
+++ b/lib_pypy/_cffi_ssl/_stdssl/__init__.py
@@ -87,6 +87,10 @@
PROTOCOL_TLSv1 = 3
PROTOCOL_TLSv1_1 = 4
PROTOCOL_TLSv1_2 = 5
+if lib.Cryptography_HAS_TLSv1_3:
+ HAS_TLSv1_3 = True
+else:
+ HAS_TLSv1_3 = False
PROTOCOL_TLS_CLIENT = 0x10
PROTOCOL_TLS_SERVER = 0x11
diff --git a/pypy/module/cpyext/include/patchlevel.h
b/pypy/module/cpyext/include/patchlevel.h
--- a/pypy/module/cpyext/include/patchlevel.h
+++ b/pypy/module/cpyext/include/patchlevel.h
@@ -26,7 +26,7 @@
#define PY_RELEASE_SERIAL 0
/* Version as a string */
-#define PY_VERSION "2.7.13"
+#define PY_VERSION "2.7.16"
/* PyPy version as a string: make sure to keep this in sync with:
* module/sys/version.py
_______________________________________________
pypy-commit mailing list
[email protected]
https://mail.python.org/mailman/listinfo/pypy-commit
