https://github.com/python/cpython/commit/972aa93692b2004b16c1499ff3c61894dcdbab95 commit: 972aa93692b2004b16c1499ff3c61894dcdbab95 branch: 3.14 author: Miss Islington (bot) <[email protected]> committer: gpshead <[email protected]> date: 2025-11-22T10:53:06-08:00 summary:
[3.14] gh-141801: Use accessors for ASN1_STRING fields in libssl (GH-141802) (#141847) gh-141801: Use accessors for ASN1_STRING fields in libssl (GH-141802) * gh-141801: Use accessors for ASN1_STRING fields While ASN1_STRING is currently exposed, it is better to use the accessors. See https://github.com/openssl/openssl/issues/29117 where, if the type were opaque, OpenSSL's X509 objects could be much more memory-efficient. * Update Modules/_ssl.c * Update Modules/_ssl.c --------- (cherry picked from commit c41fce08a5d7aae8fd9e3fa25e0ba521600e097c) Co-authored-by: David Benjamin <[email protected]> Co-authored-by: Bénédikt Tran <[email protected]> files: M Modules/_ssl.c diff --git a/Modules/_ssl.c b/Modules/_ssl.c index 051efce4cfaa99..417d5ca593158f 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -1410,14 +1410,14 @@ _get_peer_alt_names (_sslmodulestate *state, X509 *certificate) { } PyTuple_SET_ITEM(t, 0, v); - if (name->d.ip->length == 4) { - unsigned char *p = name->d.ip->data; + if (ASN1_STRING_length(name->d.ip) == 4) { + const unsigned char *p = ASN1_STRING_get0_data(name->d.ip); v = PyUnicode_FromFormat( "%d.%d.%d.%d", p[0], p[1], p[2], p[3] ); - } else if (name->d.ip->length == 16) { - unsigned char *p = name->d.ip->data; + } else if (ASN1_STRING_length(name->d.ip) == 16) { + const unsigned char *p = ASN1_STRING_get0_data(name->d.ip); v = PyUnicode_FromFormat( "%X:%X:%X:%X:%X:%X:%X:%X", p[0] << 8 | p[1], @@ -1548,8 +1548,9 @@ _get_aia_uri(X509 *certificate, int nid) { continue; } uri = ad->location->d.uniformResourceIdentifier; - ostr = PyUnicode_FromStringAndSize((char *)uri->data, - uri->length); + ostr = PyUnicode_FromStringAndSize( + (const char *)ASN1_STRING_get0_data(uri), + ASN1_STRING_length(uri)); if (ostr == NULL) { goto fail; } @@ -1615,8 +1616,9 @@ _get_crl_dp(X509 *certificate) { continue; } uri = gn->d.uniformResourceIdentifier; - ouri = PyUnicode_FromStringAndSize((char *)uri->data, - uri->length); + ouri = PyUnicode_FromStringAndSize( + (const char *)ASN1_STRING_get0_data(uri), + ASN1_STRING_length(uri)); if (ouri == NULL) goto done; _______________________________________________ Python-checkins mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3//lists/python-checkins.python.org Member address: [email protected]
