1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
From 7a55c37e01114dfd1ae733b099fdee1ba1889449 Mon Sep 17 00:00:00 2001
From: Rosen Penev <rosenp@gmail.com>
Date: Fri, 7 Jun 2019 21:00:46 -0700
Subject: [PATCH 3/7] Add compatibility for deprecated TLS methods
---
src/_cffi_src/openssl/ssl.py | 45 +++++++++++++++++--
.../hazmat/bindings/openssl/_conditional.py | 36 +++++++++++++++
2 files changed, 77 insertions(+), 4 deletions(-)
--- a/src/_cffi_src/openssl/ssl.py
+++ b/src/_cffi_src/openssl/ssl.py
@@ -13,12 +13,14 @@ TYPES = """
static const long Cryptography_HAS_SSL_ST;
static const long Cryptography_HAS_TLS_ST;
static const long Cryptography_HAS_SSL3_METHOD;
-static const long Cryptography_HAS_TLSv1_1;
-static const long Cryptography_HAS_TLSv1_2;
+static const long Cryptography_HAS_TLS1_METHOD;
+static const long Cryptography_HAS_TLS1_1_METHOD;
+static const long Cryptography_HAS_TLS1_2_METHOD;
static const long Cryptography_HAS_TLSv1_3;
static const long Cryptography_HAS_SECURE_RENEGOTIATION;
static const long Cryptography_HAS_SSL_CTX_CLEAR_OPTIONS;
static const long Cryptography_HAS_DTLS;
+static const long Cryptography_HAS_DTLS1_METHOD;
static const long Cryptography_HAS_SIGALGS;
static const long Cryptography_HAS_PSK;
static const long Cryptography_HAS_VERIFIED_CHAIN;
@@ -548,8 +550,43 @@ static const long Cryptography_HAS_SSL3_
static const long Cryptography_HAS_RELEASE_BUFFERS = 1;
static const long Cryptography_HAS_OP_NO_COMPRESSION = 1;
-static const long Cryptography_HAS_TLSv1_1 = 1;
-static const long Cryptography_HAS_TLSv1_2 = 1;
+
+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
+static const long Cryptography_HAS_TLS1_METHOD = 0;
+const SSL_METHOD* (*TLSv1_method)(void) = NULL;
+const SSL_METHOD* (*TLSv1_server_method)(void) = NULL;
+const SSL_METHOD* (*TLSv1_client_method)(void) = NULL;
+#else
+static const long Cryptography_HAS_TLS1_METHOD = 1;
+#endif
+
+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
+static const long Cryptography_HAS_TLS1_1_METHOD = 0;
+const SSL_METHOD* (*TLSv1_1_method)(void) = NULL;
+const SSL_METHOD* (*TLSv1_1_server_method)(void) = NULL;
+const SSL_METHOD* (*TLSv1_1_client_method)(void) = NULL;
+#else
+static const long Cryptography_HAS_TLS1_1_METHOD = 1;
+#endif
+
+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
+static const long Cryptography_HAS_TLS1_2_METHOD = 0;
+const SSL_METHOD* (*TLSv1_2_method)(void) = NULL;
+const SSL_METHOD* (*TLSv1_2_server_method)(void) = NULL;
+const SSL_METHOD* (*TLSv1_2_client_method)(void) = NULL;
+#else
+static const long Cryptography_HAS_TLS1_2_METHOD = 1;
+#endif
+
+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
+static const long Cryptography_HAS_DTLS1_METHOD = 0;
+const SSL_METHOD* (*DTLSv1_method)(void) = NULL;
+const SSL_METHOD* (*DTLSv1_server_method)(void) = NULL;
+const SSL_METHOD* (*DTLSv1_client_method)(void) = NULL;
+#else
+static const long Cryptography_HAS_DTLS1_METHOD = 1;
+#endif
+
static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING = 1;
static const long Cryptography_HAS_SSL_OP_NO_TICKET = 1;
static const long Cryptography_HAS_SSL_SET_SSL_CTX = 1;
--- a/src/cryptography/hazmat/bindings/openssl/_conditional.py
+++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py
@@ -31,6 +31,38 @@ def cryptography_has_ssl3_method():
]
+def cryptography_has_tls1_method():
+ return [
+ "TLSv1_method",
+ "TLSv1_client_method",
+ "TLSv1_server_method",
+ ]
+
+
+def cryptography_has_tls1_1_method():
+ return [
+ "TLSv1_1_method",
+ "TLSv1_1_client_method",
+ "TLSv1_1_server_method",
+ ]
+
+
+def cryptography_has_tls1_2_method():
+ return [
+ "TLSv1_2_method",
+ "TLSv1_2_client_method",
+ "TLSv1_2_server_method",
+ ]
+
+
+def cryptography_has_dtls1_method():
+ return [
+ "DTLSv1_method",
+ "DTLSv1_client_method",
+ "DTLSv1_server_method",
+ ]
+
+
def cryptography_has_102_verification():
return [
"X509_V_ERR_SUITE_B_INVALID_VERSION",
@@ -285,6 +317,10 @@ CONDITIONAL_NAMES = {
"Cryptography_HAS_RSA_OAEP_MD": cryptography_has_rsa_oaep_md,
"Cryptography_HAS_RSA_OAEP_LABEL": cryptography_has_rsa_oaep_label,
"Cryptography_HAS_SSL3_METHOD": cryptography_has_ssl3_method,
+ "Cryptography_HAS_TLS1_METHOD": cryptography_has_tls1_method,
+ "Cryptography_HAS_TLS1_1_METHOD": cryptography_has_tls1_1_method,
+ "Cryptography_HAS_TLS1_2_METHOD": cryptography_has_tls1_2_method,
+ "Cryptography_HAS_DTLS1_METHOD": cryptography_has_dtls1_method,
"Cryptography_HAS_102_VERIFICATION": cryptography_has_102_verification,
"Cryptography_HAS_110_VERIFICATION_PARAMS": (
cryptography_has_110_verification_params
|