ssl.OP_NO_COMPRESSION
self.assertEqual(ssl.HAS_SNI, True)
self.assertEqual(ssl.HAS_ECDH, True)
- self.assertEqual(ssl.HAS_TLSv1_2, True)
+ self.assertIsInstance(ssl.HAS_TLSv1_2, bool)
self.assertEqual(ssl.HAS_TLSv1_3, True)
ssl.OP_NO_SSLv2
ssl.OP_NO_SSLv3
# Some sanity checks follow
# >= 1.1.1
self.assertGreaterEqual(n, 0x10101000)
- # < 4.0
- self.assertLess(n, 0x40000000)
+ # < 5.0
+ self.assertLess(n, 0x50000000)
major, minor, fix, patch, status = t
self.assertGreaterEqual(major, 1)
- self.assertLess(major, 4)
+ self.assertLess(major, 5)
self.assertGreaterEqual(minor, 0)
self.assertLess(minor, 256)
self.assertGreaterEqual(fix, 0)
ssl.OP_NO_TLSv1_2,
ssl.OP_NO_TLSv1_3
]
- protocols = [
- ssl.PROTOCOL_TLSv1,
- ssl.PROTOCOL_TLSv1_1,
- ssl.PROTOCOL_TLSv1_2,
- ssl.PROTOCOL_TLS
- ]
+ protocols = []
+ if hasattr(ssl, 'PROTOCOL_TLSv1'):
+ protocols.append(ssl.PROTOCOL_TLSv1)
+ if hasattr(ssl, 'PROTOCOL_TLSv1_1'):
+ protocols.append(ssl.PROTOCOL_TLSv1_1)
+ if hasattr(ssl, 'PROTOCOL_TLSv1_2'):
+ protocols.append(ssl.PROTOCOL_TLSv1_2)
+ protocols.append(ssl.PROTOCOL_TLS)
versions = [
ssl.TLSVersion.SSLv3,
ssl.TLSVersion.TLSv1,
ssl.TLSVersion.TLSv1,
ssl.TLSVersion.TLSv1_1,
ssl.TLSVersion.TLSv1_2,
+ ssl.TLSVersion.TLSv1_3,
ssl.TLSVersion.SSLv3,
}
)
with self.assertRaises(ValueError):
ctx.minimum_version = 42
- if has_tls_protocol(ssl.PROTOCOL_TLSv1_1):
+ if has_tls_protocol('PROTOCOL_TLSv1_1'):
ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1_1)
self.assertIn(
self.assertFalse(ctx.check_hostname)
self._assert_context_options(ctx)
- if has_tls_protocol(ssl.PROTOCOL_TLSv1):
+ if has_tls_protocol('PROTOCOL_TLSv1'):
with warnings_helper.check_warnings():
ctx = ssl._create_stdlib_context(ssl.PROTOCOL_TLSv1)
self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLSv1)
self.assertEqual(ctx.verify_mode, ssl.CERT_NONE)
self._assert_context_options(ctx)
- with warnings_helper.check_warnings():
- ctx = ssl._create_stdlib_context(
- ssl.PROTOCOL_TLSv1_2,
- cert_reqs=ssl.CERT_REQUIRED,
- check_hostname=True
- )
- self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLSv1_2)
- self.assertEqual(ctx.verify_mode, ssl.CERT_REQUIRED)
- self.assertTrue(ctx.check_hostname)
- self._assert_context_options(ctx)
+ if has_tls_protocol('PROTOCOL_TLSv1_2'):
+ with warnings_helper.check_warnings():
+ ctx = ssl._create_stdlib_context(
+ ssl.PROTOCOL_TLSv1_2,
+ cert_reqs=ssl.CERT_REQUIRED,
+ check_hostname=True
+ )
+ self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLSv1_2)
+ self.assertEqual(ctx.verify_mode, ssl.CERT_REQUIRED)
+ self.assertTrue(ctx.check_hostname)
+ self._assert_context_options(ctx)
ctx = ssl._create_stdlib_context(purpose=ssl.Purpose.CLIENT_AUTH)
self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLS_SERVER)
client_options=ssl.OP_NO_TLSv1_2)
try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_TLSv1_2, 'TLSv1.2')
- if has_tls_protocol(ssl.PROTOCOL_TLSv1):
+ if has_tls_protocol('PROTOCOL_TLSv1'):
try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_TLSv1, False)
try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1_2, False)
- if has_tls_protocol(ssl.PROTOCOL_TLSv1_1):
+ if has_tls_protocol('PROTOCOL_TLSv1_1'):
try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_TLSv1_1, False)
try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_TLSv1_2, False)
#error Unsupported OpenSSL version
#endif
+#if (OPENSSL_VERSION_NUMBER >= 0x40000000L)
+# define OPENSSL_NO_SSL3
+# define OPENSSL_NO_TLS1
+# define OPENSSL_NO_TLS1_1
+# define OPENSSL_NO_TLS1_2
+# define OPENSSL_NO_SSL3_METHOD
+# define OPENSSL_NO_TLS1_METHOD
+# define OPENSSL_NO_TLS1_1_METHOD
+# define OPENSSL_NO_TLS1_2_METHOD
+#endif
+
/* OpenSSL API 1.1.0+ does not include version methods */
#ifndef OPENSSL_NO_SSL3_METHOD
extern const SSL_METHOD *SSLv3_method(void);
static PyObject *
_create_tuple_for_attribute(_sslmodulestate *state,
- ASN1_OBJECT *name, ASN1_STRING *value)
+ const ASN1_OBJECT *name, const ASN1_STRING *value)
{
Py_ssize_t buflen;
PyObject *pyattr;
}
static PyObject *
-_create_tuple_for_X509_NAME (_sslmodulestate *state, X509_NAME *xname)
+_create_tuple_for_X509_NAME(_sslmodulestate *state, const X509_NAME *xname)
{
PyObject *dn = NULL; /* tuple which represents the "distinguished name" */
PyObject *rdn = NULL; /* tuple to hold a "relative distinguished name" */
PyObject *rdnt;
PyObject *attr = NULL; /* tuple to hold an attribute */
int entry_count = X509_NAME_entry_count(xname);
- X509_NAME_ENTRY *entry;
- ASN1_OBJECT *name;
- ASN1_STRING *value;
+ const X509_NAME_ENTRY *entry;
+ const ASN1_OBJECT *name;
+ const ASN1_STRING *value;
int index_counter;
int rdn_level = -1;
int retcode;
ADD_INT_CONST("PROTOCOL_TLS", PY_SSL_VERSION_TLS);
ADD_INT_CONST("PROTOCOL_TLS_CLIENT", PY_SSL_VERSION_TLS_CLIENT);
ADD_INT_CONST("PROTOCOL_TLS_SERVER", PY_SSL_VERSION_TLS_SERVER);
+#ifndef OPENSSL_NO_TLS1
ADD_INT_CONST("PROTOCOL_TLSv1", PY_SSL_VERSION_TLS1);
+#endif
+#ifndef OPENSSL_NO_TLS1_1
ADD_INT_CONST("PROTOCOL_TLSv1_1", PY_SSL_VERSION_TLS1_1);
+#endif
+#ifndef OPENSSL_NO_TLS1_2
ADD_INT_CONST("PROTOCOL_TLSv1_2", PY_SSL_VERSION_TLS1_2);
+#endif
#define ADD_OPTION(NAME, VALUE) if (sslmodule_add_option(m, NAME, (VALUE)) < 0) return -1
projects / thirdparty / Python / cpython.git / commitdiff
