From: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> Date: Thu, 21 Jul 2022 19:11:07 +0000 (-0700) Subject: gh-95095: Use SSL_CTX_get_max_proto_version instead of SSL_CTX_ctrl (GH-95096) X-Git-Tag: v3.11.0b5~31 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=120f226889b3b89e0cb804baccd6e9e3af76a39a;p=thirdparty%2FPython%2Fcpython.git gh-95095: Use SSL_CTX_get_max_proto_version instead of SSL_CTX_ctrl (GH-95096) The wrapper macros are more readable and match the form recommended in the OpenSSL documentation. They also slightly less error-prone, as the mapping of arguments to SSL_CTX_ctrl is not always clear. (Though in this case it's straightforward.) https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_get_max_proto_version.html (cherry picked from commit 936f71e5d4f50f2238b0320d44f7fb5f88e39809) Co-authored-by: David Benjamin --- diff --git a/Modules/_ssl.c b/Modules/_ssl.c index 6d5c0199b788..6071202104fa 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -3518,7 +3518,7 @@ set_min_max_proto_version(PySSLContext *self, PyObject *arg, int what) static PyObject * get_minimum_version(PySSLContext *self, void *c) { - int v = SSL_CTX_ctrl(self->ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL); + int v = SSL_CTX_get_min_proto_version(self->ctx); if (v == 0) { v = PY_PROTO_MINIMUM_SUPPORTED; } @@ -3534,7 +3534,7 @@ set_minimum_version(PySSLContext *self, PyObject *arg, void *c) static PyObject * get_maximum_version(PySSLContext *self, void *c) { - int v = SSL_CTX_ctrl(self->ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL); + int v = SSL_CTX_get_max_proto_version(self->ctx); if (v == 0) { v = PY_PROTO_MAXIMUM_SUPPORTED; }