File openssl-300-compatibility.patch of Package python36

Overview Repositories Revisions Requests Users Attributes Meta

File openssl-300-compatibility.patch of Package python36

From 3a3ef442ab9b4138e2e4cf446c3cd9f86a88df67 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= <mcepl@cepl.eu>
Date: Thu, 4 Apr 2024 22:35:33 +0200
Subject: [PATCH] OpenSSL 3.0.0 compatibility

test_openssl_version now accepts version 3.0.0.

getpeercert() no longer returns IPv6 addresses with a trailing new line.

(cherry picked from commit gh#python/cpython@2b7de6696bf2)

Fixes: bpo#38820
From-PR: gh#python/cpython!17190
Patch: openssl-300-compatibility.patch
Released-in: 3.9.0
Signed-off-by: Christian Heimes <christian@python.org>
---
 Lib/test/test_ssl.py | 48 +++++++++++++++++++++++++-------------------
 setup.py             | 33 ------------------------------
 2 files changed, 27 insertions(+), 54 deletions(-)

diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index cb73f804ae9..443ef5df742 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -96,6 +96,12 @@ OP_SINGLE_ECDH_USE = getattr(ssl, "OP_SINGLE_ECDH_USE", 0)
 OP_CIPHER_SERVER_PREFERENCE = getattr(ssl, "OP_CIPHER_SERVER_PREFERENCE", 0)
 OP_ENABLE_MIDDLEBOX_COMPAT = getattr(ssl, "OP_ENABLE_MIDDLEBOX_COMPAT", 0)
 
+def clean_OpenSSL30_san(in_tup):
+    if ssl._OPENSSL_API_VERSION >= (3, 0, 0):
+        return tuple([(x,y.strip() if type(y) == str else y)
+                      for x, y in in_tup])
+    else:
+        return in_tup
 
 def handle_error(prefix):
     exc_format = ' '.join(traceback.format_exception(*sys.exc_info()))
@@ -377,29 +383,29 @@ class BasicSocketTests(unittest.TestCase):
                    ('URI', 'http://null.python.org\x00http://example.org'),
                    ('IP Address', '192.0.2.1'),
                    ('IP Address', '<invalid>'))
+        san = clean_OpenSSL30_san(san)
 
         self.assertEqual(p['subjectAltName'], san)
 
     def test_parse_all_sans(self):
         p = ssl._ssl._test_decode_cert(ALLSANFILE)
-        self.assertEqual(p['subjectAltName'],
-            (
-                ('DNS', 'allsans'),
-                ('othername', '<unsupported>'),
-                ('othername', '<unsupported>'),
-                ('email', 'user@example.org'),
-                ('DNS', 'www.example.org'),
-                ('DirName',
-                    ((('countryName', 'XY'),),
-                    (('localityName', 'Castle Anthrax'),),
-                    (('organizationName', 'Python Software Foundation'),),
-                    (('commonName', 'dirname example'),))),
-                ('URI', 'https://www.python.org/'),
-                ('IP Address', '127.0.0.1'),
-                ('IP Address', '0:0:0:0:0:0:0:1\n'),
-                ('Registered ID', '1.2.3.4.5')
-            )
-        )
+        expected = clean_OpenSSL30_san((
+            ('DNS', 'allsans'),
+            ('othername', '<unsupported>'),
+            ('othername', '<unsupported>'),
+            ('email', 'user@example.org'),
+            ('DNS', 'www.example.org'),
+            ('DirName',
+                ((('countryName', 'XY'),),
+                (('localityName', 'Castle Anthrax'),),
+                (('organizationName', 'Python Software Foundation'),),
+                (('commonName', 'dirname example'),))),
+            ('URI', 'https://www.python.org/'),
+            ('IP Address', '127.0.0.1'),
+            ('IP Address', '0:0:0:0:0:0:0:1\n'),
+            ('Registered ID', '1.2.3.4.5')
+        ))
+        self.assertEqual(p['subjectAltName'], expected)
 
     def test_DER_to_PEM(self):
         with open(CAFILE_CACERT, 'r') as f:
@@ -423,11 +429,11 @@ class BasicSocketTests(unittest.TestCase):
         # Some sanity checks follow
         # >= 0.9
         self.assertGreaterEqual(n, 0x900000)
-        # < 3.0
-        self.assertLess(n, 0x30000000)
+        # < 3.3
+        self.assertLess(n, 0x33000000)
         major, minor, fix, patch, status = t
         self.assertGreaterEqual(major, 0)
-        self.assertLess(major, 3)
+        self.assertLess(major, 4)
         self.assertGreaterEqual(minor, 0)
         self.assertLess(minor, 256)
         self.assertGreaterEqual(fix, 0)
diff --git a/setup.py b/setup.py
index e2c18982532..2cdcc2fcfa4 100644
--- a/setup.py
+++ b/setup.py
@@ -873,47 +873,14 @@ class PyBuildExt(build_ext):
         else:
             missing.append('_ssl')
 
-        # find out which version of OpenSSL we have
-        openssl_ver = 0
-        openssl_ver_re = re.compile(
-            r'^\s*#\s*define\s+OPENSSL_VERSION_NUMBER\s+(0x[0-9a-fA-F]+)' )
-
-        # look for the openssl version header on the compiler search path.
-        opensslv_h = find_file('openssl/opensslv.h', [],
-                inc_dirs + search_for_ssl_incs_in)
-        if opensslv_h:
-            name = os.path.join(opensslv_h[0], 'openssl/opensslv.h')
-            if host_platform == 'darwin' and is_macosx_sdk_path(name):
-                name = os.path.join(macosx_sdk_root(), name[1:])
-            try:
-                with open(name, 'r') as incfile:
-                    for line in incfile:
-                        m = openssl_ver_re.match(line)
-                        if m:
-                            openssl_ver = int(m.group(1), 16)
-                            break
-            except IOError as msg:
-                print("IOError while reading opensshv.h:", msg)
-
-        #print('openssl_ver = 0x%08x' % openssl_ver)
-        min_openssl_ver = 0x00907000
         have_any_openssl = ssl_incs is not None and ssl_libs is not None
-        have_usable_openssl = (have_any_openssl and
-                               openssl_ver >= min_openssl_ver)
 
         if have_any_openssl:
-            if have_usable_openssl:
-                # The _hashlib module wraps optimized implementations
-                # of hash functions from the OpenSSL library.
                 exts.append( Extension('_hashlib', ['_hashopenssl.c'],
                                        depends = ['hashlib.h'],
                                        include_dirs = ssl_incs,
                                        library_dirs = ssl_libs,
                                        libraries = ['ssl', 'crypto']) )
-            else:
-                print("warning: openssl 0x%08x is too old for _hashlib" %
-                      openssl_ver)
-                missing.append('_hashlib')
 
         # We always compile these even when OpenSSL is available (issue #14693).
         # It's harmless and the object code is tiny (40-50 KB per module,
-- 
2.46.1

Places

File openssl-300-compatibility.patch of Package python36

Places