FreeBSD Bugzilla – Attachment 186660 Details for
Bug 222552
lang/python27: Fix OpenSSL 1.1 issues with 2.7/3.5/3.6
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
svn diff for lang/python27,35,36
patch-lang_python-issue30622 (text/plain), 19.61 KB, created by
Bernard Spil
on 2017-09-24 12:43:42 UTC
(
hide
)
Description:
svn diff for lang/python27,35,36
Filename:
MIME Type:
Creator:
Bernard Spil
Created:
2017-09-24 12:43:42 UTC
Size:
19.61 KB
patch
obsolete
>Index: lang/python27/Makefile >=================================================================== >--- lang/python27/Makefile (revision 449587) >+++ lang/python27/Makefile (working copy) >@@ -13,8 +13,6 @@ > > LICENSE= PSFL > >-BROKEN_SSL= openssl-devel >- > USES= cpe ncurses pathfix pkgconfig readline:port ssl tar:xz shebangfix > PATHFIX_MAKEFILEIN= Makefile.pre.in > USE_LDCONFIG= yes >Index: lang/python27/files/patch-issue30622 >=================================================================== >--- lang/python27/files/patch-issue30622 (nonexistent) >+++ lang/python27/files/patch-issue30622 (working copy) >@@ -0,0 +1,134 @@ >+From 72ed233167b10d3a488d30a8ec3a17e412a7dd69 Mon Sep 17 00:00:00 2001 >+From: Christian Heimes <christian@python.org> >+Date: Tue, 5 Sep 2017 01:11:40 +0200 >+Subject: [PATCH] [2.7] bpo-30622: Change NPN detection: (GH-2079) (#3316) >+ >+* Change NPN detection: >+ >+Version breakdown, support disabled (pre-patch/post-patch): >+- pre-1.0.1: OPENSSL_NPN_NEGOTIATED will not be defined -> False/False >+- 1.0.1 and 1.0.2: OPENSSL_NPN_NEGOTIATED will not be defined -> >+False/False >+- 1.1.0+: OPENSSL_NPN_NEGOTIATED will be defined and >+OPENSSL_NO_NEXTPROTONEG will be defined -> True/False >+ >+Version breakdown support enabled (pre-patch/post-patch): >+- pre-1.0.1: OPENSSL_NPN_NEGOTIATED will not be defined -> False/False >+- 1.0.1 and 1.0.2: OPENSSL_NPN_NEGOTIATED will be defined and >+OPENSSL_NO_NEXTPROTONEG will not be defined -> True/True >+- 1.1.0+: OPENSSL_NPN_NEGOTIATED will be defined and >+OPENSSL_NO_NEXTPROTONEG will not be defined -> True/True >+ >+* Refine NPN guard: >+ >+- If NPN is disabled, but ALPN is available we need our callback >+- Make clinic's ssl behave the same way >+ >+This created a working ssl module for me, with NPN disabled and ALPN >+enabled for OpenSSL 1.1.0f. >+ >+Concerns to address: >+The initial commit for NPN support into OpenSSL [1], had the >+OPENSSL_NPN_* variables defined inside the OPENSSL_NO_NEXTPROTONEG >+guard. The question is if that ever made it into a release. >+This would need an ugly hack, something like: >+ >+ GH-if defined(OPENSSL_NO_NEXTPROTONEG) && \ >+ !defined(OPENSSL_NPN_NEGOTIATED) >+ GH- define OPENSSL_NPN_UNSUPPORTED 0 >+ GH- define OPENSSL_NPN_NEGOTIATED 1 >+ GH- define OPENSSL_NPN_NO_OVERLAP 2 >+ GH-endif >+ >+[1] https://github.com/openssl/openssl/commit/68b33cc5c7. >+(cherry picked from commit b2d096bd2a5ff86e53c25d00ee5fa097b36bf1d8) >+--- >+ Modules/_ssl.c | 16 +++++++++------- >+ 1 file changed, 9 insertions(+), 7 deletions(-) >+ >+diff --git a/Modules/_ssl.c b/Modules/_ssl.c >+index 213c7d21510..832b5f96bff 100644 >+--- Modules/_ssl.c.orig >++++ Modules/_ssl.c >+@@ -280,7 +280,7 @@ static unsigned int _ssl_locks_count = 0; >+ typedef struct { >+ PyObject_HEAD >+ SSL_CTX *ctx; >+-#ifdef OPENSSL_NPN_NEGOTIATED >++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) >+ unsigned char *npn_protocols; >+ int npn_protocols_len; >+ #endif >+@@ -1502,7 +1502,7 @@ static PyObject *PySSL_version(PySSLSocket *self) >+ return PyUnicode_FromString(version); >+ } >+ >+-#ifdef OPENSSL_NPN_NEGOTIATED >++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) >+ static PyObject *PySSL_selected_npn_protocol(PySSLSocket *self) { >+ const unsigned char *out; >+ unsigned int outlen; >+@@ -2036,7 +2036,7 @@ static PyMethodDef PySSLMethods[] = { >+ PySSL_peercert_doc}, >+ {"cipher", (PyCFunction)PySSL_cipher, METH_NOARGS}, >+ {"version", (PyCFunction)PySSL_version, METH_NOARGS}, >+-#ifdef OPENSSL_NPN_NEGOTIATED >++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) >+ {"selected_npn_protocol", (PyCFunction)PySSL_selected_npn_protocol, METH_NOARGS}, >+ #endif >+ #ifdef HAVE_ALPN >+@@ -2140,7 +2140,7 @@ context_new(PyTypeObject *type, PyObject *args, PyObject *kwds) >+ return NULL; >+ } >+ self->ctx = ctx; >+-#ifdef OPENSSL_NPN_NEGOTIATED >++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) >+ self->npn_protocols = NULL; >+ #endif >+ #ifdef HAVE_ALPN >+@@ -2218,7 +2218,7 @@ context_dealloc(PySSLContext *self) >+ PyObject_GC_UnTrack(self); >+ context_clear(self); >+ SSL_CTX_free(self->ctx); >+-#ifdef OPENSSL_NPN_NEGOTIATED >++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) >+ PyMem_FREE(self->npn_protocols); >+ #endif >+ #ifdef HAVE_ALPN >+@@ -2248,7 +2248,7 @@ set_ciphers(PySSLContext *self, PyObject *args) >+ Py_RETURN_NONE; >+ } >+ >+-#ifdef OPENSSL_NPN_NEGOTIATED >++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) || defined(HAVE_ALPN) >+ static int >+ do_protocol_selection(int alpn, unsigned char **out, unsigned char *outlen, >+ const unsigned char *server_protocols, unsigned int server_protocols_len, >+@@ -2272,7 +2272,9 @@ do_protocol_selection(int alpn, unsigned char **out, unsigned char *outlen, >+ >+ return SSL_TLSEXT_ERR_OK; >+ } >++#endif >+ >++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) >+ /* this callback gets passed to SSL_CTX_set_next_protos_advertise_cb */ >+ static int >+ _advertiseNPN_cb(SSL *s, >+@@ -2307,7 +2309,7 @@ _selectNPN_cb(SSL *s, >+ static PyObject * >+ _set_npn_protocols(PySSLContext *self, PyObject *args) >+ { >+-#ifdef OPENSSL_NPN_NEGOTIATED >++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) >+ Py_buffer protos; >+ >+ if (!PyArg_ParseTuple(args, "s*:set_npn_protocols", &protos)) >+@@ -4305,7 +4307,7 @@ init_ssl(void) >+ Py_INCREF(r); >+ PyModule_AddObject(m, "HAS_ECDH", r); >+ >+-#ifdef OPENSSL_NPN_NEGOTIATED >++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) >+ r = Py_True; >+ #else >+ r = Py_False; > >Property changes on: lang/python27/files/patch-issue30622 >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property >Index: lang/python35/Makefile >=================================================================== >--- lang/python35/Makefile (revision 449851) >+++ lang/python35/Makefile (working copy) >@@ -14,8 +14,6 @@ > > LICENSE= PSFL > >-BROKEN_SSL= openssl-devel >- > USES= cpe ncurses pathfix pkgconfig readline:port ssl tar:xz shebangfix > PATHFIX_MAKEFILEIN= Makefile.pre.in > USE_LDCONFIG= yes >Index: lang/python35/files/patch-issue30622 >=================================================================== >--- lang/python35/files/patch-issue30622 (nonexistent) >+++ lang/python35/files/patch-issue30622 (working copy) >@@ -0,0 +1,154 @@ >+From 7316c6d4a57931e9786c06eae168b227d7463317 Mon Sep 17 00:00:00 2001 >+From: Christian Heimes <christian@python.org> >+Date: Tue, 5 Sep 2017 16:00:44 +0200 >+Subject: [PATCH] [3.6] bpo-30622: Change NPN detection: (GH-2079) (#3314) >+ >+* Change NPN detection: >+ >+Version breakdown, support disabled (pre-patch/post-patch): >+- pre-1.0.1: OPENSSL_NPN_NEGOTIATED will not be defined -> False/False >+- 1.0.1 and 1.0.2: OPENSSL_NPN_NEGOTIATED will not be defined -> >+False/False >+- 1.1.0+: OPENSSL_NPN_NEGOTIATED will be defined and >+OPENSSL_NO_NEXTPROTONEG will be defined -> True/False >+ >+Version breakdown support enabled (pre-patch/post-patch): >+- pre-1.0.1: OPENSSL_NPN_NEGOTIATED will not be defined -> False/False >+- 1.0.1 and 1.0.2: OPENSSL_NPN_NEGOTIATED will be defined and >+OPENSSL_NO_NEXTPROTONEG will not be defined -> True/True >+- 1.1.0+: OPENSSL_NPN_NEGOTIATED will be defined and >+OPENSSL_NO_NEXTPROTONEG will not be defined -> True/True >+ >+* Refine NPN guard: >+ >+- If NPN is disabled, but ALPN is available we need our callback >+- Make clinic's ssl behave the same way >+ >+This created a working ssl module for me, with NPN disabled and ALPN >+enabled for OpenSSL 1.1.0f. >+ >+Concerns to address: >+The initial commit for NPN support into OpenSSL [1], had the >+OPENSSL_NPN_* variables defined inside the OPENSSL_NO_NEXTPROTONEG >+guard. The question is if that ever made it into a release. >+This would need an ugly hack, something like: >+ >+ GH-if defined(OPENSSL_NO_NEXTPROTONEG) && \ >+ !defined(OPENSSL_NPN_NEGOTIATED) >+ GH- define OPENSSL_NPN_UNSUPPORTED 0 >+ GH- define OPENSSL_NPN_NEGOTIATED 1 >+ GH- define OPENSSL_NPN_NO_OVERLAP 2 >+ GH-endif >+ >+[1] https://github.com/openssl/openssl/commit/68b33cc5c7 >+(cherry picked from commit b2d096b) >+--- >+ Modules/_ssl.c | 16 +++++++++------- >+ Modules/clinic/_ssl.c.h | 6 +++--- >+ 2 files changed, 12 insertions(+), 10 deletions(-) >+ >+diff --git a/Modules/_ssl.c b/Modules/_ssl.c >+index ae38386ca02..6b6f2b1135c 100644 >+--- Modules/_ssl.c.orig >++++ Modules/_ssl.c >+@@ -279,7 +279,7 @@ static unsigned int _ssl_locks_count = 0; >+ typedef struct { >+ PyObject_HEAD >+ SSL_CTX *ctx; >+-#ifdef OPENSSL_NPN_NEGOTIATED >++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) >+ unsigned char *npn_protocols; >+ int npn_protocols_len; >+ #endif >+@@ -1693,7 +1693,7 @@ _ssl__SSLSocket_version_impl(PySSLSocket *self) >+ return PyUnicode_FromString(version); >+ } >+ >+-#ifdef OPENSSL_NPN_NEGOTIATED >++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) >+ /*[clinic input] >+ _ssl._SSLSocket.selected_npn_protocol >+ [clinic start generated code]*/ >+@@ -2645,7 +2645,7 @@ _ssl__SSLContext_impl(PyTypeObject *type, int proto_version) >+ return NULL; >+ } >+ self->ctx = ctx; >+-#ifdef OPENSSL_NPN_NEGOTIATED >++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) >+ self->npn_protocols = NULL; >+ #endif >+ #ifdef HAVE_ALPN >+@@ -2780,7 +2780,7 @@ context_dealloc(PySSLContext *self) >+ PyObject_GC_UnTrack(self); >+ context_clear(self); >+ SSL_CTX_free(self->ctx); >+-#ifdef OPENSSL_NPN_NEGOTIATED >++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) >+ PyMem_FREE(self->npn_protocols); >+ #endif >+ #ifdef HAVE_ALPN >+@@ -2858,7 +2858,7 @@ _ssl__SSLContext_get_ciphers_impl(PySSLContext *self) >+ #endif >+ >+ >+-#ifdef OPENSSL_NPN_NEGOTIATED >++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) || defined(HAVE_ALPN) >+ static int >+ do_protocol_selection(int alpn, unsigned char **out, unsigned char *outlen, >+ const unsigned char *server_protocols, unsigned int server_protocols_len, >+@@ -2882,7 +2882,9 @@ do_protocol_selection(int alpn, unsigned char **out, unsigned char *outlen, >+ >+ return SSL_TLSEXT_ERR_OK; >+ } >++#endif >+ >++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) >+ /* this callback gets passed to SSL_CTX_set_next_protos_advertise_cb */ >+ static int >+ _advertiseNPN_cb(SSL *s, >+@@ -2925,7 +2927,7 @@ _ssl__SSLContext__set_npn_protocols_impl(PySSLContext *self, >+ Py_buffer *protos) >+ /*[clinic end generated code: output=72b002c3324390c6 input=319fcb66abf95bd7]*/ >+ { >+-#ifdef OPENSSL_NPN_NEGOTIATED >++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) >+ PyMem_Free(self->npn_protocols); >+ self->npn_protocols = PyMem_Malloc(protos->len); >+ if (self->npn_protocols == NULL) >+@@ -5391,7 +5393,7 @@ PyInit__ssl(void) >+ Py_INCREF(r); >+ PyModule_AddObject(m, "HAS_ECDH", r); >+ >+-#ifdef OPENSSL_NPN_NEGOTIATED >++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) >+ r = Py_True; >+ #else >+ r = Py_False; >+diff --git a/Modules/clinic/_ssl.c.h b/Modules/clinic/_ssl.c.h >+index 75f8f5a60bb..6f748903f4e 100644 >+--- Modules/clinic/_ssl.c.h.orig >++++ Modules/clinic/_ssl.c.h >+@@ -132,7 +132,7 @@ _ssl__SSLSocket_version(PySSLSocket *self, PyObject *Py_UNUSED(ignored)) >+ return _ssl__SSLSocket_version_impl(self); >+ } >+ >+-#if defined(OPENSSL_NPN_NEGOTIATED) >++#if (defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)) >+ >+ PyDoc_STRVAR(_ssl__SSLSocket_selected_npn_protocol__doc__, >+ "selected_npn_protocol($self, /)\n" >+@@ -151,7 +151,7 @@ _ssl__SSLSocket_selected_npn_protocol(PySSLSocket *self, PyObject *Py_UNUSED(ign >+ return _ssl__SSLSocket_selected_npn_protocol_impl(self); >+ } >+ >+-#endif /* defined(OPENSSL_NPN_NEGOTIATED) */ >++#endif /* (defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)) */ >+ >+ #if defined(HAVE_ALPN) >+ >+@@ -1168,4 +1168,4 @@ _ssl_enum_crls(PyObject *module, PyObject **args, Py_ssize_t nargs, PyObject *kw >+ #ifndef _SSL_ENUM_CRLS_METHODDEF >+ #define _SSL_ENUM_CRLS_METHODDEF >+ #endif /* !defined(_SSL_ENUM_CRLS_METHODDEF) */ >+-/*[clinic end generated code: output=56cead8610faa505 input=a9049054013a1b77]*/ >++/*[clinic end generated code: output=a8b184655068c238 input=a9049054013a1b77]*/ > >Property changes on: lang/python35/files/patch-issue30622 >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property >Index: lang/python36/Makefile >=================================================================== >--- lang/python36/Makefile (revision 449587) >+++ lang/python36/Makefile (working copy) >@@ -22,8 +22,6 @@ > python_CMD= ${PREFIX}/bin/python${PYTHON_PORTVERSION:R} > SHEBANG_FILES= Lib/lib2to3/tests/data/*.py Lib/encodings/*.py > >-BROKEN_SSL= openssl-devel >- > CPE_VENDOR= python > CPE_PRODUCT= ${CPE_VENDOR} > >Index: lang/python36/files/patch-issue30622 >=================================================================== >--- lang/python36/files/patch-issue30622 (nonexistent) >+++ lang/python36/files/patch-issue30622 (working copy) >@@ -0,0 +1,154 @@ >+From 7316c6d4a57931e9786c06eae168b227d7463317 Mon Sep 17 00:00:00 2001 >+From: Christian Heimes <christian@python.org> >+Date: Tue, 5 Sep 2017 16:00:44 +0200 >+Subject: [PATCH] [3.6] bpo-30622: Change NPN detection: (GH-2079) (#3314) >+ >+* Change NPN detection: >+ >+Version breakdown, support disabled (pre-patch/post-patch): >+- pre-1.0.1: OPENSSL_NPN_NEGOTIATED will not be defined -> False/False >+- 1.0.1 and 1.0.2: OPENSSL_NPN_NEGOTIATED will not be defined -> >+False/False >+- 1.1.0+: OPENSSL_NPN_NEGOTIATED will be defined and >+OPENSSL_NO_NEXTPROTONEG will be defined -> True/False >+ >+Version breakdown support enabled (pre-patch/post-patch): >+- pre-1.0.1: OPENSSL_NPN_NEGOTIATED will not be defined -> False/False >+- 1.0.1 and 1.0.2: OPENSSL_NPN_NEGOTIATED will be defined and >+OPENSSL_NO_NEXTPROTONEG will not be defined -> True/True >+- 1.1.0+: OPENSSL_NPN_NEGOTIATED will be defined and >+OPENSSL_NO_NEXTPROTONEG will not be defined -> True/True >+ >+* Refine NPN guard: >+ >+- If NPN is disabled, but ALPN is available we need our callback >+- Make clinic's ssl behave the same way >+ >+This created a working ssl module for me, with NPN disabled and ALPN >+enabled for OpenSSL 1.1.0f. >+ >+Concerns to address: >+The initial commit for NPN support into OpenSSL [1], had the >+OPENSSL_NPN_* variables defined inside the OPENSSL_NO_NEXTPROTONEG >+guard. The question is if that ever made it into a release. >+This would need an ugly hack, something like: >+ >+ GH-if defined(OPENSSL_NO_NEXTPROTONEG) && \ >+ !defined(OPENSSL_NPN_NEGOTIATED) >+ GH- define OPENSSL_NPN_UNSUPPORTED 0 >+ GH- define OPENSSL_NPN_NEGOTIATED 1 >+ GH- define OPENSSL_NPN_NO_OVERLAP 2 >+ GH-endif >+ >+[1] https://github.com/openssl/openssl/commit/68b33cc5c7 >+(cherry picked from commit b2d096b) >+--- >+ Modules/_ssl.c | 16 +++++++++------- >+ Modules/clinic/_ssl.c.h | 6 +++--- >+ 2 files changed, 12 insertions(+), 10 deletions(-) >+ >+diff --git a/Modules/_ssl.c b/Modules/_ssl.c >+index ae38386ca02..6b6f2b1135c 100644 >+--- Modules/_ssl.c.orig >++++ Modules/_ssl.c >+@@ -279,7 +279,7 @@ static unsigned int _ssl_locks_count = 0; >+ typedef struct { >+ PyObject_HEAD >+ SSL_CTX *ctx; >+-#ifdef OPENSSL_NPN_NEGOTIATED >++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) >+ unsigned char *npn_protocols; >+ int npn_protocols_len; >+ #endif >+@@ -1693,7 +1693,7 @@ _ssl__SSLSocket_version_impl(PySSLSocket *self) >+ return PyUnicode_FromString(version); >+ } >+ >+-#ifdef OPENSSL_NPN_NEGOTIATED >++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) >+ /*[clinic input] >+ _ssl._SSLSocket.selected_npn_protocol >+ [clinic start generated code]*/ >+@@ -2645,7 +2645,7 @@ _ssl__SSLContext_impl(PyTypeObject *type, int proto_version) >+ return NULL; >+ } >+ self->ctx = ctx; >+-#ifdef OPENSSL_NPN_NEGOTIATED >++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) >+ self->npn_protocols = NULL; >+ #endif >+ #ifdef HAVE_ALPN >+@@ -2780,7 +2780,7 @@ context_dealloc(PySSLContext *self) >+ PyObject_GC_UnTrack(self); >+ context_clear(self); >+ SSL_CTX_free(self->ctx); >+-#ifdef OPENSSL_NPN_NEGOTIATED >++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) >+ PyMem_FREE(self->npn_protocols); >+ #endif >+ #ifdef HAVE_ALPN >+@@ -2858,7 +2858,7 @@ _ssl__SSLContext_get_ciphers_impl(PySSLContext *self) >+ #endif >+ >+ >+-#ifdef OPENSSL_NPN_NEGOTIATED >++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) || defined(HAVE_ALPN) >+ static int >+ do_protocol_selection(int alpn, unsigned char **out, unsigned char *outlen, >+ const unsigned char *server_protocols, unsigned int server_protocols_len, >+@@ -2882,7 +2882,9 @@ do_protocol_selection(int alpn, unsigned char **out, unsigned char *outlen, >+ >+ return SSL_TLSEXT_ERR_OK; >+ } >++#endif >+ >++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) >+ /* this callback gets passed to SSL_CTX_set_next_protos_advertise_cb */ >+ static int >+ _advertiseNPN_cb(SSL *s, >+@@ -2925,7 +2927,7 @@ _ssl__SSLContext__set_npn_protocols_impl(PySSLContext *self, >+ Py_buffer *protos) >+ /*[clinic end generated code: output=72b002c3324390c6 input=319fcb66abf95bd7]*/ >+ { >+-#ifdef OPENSSL_NPN_NEGOTIATED >++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) >+ PyMem_Free(self->npn_protocols); >+ self->npn_protocols = PyMem_Malloc(protos->len); >+ if (self->npn_protocols == NULL) >+@@ -5391,7 +5393,7 @@ PyInit__ssl(void) >+ Py_INCREF(r); >+ PyModule_AddObject(m, "HAS_ECDH", r); >+ >+-#ifdef OPENSSL_NPN_NEGOTIATED >++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) >+ r = Py_True; >+ #else >+ r = Py_False; >+diff --git a/Modules/clinic/_ssl.c.h b/Modules/clinic/_ssl.c.h >+index 75f8f5a60bb..6f748903f4e 100644 >+--- Modules/clinic/_ssl.c.h.orig >++++ Modules/clinic/_ssl.c.h >+@@ -132,7 +132,7 @@ _ssl__SSLSocket_version(PySSLSocket *self, PyObject *Py_UNUSED(ignored)) >+ return _ssl__SSLSocket_version_impl(self); >+ } >+ >+-#if defined(OPENSSL_NPN_NEGOTIATED) >++#if (defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)) >+ >+ PyDoc_STRVAR(_ssl__SSLSocket_selected_npn_protocol__doc__, >+ "selected_npn_protocol($self, /)\n" >+@@ -151,7 +151,7 @@ _ssl__SSLSocket_selected_npn_protocol(PySSLSocket *self, PyObject *Py_UNUSED(ign >+ return _ssl__SSLSocket_selected_npn_protocol_impl(self); >+ } >+ >+-#endif /* defined(OPENSSL_NPN_NEGOTIATED) */ >++#endif /* (defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)) */ >+ >+ #if defined(HAVE_ALPN) >+ >+@@ -1168,4 +1168,4 @@ _ssl_enum_crls(PyObject *module, PyObject **args, Py_ssize_t nargs, PyObject *kw >+ #ifndef _SSL_ENUM_CRLS_METHODDEF >+ #define _SSL_ENUM_CRLS_METHODDEF >+ #endif /* !defined(_SSL_ENUM_CRLS_METHODDEF) */ >+-/*[clinic end generated code: output=56cead8610faa505 input=a9049054013a1b77]*/ >++/*[clinic end generated code: output=a8b184655068c238 input=a9049054013a1b77]*/ > >Property changes on: lang/python36/files/patch-issue30622 >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=186660">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 222552
: 186660