134 lines
5.6 KiB
Diff
134 lines
5.6 KiB
Diff
---
|
|
Lib/test/test_ssl.py | 48 +++++++++++++++++++++++++++---------------------
|
|
setup.py | 33 ---------------------------------
|
|
2 files changed, 27 insertions(+), 54 deletions(-)
|
|
|
|
--- a/Lib/test/test_ssl.py
|
|
+++ b/Lib/test/test_ssl.py
|
|
@@ -96,6 +96,12 @@ OP_SINGLE_ECDH_USE = getattr(ssl, "OP_SI
|
|
OP_CIPHER_SERVER_PREFERENCE = getattr(ssl, "OP_CIPHER_SERVER_PREFERENCE", 0)
|
|
OP_ENABLE_MIDDLEBOX_COMPAT = getattr(ssl, "OP_ENABLE_MIDDLEBOX_COMPAT", 0)
|
|
|
|
+def clean_OpenSSL30_san(in_tup):
|
|
+ if ssl._OPENSSL_API_VERSION >= (3, 0, 0):
|
|
+ return tuple([(x,y.strip() if type(y) == str else y)
|
|
+ for x, y in in_tup])
|
|
+ else:
|
|
+ return in_tup
|
|
|
|
def handle_error(prefix):
|
|
exc_format = ' '.join(traceback.format_exception(*sys.exc_info()))
|
|
@@ -378,29 +384,29 @@ class BasicSocketTests(unittest.TestCase
|
|
('URI', 'http://null.python.org\x00http://example.org'),
|
|
('IP Address', '192.0.2.1'),
|
|
('IP Address', '<invalid>'))
|
|
+ san = clean_OpenSSL30_san(san)
|
|
|
|
self.assertEqual(p['subjectAltName'], san)
|
|
|
|
def test_parse_all_sans(self):
|
|
p = ssl._ssl._test_decode_cert(ALLSANFILE)
|
|
- self.assertEqual(p['subjectAltName'],
|
|
- (
|
|
- ('DNS', 'allsans'),
|
|
- ('othername', '<unsupported>'),
|
|
- ('othername', '<unsupported>'),
|
|
- ('email', 'user@example.org'),
|
|
- ('DNS', 'www.example.org'),
|
|
- ('DirName',
|
|
- ((('countryName', 'XY'),),
|
|
- (('localityName', 'Castle Anthrax'),),
|
|
- (('organizationName', 'Python Software Foundation'),),
|
|
- (('commonName', 'dirname example'),))),
|
|
- ('URI', 'https://www.python.org/'),
|
|
- ('IP Address', '127.0.0.1'),
|
|
- ('IP Address', '0:0:0:0:0:0:0:1\n'),
|
|
- ('Registered ID', '1.2.3.4.5')
|
|
- )
|
|
- )
|
|
+ expected = clean_OpenSSL30_san((
|
|
+ ('DNS', 'allsans'),
|
|
+ ('othername', '<unsupported>'),
|
|
+ ('othername', '<unsupported>'),
|
|
+ ('email', 'user@example.org'),
|
|
+ ('DNS', 'www.example.org'),
|
|
+ ('DirName',
|
|
+ ((('countryName', 'XY'),),
|
|
+ (('localityName', 'Castle Anthrax'),),
|
|
+ (('organizationName', 'Python Software Foundation'),),
|
|
+ (('commonName', 'dirname example'),))),
|
|
+ ('URI', 'https://www.python.org/'),
|
|
+ ('IP Address', '127.0.0.1'),
|
|
+ ('IP Address', '0:0:0:0:0:0:0:1\n'),
|
|
+ ('Registered ID', '1.2.3.4.5')
|
|
+ ))
|
|
+ self.assertEqual(p['subjectAltName'], expected)
|
|
|
|
def test_DER_to_PEM(self):
|
|
with open(CAFILE_CACERT, 'r') as f:
|
|
@@ -424,11 +430,11 @@ class BasicSocketTests(unittest.TestCase
|
|
# Some sanity checks follow
|
|
# >= 0.9
|
|
self.assertGreaterEqual(n, 0x900000)
|
|
- # < 3.0
|
|
- self.assertLess(n, 0x30000000)
|
|
+ # < 3.3
|
|
+ self.assertLess(n, 0x33000000)
|
|
major, minor, fix, patch, status = t
|
|
self.assertGreaterEqual(major, 0)
|
|
- self.assertLess(major, 3)
|
|
+ self.assertLess(major, 4)
|
|
self.assertGreaterEqual(minor, 0)
|
|
self.assertLess(minor, 256)
|
|
self.assertGreaterEqual(fix, 0)
|
|
--- a/setup.py
|
|
+++ b/setup.py
|
|
@@ -873,47 +873,14 @@ class PyBuildExt(build_ext):
|
|
else:
|
|
missing.append('_ssl')
|
|
|
|
- # find out which version of OpenSSL we have
|
|
- openssl_ver = 0
|
|
- openssl_ver_re = re.compile(
|
|
- r'^\s*#\s*define\s+OPENSSL_VERSION_NUMBER\s+(0x[0-9a-fA-F]+)' )
|
|
-
|
|
- # look for the openssl version header on the compiler search path.
|
|
- opensslv_h = find_file('openssl/opensslv.h', [],
|
|
- inc_dirs + search_for_ssl_incs_in)
|
|
- if opensslv_h:
|
|
- name = os.path.join(opensslv_h[0], 'openssl/opensslv.h')
|
|
- if host_platform == 'darwin' and is_macosx_sdk_path(name):
|
|
- name = os.path.join(macosx_sdk_root(), name[1:])
|
|
- try:
|
|
- with open(name, 'r') as incfile:
|
|
- for line in incfile:
|
|
- m = openssl_ver_re.match(line)
|
|
- if m:
|
|
- openssl_ver = int(m.group(1), 16)
|
|
- break
|
|
- except IOError as msg:
|
|
- print("IOError while reading opensshv.h:", msg)
|
|
-
|
|
- #print('openssl_ver = 0x%08x' % openssl_ver)
|
|
- min_openssl_ver = 0x00907000
|
|
have_any_openssl = ssl_incs is not None and ssl_libs is not None
|
|
- have_usable_openssl = (have_any_openssl and
|
|
- openssl_ver >= min_openssl_ver)
|
|
|
|
if have_any_openssl:
|
|
- if have_usable_openssl:
|
|
- # The _hashlib module wraps optimized implementations
|
|
- # of hash functions from the OpenSSL library.
|
|
exts.append( Extension('_hashlib', ['_hashopenssl.c'],
|
|
depends = ['hashlib.h'],
|
|
include_dirs = ssl_incs,
|
|
library_dirs = ssl_libs,
|
|
libraries = ['ssl', 'crypto']) )
|
|
- else:
|
|
- print("warning: openssl 0x%08x is too old for _hashlib" %
|
|
- openssl_ver)
|
|
- missing.append('_hashlib')
|
|
|
|
# We always compile these even when OpenSSL is available (issue #14693).
|
|
# It's harmless and the object code is tiny (40-50 KB per module,
|