[Python-checkins] bpo-34271: Fix compatibility with 1.0.2 (GH-13728)
Christian Heimes
webhook-mailer at python.org
Mon Jun 3 14:40:19 EDT 2019
https://github.com/python/cpython/commit/e35d1ba9eab07a59b98b700c5e18ceb13b2561a6
commit: e35d1ba9eab07a59b98b700c5e18ceb13b2561a6
branch: master
author: Christian Heimes <christian at python.org>
committer: GitHub <noreply at github.com>
date: 2019-06-03T20:40:15+02:00
summary:
bpo-34271: Fix compatibility with 1.0.2 (GH-13728)
Fix various compatibility issues with LibreSSL and OpenSSL 1.0.2
introduced by bpo-34271.
Signed-off-by: Christian Heimes <christian at python.org>
files:
M Lib/ssl.py
M Lib/test/test_ssl.py
M Modules/_ssl/debughelpers.c
M Tools/ssl/multissltests.py
diff --git a/Lib/ssl.py b/Lib/ssl.py
index 4afa46e5da5c..61bd775f759b 100644
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@ -658,12 +658,12 @@ def _msg_callback(self, callback):
def inner(conn, direction, version, content_type, msg_type, data):
try:
version = TLSVersion(version)
- except TypeError:
+ except ValueError:
pass
try:
content_type = _TLSContentType(content_type)
- except TypeError:
+ except ValueError:
pass
if content_type == _TLSContentType.HEADER:
@@ -674,7 +674,7 @@ def inner(conn, direction, version, content_type, msg_type, data):
msg_enum = _TLSMessageType
try:
msg_type = msg_enum(msg_type)
- except TypeError:
+ except ValueError:
pass
return callback(conn, direction, version,
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index a72d79132181..455a12ea7f2f 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -3703,7 +3703,7 @@ def test_min_max_version(self):
# client 1.0, server 1.2 (mismatch)
server_context.minimum_version = ssl.TLSVersion.TLSv1_2
server_context.maximum_version = ssl.TLSVersion.TLSv1_2
- client_context.minimum_version = ssl.TLSVersion.TLSv1
+ client_context.maximum_version = ssl.TLSVersion.TLSv1
client_context.maximum_version = ssl.TLSVersion.TLSv1
with ThreadedEchoServer(context=server_context) as server:
with client_context.wrap_socket(socket.socket(),
@@ -4529,50 +4529,16 @@ def msg_cb(conn, direction, version, content_type, msg_type, data):
server_hostname=hostname) as s:
s.connect((HOST, server.port))
- self.assertEqual(msg, [
- ("write", TLSVersion.TLSv1, _TLSContentType.HEADER,
- _TLSMessageType.CERTIFICATE_STATUS),
- ("write", TLSVersion.TLSv1_2, _TLSContentType.HANDSHAKE,
- _TLSMessageType.CLIENT_HELLO),
- ("read", TLSVersion.TLSv1_2, _TLSContentType.HEADER,
- _TLSMessageType.CERTIFICATE_STATUS),
- ("read", TLSVersion.TLSv1_2, _TLSContentType.HANDSHAKE,
- _TLSMessageType.SERVER_HELLO),
- ("read", TLSVersion.TLSv1_2, _TLSContentType.HEADER,
- _TLSMessageType.CERTIFICATE_STATUS),
- ("read", TLSVersion.TLSv1_2, _TLSContentType.HANDSHAKE,
- _TLSMessageType.CERTIFICATE),
- ("read", TLSVersion.TLSv1_2, _TLSContentType.HEADER,
- _TLSMessageType.CERTIFICATE_STATUS),
+ self.assertIn(
("read", TLSVersion.TLSv1_2, _TLSContentType.HANDSHAKE,
_TLSMessageType.SERVER_KEY_EXCHANGE),
- ("read", TLSVersion.TLSv1_2, _TLSContentType.HEADER,
- _TLSMessageType.CERTIFICATE_STATUS),
- ("read", TLSVersion.TLSv1_2, _TLSContentType.HANDSHAKE,
- _TLSMessageType.SERVER_DONE),
- ("write", TLSVersion.TLSv1_2, _TLSContentType.HEADER,
- _TLSMessageType.CERTIFICATE_STATUS),
- ("write", TLSVersion.TLSv1_2, _TLSContentType.HANDSHAKE,
- _TLSMessageType.CLIENT_KEY_EXCHANGE),
- ("write", TLSVersion.TLSv1_2, _TLSContentType.HEADER,
- _TLSMessageType.FINISHED),
+ msg
+ )
+ self.assertIn(
("write", TLSVersion.TLSv1_2, _TLSContentType.CHANGE_CIPHER_SPEC,
_TLSMessageType.CHANGE_CIPHER_SPEC),
- ("write", TLSVersion.TLSv1_2, _TLSContentType.HEADER,
- _TLSMessageType.CERTIFICATE_STATUS),
- ("write", TLSVersion.TLSv1_2, _TLSContentType.HANDSHAKE,
- _TLSMessageType.FINISHED),
- ("read", TLSVersion.TLSv1_2, _TLSContentType.HEADER,
- _TLSMessageType.CERTIFICATE_STATUS),
- ("read", TLSVersion.TLSv1_2, _TLSContentType.HANDSHAKE,
- _TLSMessageType.NEWSESSION_TICKET),
- ("read", TLSVersion.TLSv1_2, _TLSContentType.HEADER,
- _TLSMessageType.FINISHED),
- ("read", TLSVersion.TLSv1_2, _TLSContentType.HEADER,
- _TLSMessageType.CERTIFICATE_STATUS),
- ("read", TLSVersion.TLSv1_2, _TLSContentType.HANDSHAKE,
- _TLSMessageType.FINISHED),
- ])
+ msg
+ )
def test_main(verbose=False):
diff --git a/Modules/_ssl/debughelpers.c b/Modules/_ssl/debughelpers.c
index 53b966749328..858b3d7955c9 100644
--- a/Modules/_ssl/debughelpers.c
+++ b/Modules/_ssl/debughelpers.c
@@ -1,5 +1,12 @@
/* Debug helpers */
+#ifndef SSL3_MT_CHANGE_CIPHER_SPEC
+/* Dummy message type for handling CCS like a normal handshake message
+ * not defined in OpenSSL 1.0.2
+ */
+#define SSL3_MT_CHANGE_CIPHER_SPEC 0x0101
+#endif
+
static void
_PySSL_msg_callback(int write_p, int version, int content_type,
const void *buf, size_t len, SSL *ssl, void *arg)
@@ -41,11 +48,13 @@ _PySSL_msg_callback(int write_p, int version, int content_type,
case SSL3_RT_HANDSHAKE:
msg_type = (int)cbuf[0];
break;
+#ifdef SSL3_RT_HEADER
case SSL3_RT_HEADER:
/* frame header encodes version in bytes 1..2 */
version = cbuf[1] << 8 | cbuf[2];
msg_type = (int)cbuf[0];
break;
+#endif
#ifdef SSL3_RT_INNER_CONTENT_TYPE
case SSL3_RT_INNER_CONTENT_TYPE:
msg_type = (int)cbuf[0];
@@ -210,4 +219,4 @@ _PySSLContext_set_keylog_filename(PySSLContext *self, PyObject *arg, void *c) {
return 0;
}
-#endif
\ No newline at end of file
+#endif
diff --git a/Tools/ssl/multissltests.py b/Tools/ssl/multissltests.py
index 07bd9b016d97..7fda4df55a67 100755
--- a/Tools/ssl/multissltests.py
+++ b/Tools/ssl/multissltests.py
@@ -51,10 +51,11 @@
]
LIBRESSL_OLD_VERSIONS = [
+ "2.9.2",
]
LIBRESSL_RECENT_VERSIONS = [
- "2.7.4",
+ "2.8.3",
]
# store files in ../multissl
More information about the Python-checkins
mailing list