Skip to content

gh-89532: Remove LibreSSL workarounds #28728

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
gpshead merged 15 commits into from
Jan 6, 2024
Merged

gh-89532: Remove LibreSSL workarounds #28728

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
a6c710e
Delete _ssl_data.h (relevant for OpenSSL < 1.1.1)
ramikg Sep 30, 2021
70ecc30
Remove LibreSSL comment from SSL docs
ramikg Sep 30, 2021
156303b
Remove LIBRESSL_VERSION_NUMBER macro from _ssl.c
ramikg Sep 30, 2021
2cbea53
Remove ssl.RAND_egd
ramikg Sep 30, 2021
351eaea
📜🤖 Added by blurb_it.
blurb-it[bot] Oct 5, 2021
c2a66a8
Reword LibreSSL news entry
ramikg Oct 7, 2021
4f0ab9b
Merge branch 'main' into remove-libressl-support
ramikg Jul 30, 2022
617233f
Fix news entry
ramikg Jul 30, 2022
ed18bd9
Remove _ssl_data.h dependency
ramikg Jul 30, 2022
b23933e
Merge branch 'main' into remove-libressl-support
ramikg Aug 13, 2022
ab6d679
Merge branch 'main' into remove-libressl-support
ramikg Dec 29, 2022
761ebed
Merge branch 'main' into remove-libressl-support
ramikg Dec 30, 2022
8842a39
Merge branch 'main' into remove-libressl-support
ramikg Jan 5, 2024
b0a2fa4
Restore `RAND_egd` references
ramikg Jan 6, 2024
deabec9
switch the other _ssl_data.h reference to _ssl_data_31.h
gpshead Jan 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 2 additions & 6 deletions Doc/library/ssl.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -335,9 +335,8 @@ Random generation
.. function:: RAND_status()

Return ``True`` if the SSL pseudo-random number generator has been seeded
with 'enough' randomness, and ``False`` otherwise. You can use
:func:`ssl.RAND_egd` and :func:`ssl.RAND_add` to increase the randomness of
the pseudo-random number generator.
with 'enough' randomness, and ``False`` otherwise. You can use :func:`ssl.RAND_add`
to increase the randomness of the pseudo-random number generator.

.. function:: RAND_add(bytes, entropy)

Expand Down Expand Up @@ -474,9 +473,6 @@ Certificate handling
* :attr:`openssl_capath_env` - OpenSSL's environment key that points to a capath,
* :attr:`openssl_capath` - hard coded path to a capath directory

.. availability:: LibreSSL ignores the environment vars
:attr:`openssl_cafile_env` and :attr:`openssl_capath_env`.

.. versionadded:: 3.4

.. function:: enum_certificates(store_name)
Expand Down
7 changes: 0 additions & 7 deletions Lib/ssl.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -106,13 +106,6 @@
)
from _ssl import txt2obj as _txt2obj, nid2obj as _nid2obj
from _ssl import RAND_status, RAND_add, RAND_bytes, RAND_pseudo_bytes
try:
from _ssl import RAND_egd
except ImportError:
# LibreSSL does not provide RAND_egd
pass


from _ssl import (
HAS_SNI, HAS_ECDH, HAS_NPN, HAS_ALPN, HAS_SSLv2, HAS_SSLv3, HAS_TLSv1,
HAS_TLSv1_1, HAS_TLSv1_2, HAS_TLSv1_3
Expand Down
1 change: 1 addition & 0 deletions Misc/NEWS.d/next/Core and Builtins/2021-10-05-05-00-16.bpo-45369.tluk_X.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Remove LibreSSL workarounds as per :pep`644`.
6 changes: 3 additions & 3 deletions Modules/_ssl.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -116,10 +116,10 @@ static void _PySSLFixErrno(void) {
/* Include generated data (error codes) */
#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
#include "_ssl_data_300.h"
#elif (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(LIBRESSL_VERSION_NUMBER)
#elif (OPENSSL_VERSION_NUMBER >= 0x10101000L)
#include "_ssl_data_111.h"
#else
#include "_ssl_data.h"
#error Unsupported OpenSSL version
#endif

/* OpenSSL API 1.1.0+ does not include version methods */
Expand Down Expand Up @@ -831,7 +831,7 @@ newPySSLSocket(PySSLContext *sslctx, PySocketSockObject *sock,
return NULL;
}
/* bpo43522 and OpenSSL < 1.1.1l: copy hostflags manually */
#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION < 0x101010cf
#if OPENSSL_VERSION < 0x101010cf
X509_VERIFY_PARAM *ssl_params = SSL_get0_param(self->ssl);
X509_VERIFY_PARAM_set_hostflags(ssl_params, sslctx->hostflags);
#endif
Expand Down
Loading