Date: Thu, 22 Feb 2018 12:19:56 +0000 (UTC) From: Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r462586 - in branches/2018Q1/lang/python35: . files Message-ID: <201802221219.w1MCJuPJ064926@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: sunpoet Date: Thu Feb 22 12:19:56 2018 New Revision: 462586 URL: https://svnweb.freebsd.org/changeset/ports/462586 Log: MFH: r461917 Fix build with OpenSSL 1.1.0 (security/openssl-devel) - Remove BROKEN_SSL=openssl-devel Reference: https://bugs.python.org/issue30622 https://github.com/python/cpython/commit/b2d096bd2a5ff86e53c25d00ee5fa097b36bf1d8 https://github.com/python/cpython/commit/af64aff9f7de2ee60c20bfb331e8a00ea0521c1e PR: 225870 Submitted by: brnrd Approved by: ports-secteam (blanket) Added: branches/2018Q1/lang/python35/files/patch-issue30622 - copied unchanged from r461917, head/lang/python35/files/patch-issue30622 Modified: branches/2018Q1/lang/python35/Makefile Directory Properties: branches/2018Q1/ (props changed) Modified: branches/2018Q1/lang/python35/Makefile ============================================================================== --- branches/2018Q1/lang/python35/Makefile Thu Feb 22 12:19:27 2018 (r462585) +++ branches/2018Q1/lang/python35/Makefile Thu Feb 22 12:19:56 2018 (r462586) @@ -14,8 +14,6 @@ COMMENT= Interpreted object-oriented programming langu LICENSE= PSFL -BROKEN_SSL= openssl-devel - USES= cpe ncurses pathfix pkgconfig readline:port shebangfix ssl tar:xz PATHFIX_MAKEFILEIN= Makefile.pre.in USE_LDCONFIG= yes Copied: branches/2018Q1/lang/python35/files/patch-issue30622 (from r461917, head/lang/python35/files/patch-issue30622) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2018Q1/lang/python35/files/patch-issue30622 Thu Feb 22 12:19:56 2018 (r462586, copy of r461917, head/lang/python35/files/patch-issue30622) @@ -0,0 +1,145 @@ +From b2d096bd2a5ff86e53c25d00ee5fa097b36bf1d8 Mon Sep 17 00:00:00 2001 +From: Melvyn Sopacua <melvyn-sopacua@users.noreply.github.com> +Date: Mon, 4 Sep 2017 23:35:15 +0200 +Subject: [PATCH] bpo-30622: Change NPN detection: (#2079) + +* Change NPN detection: + +Version breakdown, support disabled (pre-patch/post-patch): +- pre-1.0.1: OPENSSL_NPN_NEGOTIATED will not be defined -> False/False +- 1.0.1 and 1.0.2: OPENSSL_NPN_NEGOTIATED will not be defined -> +False/False +- 1.1.0+: OPENSSL_NPN_NEGOTIATED will be defined and +OPENSSL_NO_NEXTPROTONEG will be defined -> True/False + +Version breakdown support enabled (pre-patch/post-patch): +- pre-1.0.1: OPENSSL_NPN_NEGOTIATED will not be defined -> False/False +- 1.0.1 and 1.0.2: OPENSSL_NPN_NEGOTIATED will be defined and +OPENSSL_NO_NEXTPROTONEG will not be defined -> True/True +- 1.1.0+: OPENSSL_NPN_NEGOTIATED will be defined and +OPENSSL_NO_NEXTPROTONEG will not be defined -> True/True + +* Refine NPN guard: + +- If NPN is disabled, but ALPN is available we need our callback +- Make clinic's ssl behave the same way + +This created a working ssl module for me, with NPN disabled and ALPN +enabled for OpenSSL 1.1.0f. + +Concerns to address: +The initial commit for NPN support into OpenSSL [1], had the +OPENSSL_NPN_* variables defined inside the OPENSSL_NO_NEXTPROTONEG +guard. The question is if that ever made it into a release. +This would need an ugly hack, something like: + + #if defined(OPENSSL_NO_NEXTPROTONEG) && \ + !defined(OPENSSL_NPN_NEGOTIATED) + # define OPENSSL_NPN_UNSUPPORTED 0 + # define OPENSSL_NPN_NEGOTIATED 1 + # define OPENSSL_NPN_NO_OVERLAP 2 + #endif + +[1] https://github.com/openssl/openssl/commit/68b33cc5c7 + +--- Modules/_ssl.c.orig 2018-02-04 23:40:56 UTC ++++ Modules/_ssl.c +@@ -260,7 +260,7 @@ static unsigned int _ssl_locks_count = 0 + typedef struct { + PyObject_HEAD + SSL_CTX *ctx; +-#ifdef OPENSSL_NPN_NEGOTIATED ++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) + unsigned char *npn_protocols; + int npn_protocols_len; + #endif +@@ -1605,7 +1605,7 @@ _ssl__SSLSocket_version_impl(PySSLSocket + return PyUnicode_FromString(version); + } + +-#ifdef OPENSSL_NPN_NEGOTIATED ++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) + /*[clinic input] + _ssl._SSLSocket.selected_npn_protocol + [clinic start generated code]*/ +@@ -2375,7 +2375,7 @@ _ssl__SSLContext_impl(PyTypeObject *type + return NULL; + } + self->ctx = ctx; +-#ifdef OPENSSL_NPN_NEGOTIATED ++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) + self->npn_protocols = NULL; + #endif + #ifdef HAVE_ALPN +@@ -2469,7 +2469,7 @@ context_dealloc(PySSLContext *self) + PyObject_GC_UnTrack(self); + context_clear(self); + SSL_CTX_free(self->ctx); +-#ifdef OPENSSL_NPN_NEGOTIATED ++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) + PyMem_FREE(self->npn_protocols); + #endif + #ifdef HAVE_ALPN +@@ -2501,7 +2501,7 @@ _ssl__SSLContext_set_ciphers_impl(PySSLC + Py_RETURN_NONE; + } + +-#ifdef OPENSSL_NPN_NEGOTIATED ++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) || defined(HAVE_ALPN) + static int + do_protocol_selection(int alpn, unsigned char **out, unsigned char *outlen, + const unsigned char *server_protocols, unsigned int server_protocols_len, +@@ -2525,7 +2525,9 @@ do_protocol_selection(int alpn, unsigned + + return SSL_TLSEXT_ERR_OK; + } ++#endif + ++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) + /* this callback gets passed to SSL_CTX_set_next_protos_advertise_cb */ + static int + _advertiseNPN_cb(SSL *s, +@@ -2568,7 +2570,7 @@ _ssl__SSLContext__set_npn_protocols_impl + Py_buffer *protos) + /*[clinic end generated code: output=72b002c3324390c6 input=319fcb66abf95bd7]*/ + { +-#ifdef OPENSSL_NPN_NEGOTIATED ++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) + PyMem_Free(self->npn_protocols); + self->npn_protocols = PyMem_Malloc(protos->len); + if (self->npn_protocols == NULL) +@@ -4843,7 +4845,7 @@ PyInit__ssl(void) + Py_INCREF(r); + PyModule_AddObject(m, "HAS_ECDH", r); + +-#ifdef OPENSSL_NPN_NEGOTIATED ++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) + r = Py_True; + #else + r = Py_False; +--- Modules/clinic/_ssl.c.h.orig 2018-02-04 23:40:56 UTC ++++ Modules/clinic/_ssl.c.h +@@ -130,7 +130,7 @@ _ssl__SSLSocket_version(PySSLSocket *sel + return _ssl__SSLSocket_version_impl(self); + } + +-#if defined(OPENSSL_NPN_NEGOTIATED) ++#if (defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)) + + PyDoc_STRVAR(_ssl__SSLSocket_selected_npn_protocol__doc__, + "selected_npn_protocol($self, /)\n" +@@ -149,7 +149,7 @@ _ssl__SSLSocket_selected_npn_protocol(Py + return _ssl__SSLSocket_selected_npn_protocol_impl(self); + } + +-#endif /* defined(OPENSSL_NPN_NEGOTIATED) */ ++#endif /* (defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)) */ + + #if defined(HAVE_ALPN) + +@@ -1102,4 +1102,4 @@ exit: + #ifndef _SSL_ENUM_CRLS_METHODDEF + #define _SSL_ENUM_CRLS_METHODDEF + #endif /* !defined(_SSL_ENUM_CRLS_METHODDEF) */ +-/*[clinic end generated code: output=6fb10594d8351dc5 input=a9049054013a1b77]*/ ++/*[clinic end generated code: output=8f9d480117387554 input=a9049054013a1b77]*/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201802221219.w1MCJuPJ064926>