Date: Sat, 28 Apr 2018 19:30:01 +0000 (UTC) From: Bernard Spil <brnrd@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r468569 - head/lang/python36/files Message-ID: <201804281930.w3SJU1qN027050@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: brnrd Date: Sat Apr 28 19:30:00 2018 New Revision: 468569 URL: https://svnweb.freebsd.org/changeset/ports/468569 Log: lang/python36: Fix build with LibreSSL 2.7 PR: 226883 Submitted by: Charlie Li <ml+freebsd vishwin info> Approved by: python (koobs) Differential Revision: https://reviews.freebsd.org/D14837 Added: head/lang/python36/files/patch-issue33127 (contents, props changed) Added: head/lang/python36/files/patch-issue33127 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/lang/python36/files/patch-issue33127 Sat Apr 28 19:30:00 2018 (r468569) @@ -0,0 +1,112 @@ +From f5befbb0d1526f18eb2b24eabb48c3b761c624a2 Mon Sep 17 00:00:00 2001 +From: Christian Heimes <christian@python.org> +Date: Sat, 24 Mar 2018 18:38:14 +0100 +Subject: [PATCH] [3.6] bpo-33127: Compatibility patch for LibreSSL 2.7.0 + (GH-6210) (GH-6214) + +LibreSSL 2.7 introduced OpenSSL 1.1.0 API. The ssl module now detects +LibreSSL 2.7 and only provides API shims for OpenSSL < 1.1.0 and +LibreSSL < 2.7. + +Documentation updates and fixes for failing tests will be provided in +another patch set. + +Signed-off-by: Christian Heimes <christian@python.org>. +(cherry picked from commit 4ca0739c9d97ac7cd45499e0d31be68dc659d0e1) + +Co-authored-by: Christian Heimes <christian@python.org> +--- + Lib/test/test_ssl.py | 1 + + .../2018-03-24-15-08-24.bpo-33127.olJmHv.rst | 1 + + Modules/_ssl.c | 24 ++++++++++++++-------- + Tools/ssl/multissltests.py | 3 ++- + 4 files changed, 20 insertions(+), 9 deletions(-) + create mode 100644 Misc/NEWS.d/next/Library/2018-03-24-15-08-24.bpo-33127.olJmHv.rst + +diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py +index 8dd3b4145078..9785a59a7e49 100644 +--- Lib/test/test_ssl.py.orig ++++ Lib/test/test_ssl.py +@@ -1687,6 +1687,7 @@ def test_get_ca_certs_capath(self): + self.assertEqual(len(ctx.get_ca_certs()), 1) + + @needs_sni ++ @unittest.skipUnless(hasattr(ssl, "PROTOCOL_TLSv1_2"), "needs TLS 1.2") + def test_context_setget(self): + # Check that the context of a connected socket can be replaced. + ctx1 = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2) +diff --git a/Misc/NEWS.d/next/Library/2018-03-24-15-08-24.bpo-33127.olJmHv.rst b/Misc/NEWS.d/next/Library/2018-03-24-15-08-24.bpo-33127.olJmHv.rst +new file mode 100644 +index 000000000000..635aabbde031 +--- /dev/null ++++ Misc/NEWS.d/next/Library/2018-03-24-15-08-24.bpo-33127.olJmHv.rst +@@ -0,0 +1 @@ ++The ssl module now compiles with LibreSSL 2.7.1. +diff --git a/Modules/_ssl.c b/Modules/_ssl.c +index c54e43c2b48a..5e007da858bd 100644 +--- Modules/_ssl.c.orig ++++ Modules/_ssl.c +@@ -106,6 +106,12 @@ struct py_ssl_library_code { + + #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER) + # define OPENSSL_VERSION_1_1 1 ++# define PY_OPENSSL_1_1_API 1 ++#endif ++ ++/* LibreSSL 2.7.0 provides necessary OpenSSL 1.1.0 APIs */ ++#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x2070000fL ++# define PY_OPENSSL_1_1_API 1 + #endif + + /* Openssl comes with TLSv1.1 and TLSv1.2 between 1.0.0h and 1.0.1 +@@ -152,16 +158,18 @@ struct py_ssl_library_code { + #define INVALID_SOCKET (-1) + #endif + +-#ifdef OPENSSL_VERSION_1_1 +-/* OpenSSL 1.1.0+ */ +-#ifndef OPENSSL_NO_SSL2 +-#define OPENSSL_NO_SSL2 +-#endif +-#else /* OpenSSL < 1.1.0 */ +-#if defined(WITH_THREAD) ++/* OpenSSL 1.0.2 and LibreSSL needs extra code for locking */ ++#if !defined(OPENSSL_VERSION_1_1) && defined(WITH_THREAD) + #define HAVE_OPENSSL_CRYPTO_LOCK + #endif + ++#if defined(OPENSSL_VERSION_1_1) && !defined(OPENSSL_NO_SSL2) ++#define OPENSSL_NO_SSL2 ++#endif ++ ++#ifndef PY_OPENSSL_1_1_API ++/* OpenSSL 1.1 API shims for OpenSSL < 1.1.0 and LibreSSL < 2.7.0 */ ++ + #define TLS_method SSLv23_method + #define TLS_client_method SSLv23_client_method + #define TLS_server_method SSLv23_server_method +@@ -227,7 +235,7 @@ SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s) + return s->tlsext_tick_lifetime_hint; + } + +-#endif /* OpenSSL < 1.1.0 or LibreSSL */ ++#endif /* OpenSSL < 1.1.0 or LibreSSL < 2.7.0 */ + + + enum py_ssl_error { +diff --git a/Tools/ssl/multissltests.py b/Tools/ssl/multissltests.py +index ce5bbd85308c..ba4529ae0611 100755 +--- Tools/ssl/multissltests.py.orig ++++ Tools/ssl/multissltests.py +@@ -57,8 +57,9 @@ + ] + + LIBRESSL_RECENT_VERSIONS = [ +- "2.5.3", + "2.5.5", ++ "2.6.4", ++ "2.7.1", + ] + + # store files in ../multissl +
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201804281930.w3SJU1qN027050>