Skip to content

Fix (most) problems with LibreSSL #1673

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 4 commits into from
Closed

Fix (most) problems with LibreSSL #1673

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
87c6829
Define COMP_METHOD when building against LibreSSL
Feb 18, 2015
1473f57
Disable features exclusive to newer OpenSSL when using LibreSSL
Feb 18, 2015
f43ab9c
Allow the OpenSSL version string to begin with LibreSSL
Feb 18, 2015
bfd402f
Update changelog for LibreSSL fixes
Feb 18, 2015
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,7 @@ Changelog
:mod:`~cryptography.hazmat.primitives.asymmetric.rsa`.
* Added support for parsing X.509 names. See the
:doc:`X.509 documentation</x509>` for more information.
* Fixed building against LibreSSL, a compile-time substitute for OpenSSL.

0.7.2 - 2015-01-16
~~~~~~~~~~~~~~~~~~
Expand Down
8 changes: 8 additions & 0 deletions src/cryptography/hazmat/bindings/openssl/ssl.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,14 @@
INCLUDES = """
#include <openssl/ssl.h>

/* LibreSSL has removed support for compression, and with it the
* COMP_METHOD use in ssl.h. This is a hack to make the function types
* in this code match those in ssl.h.
*/
#ifdef LIBRESSL_VERSION_NUMBER
#define COMP_METHOD void
#endif

typedef STACK_OF(SSL_CIPHER) Cryptography_STACK_OF_SSL_CIPHER;
"""

Expand Down
4 changes: 2 additions & 2 deletions src/cryptography/hazmat/bindings/openssl/x509_vfy.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -191,7 +191,7 @@

CUSTOMIZATIONS = """
/* OpenSSL 1.0.2+ verification error codes */
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
static const long Cryptography_HAS_102_VERIFICATION_ERROR_CODES = 1;
#else
static const long Cryptography_HAS_102_VERIFICATION_ERROR_CODES = 0;
Expand All @@ -207,7 +207,7 @@
#endif

/* OpenSSL 1.0.2+ verification parameters */
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 1;
#else
static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 0;
Expand Down
9 changes: 6 additions & 3 deletions tests/hazmat/backends/test_openssl.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,10 +71,13 @@ def test_openssl_version_text(self):

Unfortunately, this define does not appear to have a
formal content definition, so for now we'll test to see
if it starts with OpenSSL as that appears to be true
for every OpenSSL.
if it starts with OpenSSL or LibreSSL as that appears
to be true for every OpenSSL-alike.
"""
assert backend.openssl_version_text().startswith("OpenSSL")
assert (
backend.openssl_version_text().startswith("OpenSSL") or
backend.openssl_version_text().startswith("LibreSSL")
)

def test_supports_cipher(self):
assert backend.cipher_supported(None, None) is False
Expand Down