Skip to content

Commit df1732a

Browse files
tirantiran
authored
[2.7] bpo-30622: Fix NPN for OpenSSL 1.1.1-pre1 (GH-5876) (#5882)
Signed-off-by: Christian Heimes <christian@python.org>. (cherry picked from commit 29eab55) Co-authored-by: Christian Heimes <christian@python.org>
1 parent 439956a commit df1732a

File tree

1 file changed

+26
-21
lines changed

1 file changed

+26
-21
lines changed

Modules/_ssl.c

Lines changed: 26 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -123,22 +123,27 @@ struct py_ssl_library_code {
123123
#endif
124124

125125
/* ALPN added in OpenSSL 1.0.2 */
126-
#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(OPENSSL_NO_TLSEXT)
127-
# define HAVE_ALPN
126+
#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
127+
# define HAVE_ALPN 1
128+
#else
129+
# define HAVE_ALPN 0
128130
#endif
129131

130132
/* We cannot rely on OPENSSL_NO_NEXTPROTONEG because LibreSSL 2.6.1 dropped
131133
* NPN support but did not set OPENSSL_NO_NEXTPROTONEG for compatibility
132134
* reasons. The check for TLSEXT_TYPE_next_proto_neg works with
133135
* OpenSSL 1.0.1+ and LibreSSL.
136+
* OpenSSL 1.1.1-pre1 dropped NPN but still has TLSEXT_TYPE_next_proto_neg.
134137
*/
135138
#ifdef OPENSSL_NO_NEXTPROTONEG
136-
# define HAVE_NPN 0
139+
# define HAVE_NPN 0
140+
#elif (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(LIBRESSL_VERSION_NUMBER)
141+
# define HAVE_NPN 0
137142
#elif defined(TLSEXT_TYPE_next_proto_neg)
138-
# define HAVE_NPN 1
143+
# define HAVE_NPN 1
139144
#else
140-
# define HAVE_NPN 0
141-
# endif
145+
# define HAVE_NPN 0
146+
#endif
142147

143148
#ifndef INVALID_SOCKET /* MS defines this */
144149
#define INVALID_SOCKET (-1)
@@ -298,11 +303,11 @@ static unsigned int _ssl_locks_count = 0;
298303
typedef struct {
299304
PyObject_HEAD
300305
SSL_CTX *ctx;
301-
#ifdef HAVE_NPN
306+
#if HAVE_NPN
302307
unsigned char *npn_protocols;
303308
int npn_protocols_len;
304309
#endif
305-
#ifdef HAVE_ALPN
310+
#if HAVE_ALPN
306311
unsigned char *alpn_protocols;
307312
int alpn_protocols_len;
308313
#endif
@@ -1586,7 +1591,7 @@ static PyObject *PySSL_selected_npn_protocol(PySSLSocket *self) {
15861591
}
15871592
#endif
15881593

1589-
#ifdef HAVE_ALPN
1594+
#if HAVE_ALPN
15901595
static PyObject *PySSL_selected_alpn_protocol(PySSLSocket *self) {
15911596
const unsigned char *out;
15921597
unsigned int outlen;
@@ -2103,7 +2108,7 @@ static PyMethodDef PySSLMethods[] = {
21032108
#ifdef OPENSSL_NPN_NEGOTIATED
21042109
{"selected_npn_protocol", (PyCFunction)PySSL_selected_npn_protocol, METH_NOARGS},
21052110
#endif
2106-
#ifdef HAVE_ALPN
2111+
#if HAVE_ALPN
21072112
{"selected_alpn_protocol", (PyCFunction)PySSL_selected_alpn_protocol, METH_NOARGS},
21082113
#endif
21092114
{"compression", (PyCFunction)PySSL_compression, METH_NOARGS},
@@ -2209,10 +2214,10 @@ context_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
22092214
return NULL;
22102215
}
22112216
self->ctx = ctx;
2212-
#ifdef HAVE_NPN
2217+
#if HAVE_NPN
22132218
self->npn_protocols = NULL;
22142219
#endif
2215-
#ifdef HAVE_ALPN
2220+
#if HAVE_ALPN
22162221
self->alpn_protocols = NULL;
22172222
#endif
22182223
#ifndef OPENSSL_NO_TLSEXT
@@ -2287,10 +2292,10 @@ context_dealloc(PySSLContext *self)
22872292
PyObject_GC_UnTrack(self);
22882293
context_clear(self);
22892294
SSL_CTX_free(self->ctx);
2290-
#ifdef HAVE_NPN
2295+
#if HAVE_NPN
22912296
PyMem_FREE(self->npn_protocols);
22922297
#endif
2293-
#ifdef HAVE_ALPN
2298+
#if HAVE_ALPN
22942299
PyMem_FREE(self->alpn_protocols);
22952300
#endif
22962301
Py_TYPE(self)->tp_free(self);
@@ -2317,7 +2322,7 @@ set_ciphers(PySSLContext *self, PyObject *args)
23172322
Py_RETURN_NONE;
23182323
}
23192324

2320-
#if defined(HAVE_NPN) || defined(HAVE_ALPN)
2325+
#if HAVE_NPN || HAVE_ALPN
23212326
static int
23222327
do_protocol_selection(int alpn, unsigned char **out, unsigned char *outlen,
23232328
const unsigned char *server_protocols, unsigned int server_protocols_len,
@@ -2343,7 +2348,7 @@ do_protocol_selection(int alpn, unsigned char **out, unsigned char *outlen,
23432348
}
23442349
#endif
23452350

2346-
#ifdef HAVE_NPN
2351+
#if HAVE_NPN
23472352
/* this callback gets passed to SSL_CTX_set_next_protos_advertise_cb */
23482353
static int
23492354
_advertiseNPN_cb(SSL *s,
@@ -2378,7 +2383,7 @@ _selectNPN_cb(SSL *s,
23782383
static PyObject *
23792384
_set_npn_protocols(PySSLContext *self, PyObject *args)
23802385
{
2381-
#ifdef HAVE_NPN
2386+
#if HAVE_NPN
23822387
Py_buffer protos;
23832388

23842389
if (!PyArg_ParseTuple(args, "s*:set_npn_protocols", &protos))
@@ -2414,7 +2419,7 @@ _set_npn_protocols(PySSLContext *self, PyObject *args)
24142419
#endif
24152420
}
24162421

2417-
#ifdef HAVE_ALPN
2422+
#if HAVE_ALPN
24182423
static int
24192424
_selectALPN_cb(SSL *s,
24202425
const unsigned char **out, unsigned char *outlen,
@@ -2431,7 +2436,7 @@ _selectALPN_cb(SSL *s,
24312436
static PyObject *
24322437
_set_alpn_protocols(PySSLContext *self, PyObject *args)
24332438
{
2434-
#ifdef HAVE_ALPN
2439+
#if HAVE_ALPN
24352440
Py_buffer protos;
24362441

24372442
if (!PyArg_ParseTuple(args, "s*:set_npn_protocols", &protos))
@@ -4387,15 +4392,15 @@ init_ssl(void)
43874392
Py_INCREF(r);
43884393
PyModule_AddObject(m, "HAS_ECDH", r);
43894394

4390-
#ifdef HAVE_NPN
4395+
#if HAVE_NPN
43914396
r = Py_True;
43924397
#else
43934398
r = Py_False;
43944399
#endif
43954400
Py_INCREF(r);
43964401
PyModule_AddObject(m, "HAS_NPN", r);
43974402

4398-
#ifdef HAVE_ALPN
4403+
#if HAVE_ALPN
43994404
r = Py_True;
44004405
#else
44014406
r = Py_False;

0 commit comments

Comments
 (0)