diff options
| author |   Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> | 2019-12-07 09:20:43 -0800 |
|---|---|---|
| committer |   GitHub <noreply@github.com> | 2019-12-07 09:20:43 -0800 |
| commit | a197f8aa7493e66bc54c3db8f796d00cef1c3042 (patch) | |
| tree | 313f1826fafc601f8c03df98ef6ece4f0964d283 /Modules | |
| parent | bpo-37404: Raising value error if an SSLSocket is passed to asyncio functions... (diff) | |
| download | cpython-a197f8aa7493e66bc54c3db8f796d00cef1c3042.tar.gz cpython-a197f8aa7493e66bc54c3db8f796d00cef1c3042.tar.bz2 cpython-a197f8aa7493e66bc54c3db8f796d00cef1c3042.zip | |
[3.7] bpo-38820: OpenSSL 3.0.0 compatibility. (GH-17190) (GH-17500)
test_openssl_version now accepts version 3.0.0.
getpeercert() no longer returns IPv6 addresses with a trailing new line.
Signed-off-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue38820
(cherry picked from commit 2b7de6696bf2f924cd2cd9ff0a539c8aa37c6244)
Co-authored-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue38820
Automerge-Triggered-By: @tiran
Diffstat (limited to 'Modules')
| -rw-r--r-- | Modules/_ssl.c | 49 |
1 files changed, 48 insertions, 1 deletions
diff --git a/Modules/_ssl.c b/Modules/_ssl.c index a94dbbaec84..4611710a95d 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -1377,6 +1377,54 @@ _get_peer_alt_names (X509 *certificate) { PyTuple_SET_ITEM(t, 1, v); break; + case GEN_IPADD: + /* OpenSSL < 3.0.0 adds a trailing \n to IPv6. 3.0.0 removed + * the trailing newline. Remove it in all versions + */ + t = PyTuple_New(2); + if (t == NULL) + goto fail; + + v = PyUnicode_FromString("IP Address"); + if (v == NULL) { + Py_DECREF(t); + goto fail; + } + PyTuple_SET_ITEM(t, 0, v); + + if (name->d.ip->length == 4) { + unsigned char *p = name->d.ip->data; + v = PyUnicode_FromFormat( + "%d.%d.%d.%d", + p[0], p[1], p[2], p[3] + ); + } else if (name->d.ip->length == 16) { + /* PyUnicode_FromFormat() does not support %X */ + unsigned char *p = name->d.ip->data; + len = sprintf( + buf, + "%X:%X:%X:%X:%X:%X:%X:%X", + p[0] << 8 | p[1], + p[2] << 8 | p[3], + p[4] << 8 | p[5], + p[6] << 8 | p[7], + p[8] << 8 | p[9], + p[10] << 8 | p[11], + p[12] << 8 | p[13], + p[14] << 8 | p[15] + ); + v = PyUnicode_FromStringAndSize(buf, len); + } else { + v = PyUnicode_FromString("<invalid>"); + } + + if (v == NULL) { + Py_DECREF(t); + goto fail; + } + PyTuple_SET_ITEM(t, 1, v); + break; + default: /* for everything else, we use the OpenSSL print form */ switch (gntype) { @@ -1384,7 +1432,6 @@ _get_peer_alt_names (X509 *certificate) { case GEN_OTHERNAME: case GEN_X400: case GEN_EDIPARTY: - case GEN_IPADD: case GEN_RID: break; default: |