summaryrefslogtreecommitdiff
path: root/OpenSSL/ssl/context.c
diff options
context:
space:
mode:
authorJean-Paul Calderone <exarkun@twistedmatrix.com>2013-10-06 08:58:04 -0400
committerJean-Paul Calderone <exarkun@twistedmatrix.com>2013-10-06 08:58:04 -0400
commit5c0fd5568efa1ea922f99c74e1e65f0fcdac061c (patch)
tree04ac610a15ee962aa030a2cc92f577be445be02b /OpenSSL/ssl/context.c
parentf7e37e6b2f83f7fd00f7e5aaee9ecc55e349fd87 (diff)
parentd1e969eddee9fe3d970aebdc860f95fccc40230d (diff)
downloadpyopenssl-trunk.tar.gz
Add support for negotiating TLSv1_1 or TLSv1_2HEADtrunk
Diffstat (limited to 'OpenSSL/ssl/context.c')
-rw-r--r--OpenSSL/ssl/context.c30
1 files changed, 27 insertions, 3 deletions
diff --git a/OpenSSL/ssl/context.c b/OpenSSL/ssl/context.c
index e971c0a..84180b8 100644
--- a/OpenSSL/ssl/context.c
+++ b/OpenSSL/ssl/context.c
@@ -282,9 +282,16 @@ global_tlsext_servername_callback(const SSL *ssl, int *alert, void *arg) {
#ifdef OPENSSL_NO_SSL2
#define SSLv2_METHOD_TEXT ""
#else
-#define SSLv2_METHOD_TEXT "SSLv2_METHOD, "
+#define SSLv2_METHOD_TEXT " SSLv2_METHOD"
#endif
+#ifdef SSL_OP_NO_TLSv1_1
+#define TLSv1_1_METHOD_TEXT " TLSv1_1_METHOD"
+#endif
+
+#ifdef SSL_OP_NO_TLSv1_2
+#define TLSv1_2_METHOD_TEXT " TLSv1_2_METHOD"
+#endif
static char ssl_Context_doc[] = "\n\
Context(method) -> Context instance\n\
@@ -292,11 +299,12 @@ Context(method) -> Context instance\n\
OpenSSL.SSL.Context instances define the parameters for setting up new SSL\n\
connections.\n\
\n\
-:param method: One of " SSLv2_METHOD_TEXT "SSLv3_METHOD, SSLv23_METHOD, or\n\
- TLSv1_METHOD.\n\
+:param method: One of:" SSLv2_METHOD_TEXT " SSLv3_METHOD SSLv23_METHOD TLSv1_METHOD" TLSv1_1_METHOD_TEXT TLSv1_2_METHOD_TEXT "\n\
";
#undef SSLv2_METHOD_TEXT
+#undef TLSv1_1_METHOD_TEXT
+#undef TLSv1_2_METHOD_TEXT
static char ssl_Context_load_verify_locations_doc[] = "\n\
Let SSL know where we can find trusted certificates for the certificate\n\
@@ -1262,6 +1270,22 @@ ssl_Context_init(ssl_ContextObj *self, int i_method) {
case ssl_TLSv1_METHOD:
method = TLSv1_method();
break;
+ case ssl_TLSv1_1_METHOD:
+#ifdef SSL_OP_NO_TLSv1_1
+ method = TLSv1_1_method();
+#else
+ PyErr_SetString(PyExc_ValueError, "TLSv1_1_method not supported by this version of OpenSSL");
+ return NULL;
+#endif
+ break;
+ case ssl_TLSv1_2_METHOD:
+#ifdef SSL_OP_NO_TLSv1_2
+ method = TLSv1_2_method();
+#else
+ PyErr_SetString(PyExc_ValueError, "TLSv1_2_method not supported by this version of OpenSSL");
+ return NULL;
+#endif
+ break;
default:
PyErr_SetString(PyExc_ValueError, "No such protocol");
return NULL;
View Lorry Controller Status