diff options
Diffstat (limited to 'OpenSSL/ssl')
| -rw-r--r-- | OpenSSL/ssl/context.c | 30 | ||||
| -rw-r--r-- | OpenSSL/ssl/context.h | 2 | ||||
| -rw-r--r-- | OpenSSL/ssl/ssl.c | 8 |
3 files changed, 37 insertions, 3 deletions
diff --git a/OpenSSL/ssl/context.c b/OpenSSL/ssl/context.c index e971c0a..84180b8 100644 --- a/OpenSSL/ssl/context.c +++ b/OpenSSL/ssl/context.c @@ -282,9 +282,16 @@ global_tlsext_servername_callback(const SSL *ssl, int *alert, void *arg) { #ifdef OPENSSL_NO_SSL2 #define SSLv2_METHOD_TEXT "" #else -#define SSLv2_METHOD_TEXT "SSLv2_METHOD, " +#define SSLv2_METHOD_TEXT " SSLv2_METHOD" #endif +#ifdef SSL_OP_NO_TLSv1_1 +#define TLSv1_1_METHOD_TEXT " TLSv1_1_METHOD" +#endif + +#ifdef SSL_OP_NO_TLSv1_2 +#define TLSv1_2_METHOD_TEXT " TLSv1_2_METHOD" +#endif static char ssl_Context_doc[] = "\n\ Context(method) -> Context instance\n\ @@ -292,11 +299,12 @@ Context(method) -> Context instance\n\ OpenSSL.SSL.Context instances define the parameters for setting up new SSL\n\ connections.\n\ \n\ -:param method: One of " SSLv2_METHOD_TEXT "SSLv3_METHOD, SSLv23_METHOD, or\n\ - TLSv1_METHOD.\n\ +:param method: One of:" SSLv2_METHOD_TEXT " SSLv3_METHOD SSLv23_METHOD TLSv1_METHOD" TLSv1_1_METHOD_TEXT TLSv1_2_METHOD_TEXT "\n\ "; #undef SSLv2_METHOD_TEXT +#undef TLSv1_1_METHOD_TEXT +#undef TLSv1_2_METHOD_TEXT static char ssl_Context_load_verify_locations_doc[] = "\n\ Let SSL know where we can find trusted certificates for the certificate\n\ @@ -1262,6 +1270,22 @@ ssl_Context_init(ssl_ContextObj *self, int i_method) { case ssl_TLSv1_METHOD: method = TLSv1_method(); break; + case ssl_TLSv1_1_METHOD: +#ifdef SSL_OP_NO_TLSv1_1 + method = TLSv1_1_method(); +#else + PyErr_SetString(PyExc_ValueError, "TLSv1_1_method not supported by this version of OpenSSL"); + return NULL; +#endif + break; + case ssl_TLSv1_2_METHOD: +#ifdef SSL_OP_NO_TLSv1_2 + method = TLSv1_2_method(); +#else + PyErr_SetString(PyExc_ValueError, "TLSv1_2_method not supported by this version of OpenSSL"); + return NULL; +#endif + break; default: PyErr_SetString(PyExc_ValueError, "No such protocol"); return NULL; diff --git a/OpenSSL/ssl/context.h b/OpenSSL/ssl/context.h index 19b5e9e..989d8f1 100644 --- a/OpenSSL/ssl/context.h +++ b/OpenSSL/ssl/context.h @@ -38,6 +38,8 @@ typedef struct { #define ssl_SSLv3_METHOD (2) #define ssl_SSLv23_METHOD (3) #define ssl_TLSv1_METHOD (4) +#define ssl_TLSv1_1_METHOD (5) +#define ssl_TLSv1_2_METHOD (6) #endif diff --git a/OpenSSL/ssl/ssl.c b/OpenSSL/ssl/ssl.c index 5725d5d..6b0fd84 100644 --- a/OpenSSL/ssl/ssl.c +++ b/OpenSSL/ssl/ssl.c @@ -185,6 +185,8 @@ do { \ PyModule_AddIntConstant(module, "SSLv3_METHOD", ssl_SSLv3_METHOD); PyModule_AddIntConstant(module, "SSLv23_METHOD", ssl_SSLv23_METHOD); PyModule_AddIntConstant(module, "TLSv1_METHOD", ssl_TLSv1_METHOD); + PyModule_AddIntConstant(module, "TLSv1_1_METHOD", ssl_TLSv1_1_METHOD); + PyModule_AddIntConstant(module, "TLSv1_2_METHOD", ssl_TLSv1_2_METHOD); /* Verify constants */ PyModule_AddIntConstant(module, "VERIFY_NONE", SSL_VERIFY_NONE); @@ -204,6 +206,12 @@ do { \ PyModule_AddIntConstant(module, "OP_NO_SSLv2", SSL_OP_NO_SSLv2); PyModule_AddIntConstant(module, "OP_NO_SSLv3", SSL_OP_NO_SSLv3); PyModule_AddIntConstant(module, "OP_NO_TLSv1", SSL_OP_NO_TLSv1); +#ifdef SSL_OP_NO_TLSv1_1 + PyModule_AddIntConstant(module, "OP_NO_TLSv1_1", SSL_OP_NO_TLSv1_1); +#endif +#ifdef SSL_OP_NO_TLSv1_2 + PyModule_AddIntConstant(module, "OP_NO_TLSv1_2", SSL_OP_NO_TLSv1_2); +#endif /* More SSL option constants */ PyModule_AddIntConstant(module, "OP_MICROSOFT_SESS_ID_BUG", SSL_OP_MICROSOFT_SESS_ID_BUG); |