diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2021-11-05 19:02:11 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-11-06 07:02:11 +0800 |
| commit | ba9f5e5b4aa79de31bbfa29ba8d5587b186e564d (patch) | |
| tree | b685b3c0ba595377b8bca233cb317e3c3b3558ee | |
| parent | bb05d4b5e69b1ad5fe2c902888e362933b8f0b88 (diff) | |
| download | cryptography-ba9f5e5b4aa79de31bbfa29ba8d5587b186e564d.tar.gz | |
Check for BoringSSL in the SSL bindings (#6553)
| -rw-r--r-- | src/_cffi_src/openssl/ssl.py | 12 | ||||
| -rw-r--r-- | src/cryptography/hazmat/bindings/openssl/_conditional.py | 6 |
2 files changed, 17 insertions, 1 deletions
diff --git a/src/_cffi_src/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py index 814910252..f4408b0cc 100644 --- a/src/_cffi_src/openssl/ssl.py +++ b/src/_cffi_src/openssl/ssl.py @@ -16,6 +16,7 @@ static const long Cryptography_HAS_SSL3_METHOD; static const long Cryptography_HAS_TLSv1_1; static const long Cryptography_HAS_TLSv1_2; static const long Cryptography_HAS_TLSv1_3; +static const long Cryptography_HAS_TLSv1_3_FUNCTIONS; static const long Cryptography_HAS_SECURE_RENEGOTIATION; static const long Cryptography_HAS_SSL_CTX_CLEAR_OPTIONS; static const long Cryptography_HAS_DTLS; @@ -693,6 +694,15 @@ SRTP_PROTECTION_PROFILE * (*SSL_get_selected_srtp_profile)(SSL *) = NULL; static const long Cryptography_HAS_TLSv1_3 = 0; static const long TLS1_3_VERSION = 0; static const long SSL_OP_NO_TLSv1_3 = 0; +#else +static const long Cryptography_HAS_TLSv1_3 = 1; +#endif + +#if CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 || \ + (CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 && !CRYPTOGRAPHY_IS_LIBRESSL) || \ + CRYPTOGRAPHY_IS_BORINGSSL +static const long Cryptography_HAS_TLSv1_3_FUNCTIONS = 0; + static const long SSL_VERIFY_POST_HANDSHAKE = 0; int (*SSL_CTX_set_ciphersuites)(SSL_CTX *, const char *) = NULL; int (*SSL_verify_client_post_handshake)(SSL *) = NULL; @@ -703,7 +713,7 @@ int (*SSL_write_early_data)(SSL *, const void *, size_t, size_t *) = NULL; int (*SSL_read_early_data)(SSL *, void *, size_t, size_t *) = NULL; int (*SSL_CTX_set_max_early_data)(SSL_CTX *, uint32_t) = NULL; #else -static const long Cryptography_HAS_TLSv1_3 = 1; +static const long Cryptography_HAS_TLSv1_3_FUNCTIONS = 1; #endif #if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 && !CRYPTOGRAPHY_IS_LIBRESSL diff --git a/src/cryptography/hazmat/bindings/openssl/_conditional.py b/src/cryptography/hazmat/bindings/openssl/_conditional.py index 8ae601761..4e43f15d2 100644 --- a/src/cryptography/hazmat/bindings/openssl/_conditional.py +++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py @@ -155,6 +155,11 @@ def cryptography_has_tlsv13(): return [ "TLS1_3_VERSION", "SSL_OP_NO_TLSv1_3", + ] + + +def cryptography_has_tlsv13_functions(): + return [ "SSL_VERIFY_POST_HANDSHAKE", "SSL_CTX_set_ciphersuites", "SSL_verify_client_post_handshake", @@ -290,6 +295,7 @@ CONDITIONAL_NAMES = { "Cryptography_HAS_CUSTOM_EXT": cryptography_has_custom_ext, "Cryptography_HAS_OPENSSL_CLEANUP": cryptography_has_openssl_cleanup, "Cryptography_HAS_TLSv1_3": cryptography_has_tlsv13, + "Cryptography_HAS_TLSv1_3_FUNCTIONS": cryptography_has_tlsv13_functions, "Cryptography_HAS_KEYLOG": cryptography_has_keylog, "Cryptography_HAS_RAW_KEY": cryptography_has_raw_key, "Cryptography_HAS_EVP_DIGESTFINAL_XOF": ( |