Patrick Williams | b48b7b4 | 2016-08-17 15:04:38 -0500 | [diff] [blame^] | 1 | From 90c6a53a885dd5c66992309e0af98ac554f1bb97 Mon Sep 17 00:00:00 2001 |
| 2 | From: Cory Benfield <lukasaoz@gmail.com> |
| 3 | Date: Mon, 14 Dec 2015 08:35:20 +0000 |
| 4 | Subject: [PATCH] Remove SSLv2 bindings. |
| 5 | |
| 6 | This commit removes bindings that allow users to set SSLv2 handshake |
| 7 | methods. These are regarded as unnecessary and out-of-date: see #2527. |
| 8 | This commit does leave in a few options that refer to SSLv2 in order to |
| 9 | avoid breaking deployments that rely on them, and in order to allow |
| 10 | users to continue to request that SSLv2 not be enabled at all in their |
| 11 | OpenSSL. |
| 12 | |
| 13 | Upstream-Status: Backport |
| 14 | |
| 15 | This fixes the compile issue after updating to openssl 1.0.2h |
| 16 | Signed-off-by: Armin Kuster <akuster@mvista.com> |
| 17 | |
| 18 | --- |
| 19 | src/_cffi_src/openssl/ssl.py | 17 +---------------- |
| 20 | .../hazmat/bindings/openssl/_conditional.py | 6 ------ |
| 21 | 2 files changed, 1 insertion(+), 22 deletions(-) |
| 22 | |
| 23 | Index: cryptography-1.1/src/_cffi_src/openssl/ssl.py |
| 24 | =================================================================== |
| 25 | --- cryptography-1.1.orig/src/_cffi_src/openssl/ssl.py |
| 26 | +++ cryptography-1.1/src/_cffi_src/openssl/ssl.py |
| 27 | @@ -292,15 +292,6 @@ unsigned long SSL_CTX_add_extra_chain_ce |
| 28 | |
| 29 | /* methods */ |
| 30 | |
| 31 | -/* SSLv2 support is compiled out of some versions of OpenSSL. These will |
| 32 | - * get special support when we generate the bindings so that if they are |
| 33 | - * available they will be wrapped, but if they are not they won't cause |
| 34 | - * problems (like link errors). |
| 35 | - */ |
| 36 | -const SSL_METHOD *SSLv2_method(void); |
| 37 | -const SSL_METHOD *SSLv2_server_method(void); |
| 38 | -const SSL_METHOD *SSLv2_client_method(void); |
| 39 | - |
| 40 | /* |
| 41 | * TLSv1_1 and TLSv1_2 are recent additions. Only sufficiently new versions of |
| 42 | * OpenSSL support them. |
| 43 | @@ -429,14 +420,8 @@ const long SSL_OP_LEGACY_SERVER_CONNECT |
| 44 | #else |
| 45 | static const long Cryptography_HAS_SECURE_RENEGOTIATION = 1; |
| 46 | #endif |
| 47 | -#ifdef OPENSSL_NO_SSL2 |
| 48 | + |
| 49 | static const long Cryptography_HAS_SSL2 = 0; |
| 50 | -SSL_METHOD* (*SSLv2_method)(void) = NULL; |
| 51 | -SSL_METHOD* (*SSLv2_client_method)(void) = NULL; |
| 52 | -SSL_METHOD* (*SSLv2_server_method)(void) = NULL; |
| 53 | -#else |
| 54 | -static const long Cryptography_HAS_SSL2 = 1; |
| 55 | -#endif |
| 56 | |
| 57 | #ifdef OPENSSL_NO_SSL3_METHOD |
| 58 | static const long Cryptography_HAS_SSL3_METHOD = 0; |
| 59 | Index: cryptography-1.1/src/cryptography/hazmat/bindings/openssl/_conditional.py |
| 60 | =================================================================== |
| 61 | --- cryptography-1.1.orig/src/cryptography/hazmat/bindings/openssl/_conditional.py |
| 62 | +++ cryptography-1.1/src/cryptography/hazmat/bindings/openssl/_conditional.py |
| 63 | @@ -274,12 +274,6 @@ CONDITIONAL_NAMES = { |
| 64 | "TLSv1_2_client_method", |
| 65 | ], |
| 66 | |
| 67 | - "Cryptography_HAS_SSL2": [ |
| 68 | - "SSLv2_method", |
| 69 | - "SSLv2_client_method", |
| 70 | - "SSLv2_server_method", |
| 71 | - ], |
| 72 | - |
| 73 | "Cryptography_HAS_SSL3_METHOD": [ |
| 74 | "SSLv3_method", |
| 75 | "SSLv3_client_method", |