Revision - 7316c6d - [3.6] bpo-30622: Change NPN detection: (GH-2079) (#3314) - origin: https://github.com/python/cpython

Staging
v0.8.1

visit type:

https://github.com/python/cpython

09 December 2020, 11:06:31 UTC

Revision 7316c6d4a57931e9786c06eae168b227d7463317 authored by Christian Heimes on 05 September 2017, 14:00:44 UTC, committed by GitHub on 05 September 2017, 14:00:44 UTC

[3.6] bpo-30622: Change NPN detection: (GH-2079) (#3314)

* Change NPN detection:

Version breakdown, support disabled (pre-patch/post-patch):
- pre-1.0.1: OPENSSL_NPN_NEGOTIATED will not be defined -> False/False
- 1.0.1 and 1.0.2: OPENSSL_NPN_NEGOTIATED will not be defined ->
False/False
- 1.1.0+: OPENSSL_NPN_NEGOTIATED will be defined and
OPENSSL_NO_NEXTPROTONEG will be defined -> True/False

Version breakdown support enabled (pre-patch/post-patch):
- pre-1.0.1: OPENSSL_NPN_NEGOTIATED will not be defined -> False/False
- 1.0.1 and 1.0.2: OPENSSL_NPN_NEGOTIATED will be defined and
OPENSSL_NO_NEXTPROTONEG will not be defined -> True/True
- 1.1.0+: OPENSSL_NPN_NEGOTIATED will be defined and
OPENSSL_NO_NEXTPROTONEG will not be defined -> True/True

* Refine NPN guard:

- If NPN is disabled, but ALPN is available we need our callback
- Make clinic's ssl behave the same way

This created a working ssl module for me, with NPN disabled and ALPN
enabled for OpenSSL 1.1.0f.

Concerns to address:
The initial commit for NPN support into OpenSSL [1], had the
OPENSSL_NPN_* variables defined inside the OPENSSL_NO_NEXTPROTONEG
guard. The question is if that ever made it into a release.
This would need an ugly hack, something like:

	GH-if defined(OPENSSL_NO_NEXTPROTONEG) && \
		!defined(OPENSSL_NPN_NEGOTIATED)
	GH-	define OPENSSL_NPN_UNSUPPORTED 0
	GH-	define OPENSSL_NPN_NEGOTIATED 1
	GH-	define OPENSSL_NPN_NO_OVERLAP 2
	GH-endif

[1] https://github.com/openssl/openssl/commit/68b33cc5c7
(cherry picked from commit b2d096b)

1 parent e2543a6

Files
Changes

Permalinks

Tip revision: 7316c6d4a57931e9786c06eae168b227d7463317 authored by Christian Heimes on 05 September 2017, 14:00:44 UTC
[3.6] bpo-30622: Change NPN detection: (GH-2079) (#3314)

Tip revision: 7316c6d

.hgignore

.gdb_history
.purify
.svn/
^.idea/
^.vscode/
.DS_Store
Makefile$
Makefile.pre$
TAGS$
autom4te.cache$
^build/
^Doc/build/
^Doc/venv/
buildno$
config.cache
config.log
config.status
config.status.lineno
db_home
platform$
pyconfig.h$
python$
python.bat$
python.exe$
python-config$
python-config.py$
reflog.txt$
tags$
Misc/python.pc
Misc/python-config.sh$
Modules/Setup$
Modules/Setup.config
Modules/Setup.local
Modules/config.c
Modules/ld_so_aix$
Parser/pgen$
^lcov-report/
^core
^python-gdb.py
^python.exe-gdb.py
^pybuilddir.txt

syntax: glob
libpython*.a
libpython*.so*
libpython*.dylib
*.swp
*.o
*.pyc
*.pyo
*.pyd
*.cover
*~
*.gc??
*.profclang?
*.profraw
*.dyn
Include/pydtrace_probes.h
Lib/distutils/command/*.pdb
Lib/lib2to3/*.pickle
Lib/test/data/*
Misc/*.wpu
PC/python_nt*.h
PC/pythonnt_rc*.h
PC/*/*.exe
PC/*/*.exp
PC/*/*.lib
PC/*/*.bsc
PC/*/*.dll
PC/*/*.pdb
PC/*/*.user
PC/*/*.ncb
PC/*/*.suo
PC/*/Win32-temp-*
PC/*/x64-temp-*
PC/*/amd64
PCbuild/*.user
PCbuild/*.suo
PCbuild/*.*sdf
PCbuild/*-pgi
PCbuild/*-pgo
PCbuild/.vs
PCbuild/amd64
PCbuild/obj
PCbuild/win32
Tools/unicode/build/
Tools/unicode/MAPPINGS/
BuildLog.htm
__pycache__
Programs/_freeze_importlib
Programs/_testembed
.coverage
coverage/
externals/
htmlcov/
*.gcda
*.gcno
*.gcov
ipch/
coverage.info
Tools/msi/obj
Tools/ssl/amd64
Tools/ssl/win32
.vs/
.vscode/

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...