[pypy-commit] pypy openssl-1.1: Copy behavioural change from cpython: OpenSSL has ecdh enabled by default.
stefanor
pypy.commits at gmail.com
Fri Oct 28 19:36:16 EDT 2016
Author: Stefano Rivera <stefano at rivera.za.net>
Branch: openssl-1.1
Changeset: r87982:201233507447
Date: 2016-10-28 15:38 -0700
http://bitbucket.org/pypy/pypy/changeset/201233507447/
Log: Copy behavioural change from cpython: OpenSSL has ecdh enabled by
default.
diff --git a/pypy/module/_ssl/interp_ssl.py b/pypy/module/_ssl/interp_ssl.py
--- a/pypy/module/_ssl/interp_ssl.py
+++ b/pypy/module/_ssl/interp_ssl.py
@@ -1310,6 +1310,7 @@
# OpenSSL 1.0.2+), or use prime256v1 by default.
# This is Apache mod_ssl's initialization
# policy, so we should be safe.
+ # OpenSSL 1.1 has it enabled by default.
if libssl_SSL_CTX_set_ecdh_auto:
libssl_SSL_CTX_set_ecdh_auto(self.ctx, 1)
else:
diff --git a/rpython/rlib/ropenssl.py b/rpython/rlib/ropenssl.py
--- a/rpython/rlib/ropenssl.py
+++ b/rpython/rlib/ropenssl.py
@@ -344,7 +344,7 @@
lltype.Void, macro=True)
ssl_external('SSL_CTX_set_tlsext_servername_arg', [SSL_CTX, rffi.VOIDP], lltype.Void, macro=True)
ssl_external('SSL_CTX_set_tmp_ecdh', [SSL_CTX, EC_KEY], lltype.Void, macro=True)
-if OPENSSL_VERSION_NUMBER >= 0x10002000:
+if 0x10100000 > OPENSSL_VERSION_NUMBER >= 0x10002000:
ssl_external('SSL_CTX_set_ecdh_auto', [SSL_CTX, rffi.INT], lltype.Void,
macro=True)
else:
More information about the pypy-commit
mailing list