[pypy-commit] pypy default: set owner attribute, fix test for more modern OpenSSL
mattip
pypy.commits at gmail.com
Sun May 26 07:26:27 EDT 2019
Author: Matti Picus <matti.picus at gmail.com>
Branch:
Changeset: r96686:a6c18dc8a3c6
Date: 2019-05-26 13:57 +0300
http://bitbucket.org/pypy/pypy/changeset/a6c18dc8a3c6/
Log: set owner attribute, fix test for more modern OpenSSL
diff --git a/lib-python/2.7/test/test_ssl.py b/lib-python/2.7/test/test_ssl.py
--- a/lib-python/2.7/test/test_ssl.py
+++ b/lib-python/2.7/test/test_ssl.py
@@ -770,6 +770,7 @@
default = (ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3)
if not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 0):
default |= ssl.OP_NO_COMPRESSION
+ default |= ssl.OP_ENABLE_MIDDLEBOX_COMPAT
self.assertEqual(default, ctx.options)
ctx.options |= ssl.OP_NO_TLSv1
self.assertEqual(default | ssl.OP_NO_TLSv1, ctx.options)
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/openssl/ssl.py b/lib_pypy/_cffi_ssl/_cffi_src/openssl/ssl.py
--- a/lib_pypy/_cffi_ssl/_cffi_src/openssl/ssl.py
+++ b/lib_pypy/_cffi_ssl/_cffi_src/openssl/ssl.py
@@ -73,6 +73,7 @@
static const long SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG;
static const long SSL_OP_NO_SSLv2;
static const long SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG;
+static const long SSL_OP_ENABLE_MIDDLEBOX_COMPAT;
static const long SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER;
static const long SSL_OP_MSIE_SSLV2_RSA_PADDING;
static const long SSL_OP_SSLEAY_080_CLIENT_DH_BUG;
diff --git a/lib_pypy/_cffi_ssl/_stdssl/__init__.py b/lib_pypy/_cffi_ssl/_stdssl/__init__.py
--- a/lib_pypy/_cffi_ssl/_stdssl/__init__.py
+++ b/lib_pypy/_cffi_ssl/_stdssl/__init__.py
@@ -215,6 +215,7 @@
def _new__ssl_socket(sslctx, sock, socket_type, server_hostname, ssl_sock):
self = _SSLSocket(sslctx)
ctx = sslctx.ctx
+ self.owner = ssl_sock # weakref
if server_hostname:
if isinstance(server_hostname, unicode):
@@ -285,7 +286,8 @@
def owner(self, value):
if value is None:
self._owner = None
- self._owner = weakref.ref(value)
+ else:
+ self._owner = weakref.ref(value)
@property
def context(self):
@@ -807,7 +809,7 @@
# Minimal security flags for server and client side context.
# Client sockets ignore server-side parameters.
options |= lib.SSL_OP_NO_COMPRESSION
- options |= lib.SSL_OP_CIPHER_SERVER_PREFERENCE
+ # options |= lib.SSL_OP_CIPHER_SERVER_PREFERENCE
options |= lib.SSL_OP_SINGLE_DH_USE
options |= lib.SSL_OP_SINGLE_ECDH_USE
lib.SSL_CTX_set_options(self.ctx, options)
More information about the pypy-commit
mailing list