[Python-checkins] [3.7] bpo-40515: Require OPENSSL_THREADS (GH-19953) (GH-20120)
Christian Heimes
webhook-mailer at python.org
Fri May 15 16:37:37 EDT 2020
https://github.com/python/cpython/commit/efc9065904c4df8962e04303c2c03642f45019b5
commit: efc9065904c4df8962e04303c2c03642f45019b5
branch: 3.7
author: Christian Heimes <christian at python.org>
committer: GitHub <noreply at github.com>
date: 2020-05-15T22:37:32+02:00
summary:
[3.7] bpo-40515: Require OPENSSL_THREADS (GH-19953) (GH-20120)
files:
A Misc/NEWS.d/next/Library/2020-05-06-13-51-19.bpo-40515.TUCvYB.rst
M Modules/_hashopenssl.c
M Modules/_ssl.c
diff --git a/Misc/NEWS.d/next/Library/2020-05-06-13-51-19.bpo-40515.TUCvYB.rst b/Misc/NEWS.d/next/Library/2020-05-06-13-51-19.bpo-40515.TUCvYB.rst
new file mode 100644
index 0000000000000..af77a57fe7237
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2020-05-06-13-51-19.bpo-40515.TUCvYB.rst
@@ -0,0 +1,3 @@
+The :mod:`ssl` and :mod:`hashlib` modules now actively check that OpenSSL is
+build with thread support. Python 3.7.0 made thread support mandatory and no
+longer works safely with a no-thread builds.
diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c
index b13ade6049614..d66709ae058e9 100644
--- a/Modules/_hashopenssl.c
+++ b/Modules/_hashopenssl.c
@@ -32,6 +32,10 @@ module _hashlib
[clinic start generated code]*/
/*[clinic end generated code: output=da39a3ee5e6b4b0d input=c2b4ff081bac4be1]*/
+#ifndef OPENSSL_THREADS
+# error "OPENSSL_THREADS is not defined, Python requires thread-safe OpenSSL"
+#endif
+
#define MUNCH_SIZE INT_MAX
#ifndef HASH_OBJ_CONSTRUCTOR
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 4611710a95def..94606ef0e2993 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -75,6 +75,10 @@ static PySocketModule_APIObject PySocketModule;
# endif
#endif
+#ifndef OPENSSL_THREADS
+# error "OPENSSL_THREADS is not defined, Python requires thread-safe OpenSSL"
+#endif
+
/* SSL error object */
static PyObject *PySSLErrorObject;
static PyObject *PySSLCertVerificationErrorObject;
@@ -5875,7 +5879,7 @@ PyInit__ssl(void)
if (!_setup_ssl_threads()) {
return NULL;
}
-#elif OPENSSL_VERSION_1_1 && defined(OPENSSL_THREADS)
+#elif OPENSSL_VERSION_1_1
/* OpenSSL 1.1.0 builtin thread support is enabled */
_ssl_locks_count++;
#endif
More information about the Python-checkins
mailing list