Issue #23143: Remove compatibility with OpenSSLs older than 0.9.8.

(the last 0.9.7 release was in 2007)

Issue #23143: Remove compatibility with OpenSSLs older than 0.9.8.
(the last 0.9.7 release was in 2007)
5e8430d0 · Antoine Pitrou · 60779a55 · 5e8430d0 · 5e8430d0
Kaydet (Commit) 5e8430d0 authored Ock 03, 2015 tarafından Antoine Pitrou
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 53 deletions

NEWS Misc/NEWS +2 -0

_ssl.c Modules/_ssl.c +0 -53

No files found.
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -196,6 +196,8 @@ Core and Builtins
 Library
 -------

+- Issue #23143: Remove compatibility with OpenSSLs older than 0.9.8.
+
 - Issue #23132: Improve performance and introspection support of comparison
  methods created by functool.total_ordering.


--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -162,13 +162,6 @@ static unsigned int _ssl_locks_count = 0;

 #define X509_NAME_MAXLEN 256

-/* RAND_* APIs got added to OpenSSL in 0.9.5 */
-#if OPENSSL_VERSION_NUMBER >= 0x0090500fL
-# define HAVE_OPENSSL_RAND 1
-#else
-# undef HAVE_OPENSSL_RAND
-#endif
-
 /* SSL_CTX_clear_options() and SSL_clear_options() were first added in
 * OpenSSL 0.9.8m but do not appear in some 0.9.9-dev versions such the
 * 0.9.9 from "May 2008" that NetBSD 5.0 uses. */
@@ -182,28 +175,6 @@ static unsigned int _ssl_locks_count = 0;
 * older SSL, but let's be safe */
 #define PySSL_CB_MAXLEN 128

-/* SSL_get_finished got added to OpenSSL in 0.9.5 */
-#if OPENSSL_VERSION_NUMBER >= 0x0090500fL
-# define HAVE_OPENSSL_FINISHED 1
-#else
-# define HAVE_OPENSSL_FINISHED 0
-#endif
-
-/* ECDH support got added to OpenSSL in 0.9.8 */
-#if OPENSSL_VERSION_NUMBER < 0x0090800fL && !defined(OPENSSL_NO_ECDH)
-# define OPENSSL_NO_ECDH
-#endif
-
-/* compression support got added to OpenSSL in 0.9.8 */
-#if OPENSSL_VERSION_NUMBER < 0x0090800fL && !defined(OPENSSL_NO_COMP)
-# define OPENSSL_NO_COMP
-#endif
-
-/* X509_VERIFY_PARAM got added to OpenSSL in 0.9.8 */
-#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
-# define HAVE_OPENSSL_VERIFY_PARAM
-#endif
-

 typedef struct {
    PyObject_HEAD
@@ -817,12 +788,7 @@ _get_peer_alt_names (X509 *certificate) {
    char buf[2048];
    char *vptr;
    int len;
-    /* Issue #2973: ASN1_item_d2i() API changed in OpenSSL 0.9.6m */
-#if OPENSSL_VERSION_NUMBER >= 0x009060dfL
    const unsigned char *p;
-#else
-    unsigned char *p;
-#endif

    if (certificate == NULL)
        return peer_alt_names;
@@ -1998,7 +1964,6 @@ PyDoc_STRVAR(PySSL_SSLshutdown_doc,
 Does the SSL shutdown handshake with the remote end, and returns\n\
 the underlying socket object.");

-#if HAVE_OPENSSL_FINISHED
 static PyObject *
 PySSL_tls_unique_cb(PySSLSocket *self)
 {
@@ -2031,8 +1996,6 @@ Returns the 'tls-unique' channel binding data, as defined by RFC 5929.\n\
 \n\
 If the TLS handshake is not yet complete, None is returned");

-#endif /* HAVE_OPENSSL_FINISHED */
-
 static PyGetSetDef ssl_getsetlist[] = {
    {"context", (getter) PySSL_get_context,
                (setter) PySSL_set_context, PySSL_set_context_doc},
@@ -2063,10 +2026,8 @@ static PyMethodDef PySSLMethods[] = {
    {"compression", (PyCFunction)PySSL_compression, METH_NOARGS},
    {"shutdown", (PyCFunction)PySSL_SSLshutdown, METH_NOARGS,
     PySSL_SSLshutdown_doc},
-#if HAVE_OPENSSL_FINISHED
    {"tls_unique_cb", (PyCFunction)PySSL_tls_unique_cb, METH_NOARGS,
     PySSL_tls_unique_cb_doc},
-#endif
    {NULL, NULL}
 };

@@ -2380,7 +2341,6 @@ set_verify_mode(PySSLContext *self, PyObject *arg, void *c)
    return 0;
 }

-#ifdef HAVE_OPENSSL_VERIFY_PARAM
 static PyObject *
 get_verify_flags(PySSLContext *self, void *c)
 {
@@ -2418,7 +2378,6 @@ set_verify_flags(PySSLContext *self, PyObject *arg, void *c)
    }
    return 0;
 }
-#endif

 static PyObject *
 get_options(PySSLContext *self, void *c)
@@ -3303,10 +3262,8 @@ static PyGetSetDef context_getsetlist[] = {
                       (setter) set_check_hostname, NULL},
    {"options", (getter) get_options,
                (setter) set_options, NULL},
-#ifdef HAVE_OPENSSL_VERIFY_PARAM
    {"verify_flags", (getter) get_verify_flags,
                     (setter) set_verify_flags, NULL},
-#endif
    {"verify_mode", (getter) get_verify_mode,
                    (setter) set_verify_mode, NULL},
    {NULL},            /* sentinel */
@@ -3606,8 +3563,6 @@ static PyTypeObject PySSLMemoryBIO_Type = {
 };


-#ifdef HAVE_OPENSSL_RAND
-
 /* helper routines for seeding the SSL PRNG */
 static PyObject *
 PySSL_RAND_add(PyObject *self, PyObject *args)
@@ -3745,8 +3700,6 @@ Returns number of bytes read.  Raises SSLError if connection to EGD\n\
 fails or if it does not provide enough data to seed PRNG.");
 #endif /* HAVE_RAND_EGD */

-#endif /* HAVE_OPENSSL_RAND */
-

 PyDoc_STRVAR(PySSL_get_default_verify_paths_doc,
 "get_default_verify_paths() -> tuple\n\
@@ -4132,7 +4085,6 @@ PySSL_enum_crls(PyObject *self, PyObject *args, PyObject *kwds)
 static PyMethodDef PySSL_methods[] = {
    {"_test_decode_cert",       PySSL_test_decode_certificate,
     METH_VARARGS},
-#ifdef HAVE_OPENSSL_RAND
    {"RAND_add",            PySSL_RAND_add, METH_VARARGS,
     PySSL_RAND_add_doc},
    {"RAND_bytes",          PySSL_RAND_bytes, METH_VARARGS,
@@ -4145,7 +4097,6 @@ static PyMethodDef PySSL_methods[] = {
 #endif
    {"RAND_status",         (PyCFunction)PySSL_RAND_status, METH_NOARGS,
     PySSL_RAND_status_doc},
-#endif
    {"get_default_verify_paths", (PyCFunction)PySSL_get_default_verify_paths,
     METH_NOARGS, PySSL_get_default_verify_paths_doc},
 #ifdef _MSC_VER
@@ -4500,11 +4451,7 @@ PyInit__ssl(void)
    Py_INCREF(r);
    PyModule_AddObject(m, "HAS_SNI", r);

-#if HAVE_OPENSSL_FINISHED
    r = Py_True;
-#else
-    r = Py_False;
-#endif
    Py_INCREF(r);
    PyModule_AddObject(m, "HAS_TLS_UNIQUE", r);