Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings
forked frompython/cpython

Commit79ccc03

Browse files
graingertblurb-it[bot]tiranhugovk
authored
pythongh-89051: Add ssl.OP_LEGACY_SERVER_CONNECT (python#93927)
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>Co-authored-by: Christian Heimes <christian@python.org>Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>Fixespython#89051
1 parent36a0b1d commit79ccc03

File tree

4 files changed

+26
-0
lines changed

4 files changed

+26
-0
lines changed

‎Doc/library/ssl.rst‎

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -823,6 +823,13 @@ Constants
823823

824824
..versionadded::3.12
825825

826+
..data::OP_LEGACY_SERVER_CONNECT
827+
828+
Allow legacy insecure renegotiation between OpenSSL and unpatched servers
829+
only.
830+
831+
..versionadded::3.12
832+
826833
..data::HAS_ALPN
827834

828835
Whether the OpenSSL library has built-in support for the *Application-Layer

‎Lib/test/test_ssl.py‎

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1461,6 +1461,8 @@ def _assert_context_options(self, ctx):
14611461
ifOP_CIPHER_SERVER_PREFERENCE!=0:
14621462
self.assertEqual(ctx.options&OP_CIPHER_SERVER_PREFERENCE,
14631463
OP_CIPHER_SERVER_PREFERENCE)
1464+
self.assertEqual(ctx.options&ssl.OP_LEGACY_SERVER_CONNECT,
1465+
0ifIS_OPENSSL_3_0_0elsessl.OP_LEGACY_SERVER_CONNECT)
14641466

14651467
deftest_create_default_context(self):
14661468
ctx=ssl.create_default_context()
@@ -3815,6 +3817,20 @@ def test_compression_disabled(self):
38153817
sni_name=hostname)
38163818
self.assertIs(stats['compression'],None)
38173819

3820+
deftest_legacy_server_connect(self):
3821+
client_context,server_context,hostname=testing_context()
3822+
client_context.options|=ssl.OP_LEGACY_SERVER_CONNECT
3823+
server_params_test(client_context,server_context,
3824+
chatty=True,connectionchatty=True,
3825+
sni_name=hostname)
3826+
3827+
deftest_no_legacy_server_connect(self):
3828+
client_context,server_context,hostname=testing_context()
3829+
client_context.options&=~ssl.OP_LEGACY_SERVER_CONNECT
3830+
server_params_test(client_context,server_context,
3831+
chatty=True,connectionchatty=True,
3832+
sni_name=hostname)
3833+
38183834
@unittest.skipIf(Py_DEBUG_WIN32,"Avoid mixing debug/release CRT on Windows")
38193835
deftest_dh_params(self):
38203836
# Check we can get a connection with ephemeral Diffie-Hellman
Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
Add:data:`ssl.OP_LEGACY_SERVER_CONNECT`

‎Modules/_ssl.c‎

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5845,6 +5845,8 @@ sslmodule_init_constants(PyObject *m)
58455845
SSL_OP_CIPHER_SERVER_PREFERENCE);
58465846
PyModule_AddIntConstant(m,"OP_SINGLE_DH_USE",SSL_OP_SINGLE_DH_USE);
58475847
PyModule_AddIntConstant(m,"OP_NO_TICKET",SSL_OP_NO_TICKET);
5848+
PyModule_AddIntConstant(m,"OP_LEGACY_SERVER_CONNECT",
5849+
SSL_OP_LEGACY_SERVER_CONNECT);
58485850
#ifdefSSL_OP_SINGLE_ECDH_USE
58495851
PyModule_AddIntConstant(m,"OP_SINGLE_ECDH_USE",SSL_OP_SINGLE_ECDH_USE);
58505852
#endif

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp