From 45aa681b05337e691819ebf283e5004a58fac842 Mon Sep 17 00:00:00 2001 From: Timo Steidle Date: Mon, 11 Apr 2016 14:05:08 +0200 Subject: [PATCH 1/3] Added support for TLSv1_1 and TLSv1_2 --- ssl/__init__.py | 9 ++++++++- ssl/_ssl2.c | 12 +++++++++++- test/test_ssl.py | 2 ++ 3 files changed, 21 insertions(+), 2 deletions(-) diff --git a/ssl/__init__.py b/ssl/__init__.py index 3c1968d..4edfc3c 100644 --- a/ssl/__init__.py +++ b/ssl/__init__.py @@ -53,6 +53,8 @@ PROTOCOL_SSLv3 PROTOCOL_SSLv23 PROTOCOL_TLSv1 +PROTOCOL_TLSv11 +PROTOCOL_TLSv12 PROTOCOL_NOSSLv2 -- anything except version 2 """ @@ -62,7 +64,8 @@ from _ssl2 import SSLError from _ssl2 import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED -from _ssl2 import PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1, PROTOCOL_NOSSLv2 +from _ssl2 import PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1, PROTOCOL_TLSv1_1, PROTOCOL_TLSv1_2,\ + PROTOCOL_NOSSLv2 from _ssl2 import RAND_status, RAND_egd, RAND_add from _ssl2 import \ SSL_ERROR_ZERO_RETURN, \ @@ -393,6 +396,10 @@ def get_server_certificate (addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): def get_protocol_name (protocol_code): if protocol_code == PROTOCOL_TLSv1: return "TLSv1" + if protocol_code == PROTOCOL_TLSv1_1: + return "TLSv1_1" + if protocol_code == PROTOCOL_TLSv1_2: + return "TLSv1_2" elif protocol_code == PROTOCOL_SSLv23: return "SSLv23" elif protocol_code == PROTOCOL_SSLv2: diff --git a/ssl/_ssl2.c b/ssl/_ssl2.c index 64c8aec..1821b8d 100644 --- a/ssl/_ssl2.c +++ b/ssl/_ssl2.c @@ -69,7 +69,9 @@ enum py_ssl_version { PY_SSL_VERSION_SSL3, PY_SSL_VERSION_SSL23, PY_SSL_VERSION_TLS1, - PY_SSL_VERSION_NOSSL2, + PY_SSL_VERSION_TLS1_1, + PY_SSL_VERSION_TLS1_2, + PY_SSL_VERSION_NOSSL2, }; /* Include symbols from _socket module */ @@ -304,6 +306,10 @@ newPySSLObject(PySocketSockObject *Sock, char *key_file, char *cert_file, PySSL_BEGIN_ALLOW_THREADS if (proto_version == PY_SSL_VERSION_TLS1) self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ + if (proto_version == PY_SSL_VERSION_TLS1_1) + self->ctx = SSL_CTX_new(TLSv1_1_method()); /* Set up context */ + if (proto_version == PY_SSL_VERSION_TLS1_2) + self->ctx = SSL_CTX_new(TLSv1_2_method()); /* Set up context */ else if (proto_version == PY_SSL_VERSION_SSL3) self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ #ifndef OPENSSL_NO_SSL2 @@ -1689,6 +1695,10 @@ init_ssl2(void) PY_SSL_VERSION_SSL23); PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", PY_SSL_VERSION_TLS1); + PyModule_AddIntConstant(m, "PROTOCOL_TLSv1_1", + PY_SSL_VERSION_TLS1_1); + PyModule_AddIntConstant(m, "PROTOCOL_TLSv1_2", + PY_SSL_VERSION_TLS1_2); PyModule_AddIntConstant(m, "PROTOCOL_NOSSLv2", PY_SSL_VERSION_NOSSL2); } diff --git a/test/test_ssl.py b/test/test_ssl.py index d188bce..8d953d6 100644 --- a/test/test_ssl.py +++ b/test/test_ssl.py @@ -44,6 +44,8 @@ def testCrucialConstants(self): ssl.PROTOCOL_SSLv23 ssl.PROTOCOL_SSLv3 ssl.PROTOCOL_TLSv1 + ssl.PROTOCOL_TLSv11 + ssl.PROTOCOL_TLSv12 ssl.CERT_NONE ssl.CERT_OPTIONAL ssl.CERT_REQUIRED From 537f7068b51c7f9ef088a3b3229e77d77b1c92b8 Mon Sep 17 00:00:00 2001 From: Timo Steidle Date: Mon, 11 Apr 2016 14:12:59 +0200 Subject: [PATCH 2/3] Fixed tests --- test/test_ssl.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/test_ssl.py b/test/test_ssl.py index 8d953d6..401f0a9 100644 --- a/test/test_ssl.py +++ b/test/test_ssl.py @@ -44,8 +44,8 @@ def testCrucialConstants(self): ssl.PROTOCOL_SSLv23 ssl.PROTOCOL_SSLv3 ssl.PROTOCOL_TLSv1 - ssl.PROTOCOL_TLSv11 - ssl.PROTOCOL_TLSv12 + ssl.PROTOCOL_TLSv1_1 + ssl.PROTOCOL_TLSv1_2 ssl.CERT_NONE ssl.CERT_OPTIONAL ssl.CERT_REQUIRED From bbf8b3b1a18fc62157b8ef4071b7523f2b4672c7 Mon Sep 17 00:00:00 2001 From: Timo Steidle Date: Mon, 11 Apr 2016 14:18:36 +0200 Subject: [PATCH 3/3] Fixed a docstring --- ssl/__init__.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ssl/__init__.py b/ssl/__init__.py index 4edfc3c..36cbc8d 100644 --- a/ssl/__init__.py +++ b/ssl/__init__.py @@ -53,8 +53,8 @@ PROTOCOL_SSLv3 PROTOCOL_SSLv23 PROTOCOL_TLSv1 -PROTOCOL_TLSv11 -PROTOCOL_TLSv12 +PROTOCOL_TLSv1_1 +PROTOCOL_TLSv1_2 PROTOCOL_NOSSLv2 -- anything except version 2 """