svn commit: r461915 - in head/lang/python27: . files
Sunpoet Po-Chuan Hsieh
sunpoet at FreeBSD.org
Thu Feb 15 12:48:01 UTC 2018
Author: sunpoet
Date: Thu Feb 15 12:47:58 2018
New Revision: 461915
URL: https://svnweb.freebsd.org/changeset/ports/461915
Log:
Fix build with OpenSSL 1.1.0 (security/openssl-devel)
- Remove BROKEN_SSL=openssl-devel
Reference: https://bugs.python.org/issue30622
https://github.com/python/cpython/commit/b2d096bd2a5ff86e53c25d00ee5fa097b36bf1d8
PR: 222795
Submitted by: brnrd
MFH: 2018Q1
Added:
head/lang/python27/files/patch-issue30622 (contents, props changed)
Modified:
head/lang/python27/Makefile
Modified: head/lang/python27/Makefile
==============================================================================
--- head/lang/python27/Makefile Thu Feb 15 12:47:53 2018 (r461914)
+++ head/lang/python27/Makefile Thu Feb 15 12:47:58 2018 (r461915)
@@ -14,8 +14,6 @@ COMMENT= Interpreted object-oriented programming langu
LICENSE= PSFL
-BROKEN_SSL= openssl-devel
-
USES= cpe ncurses pathfix pkgconfig readline:port shebangfix ssl tar:xz
PATHFIX_MAKEFILEIN= Makefile.pre.in
USE_LDCONFIG= yes
Added: head/lang/python27/files/patch-issue30622
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/lang/python27/files/patch-issue30622 Thu Feb 15 12:47:58 2018 (r461915)
@@ -0,0 +1,128 @@
+From b2d096bd2a5ff86e53c25d00ee5fa097b36bf1d8 Mon Sep 17 00:00:00 2001
+From: Melvyn Sopacua <melvyn-sopacua at users.noreply.github.com>
+Date: Mon, 4 Sep 2017 23:35:15 +0200
+Subject: [PATCH] bpo-30622: Change NPN detection: (#2079)
+
+* Change NPN detection:
+
+Version breakdown, support disabled (pre-patch/post-patch):
+- pre-1.0.1: OPENSSL_NPN_NEGOTIATED will not be defined -> False/False
+- 1.0.1 and 1.0.2: OPENSSL_NPN_NEGOTIATED will not be defined ->
+False/False
+- 1.1.0+: OPENSSL_NPN_NEGOTIATED will be defined and
+OPENSSL_NO_NEXTPROTONEG will be defined -> True/False
+
+Version breakdown support enabled (pre-patch/post-patch):
+- pre-1.0.1: OPENSSL_NPN_NEGOTIATED will not be defined -> False/False
+- 1.0.1 and 1.0.2: OPENSSL_NPN_NEGOTIATED will be defined and
+OPENSSL_NO_NEXTPROTONEG will not be defined -> True/True
+- 1.1.0+: OPENSSL_NPN_NEGOTIATED will be defined and
+OPENSSL_NO_NEXTPROTONEG will not be defined -> True/True
+
+* Refine NPN guard:
+
+- If NPN is disabled, but ALPN is available we need our callback
+- Make clinic's ssl behave the same way
+
+This created a working ssl module for me, with NPN disabled and ALPN
+enabled for OpenSSL 1.1.0f.
+
+Concerns to address:
+The initial commit for NPN support into OpenSSL [1], had the
+OPENSSL_NPN_* variables defined inside the OPENSSL_NO_NEXTPROTONEG
+guard. The question is if that ever made it into a release.
+This would need an ugly hack, something like:
+
+ #if defined(OPENSSL_NO_NEXTPROTONEG) && \
+ !defined(OPENSSL_NPN_NEGOTIATED)
+ # define OPENSSL_NPN_UNSUPPORTED 0
+ # define OPENSSL_NPN_NEGOTIATED 1
+ # define OPENSSL_NPN_NO_OVERLAP 2
+ #endif
+
+[1] https://github.com/openssl/openssl/commit/68b33cc5c7
+
+--- Modules/_ssl.c.orig 2017-09-16 17:38:35 UTC
++++ Modules/_ssl.c
+@@ -280,7 +280,7 @@ static unsigned int _ssl_locks_count = 0
+ typedef struct {
+ PyObject_HEAD
+ SSL_CTX *ctx;
+-#ifdef OPENSSL_NPN_NEGOTIATED
++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
+ unsigned char *npn_protocols;
+ int npn_protocols_len;
+ #endif
+@@ -1502,7 +1502,7 @@ static PyObject *PySSL_version(PySSLSock
+ return PyUnicode_FromString(version);
+ }
+
+-#ifdef OPENSSL_NPN_NEGOTIATED
++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
+ static PyObject *PySSL_selected_npn_protocol(PySSLSocket *self) {
+ const unsigned char *out;
+ unsigned int outlen;
+@@ -2030,7 +2030,7 @@ static PyMethodDef PySSLMethods[] = {
+ PySSL_peercert_doc},
+ {"cipher", (PyCFunction)PySSL_cipher, METH_NOARGS},
+ {"version", (PyCFunction)PySSL_version, METH_NOARGS},
+-#ifdef OPENSSL_NPN_NEGOTIATED
++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
+ {"selected_npn_protocol", (PyCFunction)PySSL_selected_npn_protocol, METH_NOARGS},
+ #endif
+ #ifdef HAVE_ALPN
+@@ -2140,7 +2140,7 @@ context_new(PyTypeObject *type, PyObject
+ return NULL;
+ }
+ self->ctx = ctx;
+-#ifdef OPENSSL_NPN_NEGOTIATED
++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
+ self->npn_protocols = NULL;
+ #endif
+ #ifdef HAVE_ALPN
+@@ -2216,7 +2216,7 @@ context_dealloc(PySSLContext *self)
+ {
+ context_clear(self);
+ SSL_CTX_free(self->ctx);
+-#ifdef OPENSSL_NPN_NEGOTIATED
++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
+ PyMem_FREE(self->npn_protocols);
+ #endif
+ #ifdef HAVE_ALPN
+@@ -2246,7 +2246,7 @@ set_ciphers(PySSLContext *self, PyObject
+ Py_RETURN_NONE;
+ }
+
+-#ifdef OPENSSL_NPN_NEGOTIATED
++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) || defined(HAVE_ALPN)
+ static int
+ do_protocol_selection(int alpn, unsigned char **out, unsigned char *outlen,
+ const unsigned char *server_protocols, unsigned int server_protocols_len,
+@@ -2270,7 +2270,9 @@ do_protocol_selection(int alpn, unsigned
+
+ return SSL_TLSEXT_ERR_OK;
+ }
++#endif
+
++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
+ /* this callback gets passed to SSL_CTX_set_next_protos_advertise_cb */
+ static int
+ _advertiseNPN_cb(SSL *s,
+@@ -2305,7 +2307,7 @@ _selectNPN_cb(SSL *s,
+ static PyObject *
+ _set_npn_protocols(PySSLContext *self, PyObject *args)
+ {
+-#ifdef OPENSSL_NPN_NEGOTIATED
++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
+ Py_buffer protos;
+
+ if (!PyArg_ParseTuple(args, "s*:set_npn_protocols", &protos))
+@@ -4303,7 +4305,7 @@ init_ssl(void)
+ Py_INCREF(r);
+ PyModule_AddObject(m, "HAS_ECDH", r);
+
+-#ifdef OPENSSL_NPN_NEGOTIATED
++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
+ r = Py_True;
+ #else
+ r = Py_False;
More information about the svn-ports-head
mailing list