1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
|
From 290d762ea13a1d95affa0888c5450b33b00241e8 Mon Sep 17 00:00:00 2001
From: Bo Anderson <mail@boanderson.me>
Date: Tue, 21 Jul 2020 18:28:31 +0100
Subject: [PATCH] Handle MultiSSL
Upstream-Status: Accepted [https://github.com/pycurl/pycurl/pull/639]
Signed-off-by: Stefan Strogin <steils@gentoo.org>
---
src/module.c | 41 ++++++++++++++++++++++++++++++++++++++++-
src/pycurl.h | 11 +++++++++++
2 files changed, 51 insertions(+), 1 deletion(-)
diff --git a/src/module.c b/src/module.c
index 23387ec..dbc5b0c 100644
--- a/src/module.c
+++ b/src/module.c
@@ -322,12 +322,21 @@ initpycurl(void)
{
PyObject *m, *d;
const curl_version_info_data *vi;
- const char *libcurl_version, *runtime_ssl_lib;
+ const char *libcurl_version;
size_t libcurl_version_len, pycurl_version_len;
PyObject *xio_module = NULL;
PyObject *collections_module = NULL;
PyObject *named_tuple = NULL;
PyObject *arglist = NULL;
+#ifdef HAVE_CURL_GLOBAL_SSLSET
+ const curl_ssl_backend **ssllist = NULL;
+ CURLsslset sslset;
+ int i, runtime_supported_backend_found = 0;
+ char backends[200];
+ size_t backends_len = 0;
+#else
+ const char *runtime_ssl_lib;
+#endif
assert(Curl_Type.tp_weaklistoffset > 0);
assert(CurlMulti_Type.tp_weaklistoffset > 0);
@@ -346,6 +355,35 @@ initpycurl(void)
}
/* Our compiled crypto locks should correspond to runtime ssl library. */
+#ifdef HAVE_CURL_GLOBAL_SSLSET
+ sslset = curl_global_sslset(-1, COMPILE_SSL_LIB, &ssllist);
+ if (sslset != CURLSSLSET_OK) {
+ if (sslset == CURLSSLSET_NO_BACKENDS) {
+ strcpy(backends, "none");
+ } else {
+ for (i = 0; ssllist[i] != NULL; i++) {
+ switch (ssllist[i]->id) {
+ case CURLSSLBACKEND_OPENSSL:
+ case CURLSSLBACKEND_GNUTLS:
+ case CURLSSLBACKEND_NSS:
+ case CURLSSLBACKEND_WOLFSSL:
+ case CURLSSLBACKEND_MBEDTLS:
+ runtime_supported_backend_found = 1;
+ break;
+ default:
+ break;
+ }
+ if (backends_len < sizeof(backends)) {
+ backends_len += snprintf(backends + backends_len, sizeof(backends) - backends_len, "%s%s", (i > 0) ? ", " : "", ssllist[i]->name);
+ }
+ }
+ }
+ if (runtime_supported_backend_found == COMPILE_SUPPORTED_SSL_BACKEND_FOUND) {
+ PyErr_Format(PyExc_ImportError, "pycurl: libcurl link-time ssl backends (%s) do not include compile-time ssl backend (%s)", backends, COMPILE_SSL_LIB);
+ goto error;
+ }
+ }
+#else
if (vi->ssl_version == NULL) {
runtime_ssl_lib = "none/other";
} else if (!strncmp(vi->ssl_version, "OpenSSL/", 8) || !strncmp(vi->ssl_version, "LibreSSL/", 9) ||
@@ -366,6 +404,7 @@ initpycurl(void)
PyErr_Format(PyExc_ImportError, "pycurl: libcurl link-time ssl backend (%s) is different from compile-time ssl backend (%s)", runtime_ssl_lib, COMPILE_SSL_LIB);
goto error;
}
+#endif
/* Initialize the type of the new type objects here; doing it here
* is required for portability to Windows without requiring C++. */
diff --git a/src/pycurl.h b/src/pycurl.h
index 02db495..a83c85b 100644
--- a/src/pycurl.h
+++ b/src/pycurl.h
@@ -154,6 +154,10 @@ pycurl_inet_ntop (int family, void *addr, char *string, size_t string_size);
#define HAVE_CURLINFO_HTTP_VERSION
#endif
+#if LIBCURL_VERSION_NUM >= 0x073800 /* check for 7.56.0 or greater */
+#define HAVE_CURL_GLOBAL_SSLSET
+#endif
+
#undef UNUSED
#define UNUSED(var) ((void)&var)
@@ -165,6 +169,7 @@ pycurl_inet_ntop (int family, void *addr, char *string, size_t string_size);
# include <openssl/ssl.h>
# include <openssl/err.h>
# define COMPILE_SSL_LIB "openssl"
+# define COMPILE_SUPPORTED_SSL_BACKEND_FOUND 1
# elif defined(HAVE_CURL_WOLFSSL)
# include <wolfssl/options.h>
# if defined(OPENSSL_EXTRA)
@@ -187,6 +192,7 @@ pycurl_inet_ntop (int family, void *addr, char *string, size_t string_size);
# endif
# endif
# define COMPILE_SSL_LIB "wolfssl"
+# define COMPILE_SUPPORTED_SSL_BACKEND_FOUND 1
# elif defined(HAVE_CURL_GNUTLS)
# include <gnutls/gnutls.h>
# if GNUTLS_VERSION_NUMBER <= 0x020b00
@@ -195,13 +201,16 @@ pycurl_inet_ntop (int family, void *addr, char *string, size_t string_size);
# include <gcrypt.h>
# endif
# define COMPILE_SSL_LIB "gnutls"
+# define COMPILE_SUPPORTED_SSL_BACKEND_FOUND 1
# elif defined(HAVE_CURL_NSS)
# define COMPILE_SSL_LIB "nss"
+# define COMPILE_SUPPORTED_SSL_BACKEND_FOUND 1
# elif defined(HAVE_CURL_MBEDTLS)
# include <mbedtls/ssl.h>
# define PYCURL_NEED_SSL_TSL
# define PYCURL_NEED_MBEDTLS_TSL
# define COMPILE_SSL_LIB "mbedtls"
+# define COMPILE_SUPPORTED_SSL_BACKEND_FOUND 1
# else
# ifdef _MSC_VER
/* sigh */
@@ -218,9 +227,11 @@ pycurl_inet_ntop (int family, void *addr, char *string, size_t string_size);
/* since we have no crypto callbacks for other ssl backends,
* no reason to require users match those */
# define COMPILE_SSL_LIB "none/other"
+# define COMPILE_SUPPORTED_SSL_BACKEND_FOUND 0
# endif /* HAVE_CURL_OPENSSL || HAVE_CURL_WOLFSSL || HAVE_CURL_GNUTLS || HAVE_CURL_NSS || HAVE_CURL_MBEDTLS */
#else
# define COMPILE_SSL_LIB "none/other"
+# define COMPILE_SUPPORTED_SSL_BACKEND_FOUND 0
#endif /* HAVE_CURL_SSL */
#if defined(PYCURL_NEED_SSL_TSL)
--
2.28.0
|
