Message 263546 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	spil
Recipients	Michael.Felt, alex, christian.heimes, dstufft, giampaolo.rodola, janssen, pitrou, smpeepers, spil, zach.ware
Date	2016-04-16.10:39:27
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1460803175.06.0.589125601527.issue26470@psf.upfronthosting.co.za>
In-reply-to

Content
Checking version numbers to see if a feature is available is a bad practice. How can features ever be removed this way! Would be better to check for the feature itself (using autoconf). The patch was mostly OK but any check for OPENSSL_VERSION_NUMBER for now also requires a negative check for LIBRESSL_VERSION_NUMBER as LibreSSL froze features at 1.0.1g. Next to that, anything requiring compression (CRIME attack) should be guarded using and #infdef OPENSSL_NO_COMP. This patch allowed me to build Python 3.5 with LibreSSL 2.3 (i.e. without SSLv3, Compression, RC4, SHA-0, etc)

Checking version numbers to see if a feature is available is a bad practice. How can features ever be removed this way! Would be better to check for the feature itself (using autoconf).

The patch was mostly OK but any check for OPENSSL_VERSION_NUMBER for now also requires a negative check for LIBRESSL_VERSION_NUMBER as LibreSSL froze features at 1.0.1g.

Next to that, anything requiring compression (CRIME attack) should be guarded using and #infdef OPENSSL_NO_COMP.

This patch allowed me to build Python 3.5 with LibreSSL 2.3 (i.e. without SSLv3, Compression, RC4, SHA-0, etc)

History
Date	User	Action	Args
2016-04-16 10:39:35	spil	set	recipients: + spil, janssen, pitrou, giampaolo.rodola, christian.heimes, alex, zach.ware, dstufft, Michael.Felt, smpeepers
2016-04-16 10:39:35	spil	set	messageid: <1460803175.06.0.589125601527.issue26470@psf.upfronthosting.co.za>
2016-04-16 10:39:35	spil	link	issue26470 messages
2016-04-16 10:39:34	spil	create