New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
_ssl cannot be compiled with LibreSSL anymore (on OpenBSD 5.5) because of ALPN #67518
Comments
Recently, the issue bpo-20188 "ALPN support for TLS" was fixed. The problem is that the check for the ALPN feature doesn't work with LibreSSL: /* ALPN added in OpenSSL 1.0.2 */
#if OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(OPENSSL_NO_TLSEXT)
# define HAVE_ALPN
#endif On the buildbot OpenBSD 5.5 with LibreSSL, OPENSSL_VERSION_NUMBER is 2.x instead of 1.0.x. See also the issue bpo-23177. A workaround would be to disable the feature if LIBRESSL_VERSION_NUMBER is defined. http://buildbot.python.org/all/builders/x86%20OpenBSD%205.5%203.x/builds/1333/steps/test/logs/stdio using PTY: False Python build finished successfully! Following modules built successfully but were removed because they could not be imported: |
New changeset 53e94a687570 by Benjamin Peterson in branch 'default': New changeset f7fd2776e80d by Benjamin Peterson in branch '2.7': |
Cool, the issue looks like the issue has been fixed: the _ssl module can be build again. Thanks for the quick fix. |
(Thanks for pointing out the problem and the fix.) |
ALPN was removed originally but added again later |
Maybe we could check if the functionality is available instead of checking a version? What do you think about that? |
Checking if the method is actually defined is the smart way to go From include/openssl/tls1.h So #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation |
With this patch it works fine on OpenBSD with LibreSSL. Thanks spil@ for the idea. |
I just tested your patch on Arch Linux with the default 3.6 Python branch. The test suite passed happily and all seems to be well: Python 3.6.0a0 (python_have_alpn.diff qbase qtip tip:eb8ee60ace13, Sep 25 2015, 22:53:15)
[GCC 5.1.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import ssl
>>> ssl.HAS_ALPN
True
>>> ssl.OPENSSL_VERSION
'OpenSSL 1.0.2d 9 Jul 2015' |
Good, I think we should test on a machine with a version of openssl that does not support ALPN to be sure. |
New changeset 38a5b0f6531b by Benjamin Peterson in branch '3.5': New changeset 747996431c7e by Benjamin Peterson in branch 'default': |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: