Issue #12440: When testing whether some bits in SSLContext.options can be

pitrou · pitrou · commit 7128f95bd27b · 2011-07-08T18:49:07.000+02:00
reset, check the version of the OpenSSL headers Python was compiled against,
rather than the runtime version of the OpenSSL library.
diff --git a/Lib/ssl.py b/Lib/ssl.py
@@ -78,6 +78,8 @@
 from _ssl import HAS_SNI
 from _ssl import (PROTOCOL_SSLv3, PROTOCOL_SSLv23,
                   PROTOCOL_TLSv1)
+from _ssl import _OPENSSL_API_VERSION
+
 _PROTOCOL_NAMES = {
     PROTOCOL_TLSv1: "TLSv1",
     PROTOCOL_SSLv23: "SSLv23",
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
@@ -60,7 +60,7 @@ def handle_error(prefix):
 
 def can_clear_options():
     # 0.9.8m or higher
-    return ssl.OPENSSL_VERSION_INFO >= (0, 9, 8, 13, 15)
+    return ssl._OPENSSL_API_VERSION >= (0, 9, 8, 13, 15)
 
 def no_sslv2_implies_sslv3_hello():
     # 0.9.7h or higher
diff --git a/Misc/NEWS b/Misc/NEWS
@@ -1004,6 +1004,10 @@ Extension Modules
 Tests
 -----
 
+- Issue #12440: When testing whether some bits in SSLContext.options can be
+  reset, check the version of the OpenSSL headers Python was compiled against,
+  rather than the runtime version of the OpenSSL library.
+
 - Issue #11512: Add a test suite for the cgitb module. Patch by Robbie Clemons.
 
 - Issue #12497: Install test/data to prevent failures of the various codecmaps
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
@@ -2101,6 +2101,24 @@ static struct PyModuleDef _sslmodule = {
     NULL
 };
 
+
+static void
+parse_openssl_version(unsigned long libver,
+                      unsigned int *major, unsigned int *minor,
+                      unsigned int *fix, unsigned int *patch,
+                      unsigned int *status)
+{
+    *status = libver & 0xF;
+    libver >>= 4;
+    *patch = libver & 0xFF;
+    libver >>= 8;
+    *fix = libver & 0xFF;
+    libver >>= 8;
+    *minor = libver & 0xFF;
+    libver >>= 8;
+    *major = libver & 0xFF;
+}
+
 PyMODINIT_FUNC
 PyInit__ssl(void)
 {
@@ -2213,21 +2231,19 @@ PyInit__ssl(void)
         return NULL;
     if (PyModule_AddObject(m, "OPENSSL_VERSION_NUMBER", r))
         return NULL;
-    status = libver & 0xF;
-    libver >>= 4;
-    patch = libver & 0xFF;
-    libver >>= 8;
-    fix = libver & 0xFF;
-    libver >>= 8;
-    minor = libver & 0xFF;
-    libver >>= 8;
-    major = libver & 0xFF;
+    parse_openssl_version(libver, &major, &minor, &fix, &patch, &status);
     r = Py_BuildValue("IIIII", major, minor, fix, patch, status);
     if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION_INFO", r))
         return NULL;
     r = PyUnicode_FromString(SSLeay_version(SSLEAY_VERSION));
     if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION", r))
         return NULL;
 
+    libver = OPENSSL_VERSION_NUMBER;
+    parse_openssl_version(libver, &major, &minor, &fix, &patch, &status);
+    r = Py_BuildValue("IIIII", major, minor, fix, patch, status);
+    if (r == NULL || PyModule_AddObject(m, "_OPENSSL_API_VERSION", r))
+        return NULL;
+
     return m;
 }
