Bug report
Bug description:
The OPENSSL_VERSION < 0x101010cf check introduced in the ssl module in #24899 is always true since OPENSSL_VERSION is a parameter for the OpenSSL_version() API and happens to be defined to 0. For this check to work as intended, it should be using OPENSSL_VERSION_NUMBER instead.
|
/* bpo43522 and OpenSSL < 1.1.1l: copy hostflags manually */ |
|
#if OPENSSL_VERSION < 0x101010cf |
|
X509_VERIFY_PARAM *ssl_verification_params = SSL_get0_param(self->ssl); |
|
X509_VERIFY_PARAM *ssl_ctx_verification_params = SSL_CTX_get0_param(ctx); |
|
|
|
unsigned int ssl_ctx_host_flags = X509_VERIFY_PARAM_get_hostflags(ssl_ctx_verification_params); |
|
X509_VERIFY_PARAM_set_hostflags(ssl_verification_params, ssl_ctx_host_flags); |
|
#endif |
This is harmless since this stanza is a noop for modern OpenSSL, but should probably still be fixed.
CPython versions tested on:
CPython main branch
Operating systems tested on:
No response
Linked PRs
Bug report
Bug description:
The
OPENSSL_VERSION < 0x101010cfcheck introduced in the ssl module in #24899 is always true sinceOPENSSL_VERSIONis a parameter for theOpenSSL_version()API and happens to be defined to0. For this check to work as intended, it should be usingOPENSSL_VERSION_NUMBERinstead.cpython/Modules/_ssl.c
Lines 939 to 946 in ff7bb56
This is harmless since this stanza is a noop for modern OpenSSL, but should probably still be fixed.
CPython versions tested on:
CPython main branch
Operating systems tested on:
No response
Linked PRs
_ssl.c#139945_ssl.c(GH-139945) #139964