New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ALPN function definition issues #1639
Comments
What definition difference are you seeing? OpenSSL's definitions (https://github.com/openssl/openssl/blob/master/ssl/ssl.h#L1284) match our bindings (https://github.com/pyca/cryptography/blob/master/src/cryptography/hazmat/bindings/openssl/ssl.py#L357) from what I can see. If Libre is defining them differently that's obviously an issue, but at this time we're not officially supporting Libre (there is a tentative plan to fork the openssl backend so we can remove things like engine support from the libre code). |
From LibreSSL 2.1.3 ssl.h: From OpenSSL 1.0.2 (tarball) ssl.h: Except for some layout differences, those are the same. From py-cryptography 0.7.2: The differences I'm seeing are 'SSL *ssl' (Libre/OpenSSL) vs. 'SSL *' and 'const unsigned char *protos' vs 'const unsigned char *'. This causes the following building errors: |
@RvdE In C you can elide the parameter name and the function declaration is identical. The actual problem here is that the OpenSSL backend for cryptography does feature detection based on OPENSSL_VERSION_NUMBER being >= 0x10002001L (see line 527 of src/cryptography/hazmat/bindings/openssl/ssl.py). This could be fixed by checking the Libre version number as well, but at the moment we're not accepting patches for libre against the openssl backend for the reason I previously mentioned. |
Thanks for the explanation. This will soon no longer be an issue for me since somebody patched it for FreeBSD. |
As of today we test master against libressl portable 2.1.3 and all tests pass. |
Since upgrading my LibreSSL to 2.1.3, py-cryptography no longer builds. This is caused by the definition of the ALPN functions in ssl.py, which is different than the ones from ssl.h. The same is true for OpenSSL, since the ALPN implementation seems to be shared between the two (perhaps with minor differences in the code, but the header looks the same).
The text was updated successfully, but these errors were encountered: