-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support LibreSSL 3.4.0 #6360
Support LibreSSL 3.4.0 #6360
Conversation
Since LibreSSL 3.4.0 makes most of the TLSv1.3 API available, redefine CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 to LibreSSL versions below 3.4.0.
While LibreSSL 3.4.0 supports more of TLSv1.3 API, the guard redefinition caused the X448 tests to run when not intended.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 \ | ||
(LIBRESSL_VERSION_NUMBER < 0x3040000f) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please sort this below the 332 define
- {VERSION: "3.9", TOXENV: "py39", OPENSSL: {TYPE: "libressl", VERSION: "3.2.6"}} | ||
- {VERSION: "3.9", TOXENV: "py39", OPENSSL: {TYPE: "libressl", VERSION: "3.3.4"}} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
While you're here, would you mind bumpming these to 3.2.7 and 3.3.5 respectively?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
On second thought, let's just merge :-)
* Add LibreSSL 3.4.0 to CI * Add a LibreSSL 3.4.0 guard Since LibreSSL 3.4.0 makes most of the TLSv1.3 API available, redefine CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 to LibreSSL versions below 3.4.0. * DTLS_get_data_mtu does not exist in LibreSSL * Only EVP_Digest{Sign,Verify} exist in LibreSSL 3.4.0+ * SSL_CTX_{set,get}_keylog_callback does not exist in LibreSSL * Do not pollute CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 with LibreSSL While LibreSSL 3.4.0 supports more of TLSv1.3 API, the guard redefinition caused the X448 tests to run when not intended.
Merged upstream as pyca/cryptography#6360 and backported to this version. While here, remove remaining FreeBSD 11 cruft Approved by: fluffy (mentor), koobs (implicit: MAINTAINER_POLICY) Differential Revision: https://reviews.freebsd.org/D32281
Merged upstream as pyca/cryptography#6360 and backported to this version. While here, remove remaining FreeBSD 11 cruft Approved by: fluffy (mentor), koobs (implicit: MAINTAINER_POLICY) Differential Revision: https://reviews.freebsd.org/D32281 (cherry picked from commit 5b57210)
Merged upstream as pyca/cryptography#6360 and backported to this version. While here, remove remaining FreeBSD 11 cruft Approved by: fluffy (mentor), koobs (implicit: MAINTAINER_POLICY) Differential Revision: https://reviews.freebsd.org/D32281
* Add LibreSSL 3.4.0 to CI * Add a LibreSSL 3.4.0 guard Since LibreSSL 3.4.0 makes most of the TLSv1.3 API available, redefine CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 to LibreSSL versions below 3.4.0. * DTLS_get_data_mtu does not exist in LibreSSL * Only EVP_Digest{Sign,Verify} exist in LibreSSL 3.4.0+ * SSL_CTX_{set,get}_keylog_callback does not exist in LibreSSL * Do not pollute CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 with LibreSSL While LibreSSL 3.4.0 supports more of TLSv1.3 API, the guard redefinition caused the X448 tests to run when not intended.
LibreSSL 3.4.0 formally enabled their TLSv1.3 API implementation, so reflect the additional symbols here.