Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support LibreSSL 3.4.0 #6360

Merged
merged 6 commits into from
Oct 3, 2021
Merged

Support LibreSSL 3.4.0 #6360

merged 6 commits into from
Oct 3, 2021

Conversation

vishwin
Copy link
Contributor

@vishwin vishwin commented Oct 3, 2021

LibreSSL 3.4.0 formally enabled their TLSv1.3 API implementation, so reflect the additional symbols here.

@vishwin
Add LibreSSL 3.4.0 to CI
4e16618
@vishwin
Add a LibreSSL 3.4.0 guard
5491472 
Since LibreSSL 3.4.0 makes most of the TLSv1.3 API available, redefine CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 to LibreSSL versions below 3.4.0.
@vishwin
DTLS_get_data_mtu does not exist in LibreSSL
5ebc913
@vishwin
Only EVP_Digest{Sign,Verify} exist in LibreSSL 3.4.0+
31476a4
@vishwin
SSL_CTX_{set,get}_keylog_callback does not exist in LibreSSL
b75e999
@vishwin
Do not pollute CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 with LibreSSL
01ea8a2 
While LibreSSL 3.4.0 supports more of TLSv1.3 API, the guard redefinition caused the X448 tests to run when not intended.
alex
alex reviewed Oct 3, 2021
View reviewed changes
Copy link
Member

@alex alex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

src/_cffi_src/openssl/cryptography.py
Comment on lines +36 to +37
#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 \
(LIBRESSL_VERSION_NUMBER < 0x3040000f)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sort this below the 332 define

.github/workflows/ci.yml
Comment on lines 40 to 41
- {VERSION: "3.9", TOXENV: "py39", OPENSSL: {TYPE: "libressl", VERSION: "3.2.6"}}
- {VERSION: "3.9", TOXENV: "py39", OPENSSL: {TYPE: "libressl", VERSION: "3.3.4"}}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While you're here, would you mind bumpming these to 3.2.7 and 3.3.5 respectively?

alex
alex approved these changes Oct 3, 2021
View reviewed changes
Copy link
Member

@alex alex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On second thought, let's just merge :-)

@alex alex merged commit 5c2fe56 into pyca:main Oct 3, 2021
vishwin added a commit to vishwin/py-cryptography that referenced this pull request Oct 3, 2021
@vishwin
Support LibreSSL 3.4.0 (pyca#6360)
7a341a5 
* Add LibreSSL 3.4.0 to CI

* Add a LibreSSL 3.4.0 guard

Since LibreSSL 3.4.0 makes most of the TLSv1.3 API available, redefine CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 to LibreSSL versions below 3.4.0.

* DTLS_get_data_mtu does not exist in LibreSSL

* Only EVP_Digest{Sign,Verify} exist in LibreSSL 3.4.0+

* SSL_CTX_{set,get}_keylog_callback does not exist in LibreSSL

* Do not pollute CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 with LibreSSL

While LibreSSL 3.4.0 supports more of TLSv1.3 API, the guard redefinition caused the X448 tests to run when not intended.
vishwin added a commit to vishwin/freebsd-ports that referenced this pull request Oct 4, 2021
@vishwin
security/py-cryptography: support LibreSSL 3.4.0
5b57210 
Merged upstream as pyca/cryptography#6360
and backported to this version.

While here, remove remaining FreeBSD 11 cruft

Approved by: fluffy (mentor), koobs (implicit: MAINTAINER_POLICY)
Differential Revision: https://reviews.freebsd.org/D32281
freebsd-git pushed a commit to freebsd/freebsd-ports that referenced this pull request Oct 5, 2021
@vishwin
security/py-cryptography: support LibreSSL 3.4.0
929ee09 
Merged upstream as pyca/cryptography#6360
and backported to this version.

While here, remove remaining FreeBSD 11 cruft

Approved by: fluffy (mentor), koobs (implicit: MAINTAINER_POLICY)
Differential Revision: https://reviews.freebsd.org/D32281

(cherry picked from commit 5b57210)
tcberner pushed a commit to freebsd/freebsd-ports-kde that referenced this pull request Oct 8, 2021
@vishwin @tcberner
security/py-cryptography: support LibreSSL 3.4.0
aa571a5 
Merged upstream as pyca/cryptography#6360
and backported to this version.

While here, remove remaining FreeBSD 11 cruft

Approved by: fluffy (mentor), koobs (implicit: MAINTAINER_POLICY)
Differential Revision: https://reviews.freebsd.org/D32281
vishwin added a commit to vishwin/py-cryptography that referenced this pull request Aug 10, 2022
@vishwin
Support LibreSSL 3.4.0 (pyca#6360)
73d411a 
* Add LibreSSL 3.4.0 to CI

* Add a LibreSSL 3.4.0 guard

Since LibreSSL 3.4.0 makes most of the TLSv1.3 API available, redefine CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 to LibreSSL versions below 3.4.0.

* DTLS_get_data_mtu does not exist in LibreSSL

* Only EVP_Digest{Sign,Verify} exist in LibreSSL 3.4.0+

* SSL_CTX_{set,get}_keylog_callback does not exist in LibreSSL

* Do not pollute CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 with LibreSSL

While LibreSSL 3.4.0 supports more of TLSv1.3 API, the guard redefinition caused the X448 tests to run when not intended.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alex alex alex approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@vishwin @alex