parent 7f3e4f9

author julianz- <julianrbrown@gmail.com> 1692386750 -0700 committer julianz- <julianrbrown@gmail.com> 1706310924 -0800 fix for problem caused by SSL_WANT_READ or SSL_WANT_WRITE errors. When SSL_WANT_READ or SSL_WANT_WRITE are encountered, it's typical to retry the call but this must be repeated with the exact same arguments. Without this change, openSSL requires that the address of the buffer passed is the same. However, buffers in python can change location in some circumstances which cause the retry to fail. By add the setting SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER, the requirement for the same buffer address is forgiven and the retry has a better chance of success. See cherrypy/cheroot#245 for discussion.
pyca · Jan 26, 2024 · 2e788b7 · 2e788b7
1 parent 4fcf1a8
commit 2e788b7
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 16 deletions.
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -4,6 +4,22 @@ Changelog
 Versions are year-based with a strict backward-compatibility policy.
 The third digit is only for regressions.
 
+24.1.0 (UNRELEASED)
+-------------------
+Backward-incompatible changes:
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+- ``pyOpenSSL`` now sets ``SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER`` by default, matching CPython's behavior. `#1287 <https://github.com/pyca/pyopenssl/pull/1287>`_.
+- The minimum ``cryptography`` version is now 42.0.0.
+
+Deprecations:
+^^^^^^^^^^^^^
+
+Changes:
+^^^^^^^^
+
+
+
 24.0.0 (2024-01-22)
 -------------------
 

diff --git a/setup.py b/setup.py
@@ -93,7 +93,7 @@ def find_meta(meta):
         packages=find_packages(where="src"),
         package_dir={"": "src"},
         install_requires=[
-	    "cryptography>=41.0.5,<43",
+            "cryptography>=42.0.0,<43",
         ],
         extras_require={
             "test": ["flaky", "pretend", "pytest>=3.0.1"],

diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py
@@ -163,20 +163,11 @@
 DTLS_SERVER_METHOD = 11
 DTLS_CLIENT_METHOD = 12
 
-try:
-    SSL3_VERSION = _lib.SSL3_VERSION
-    TLS1_VERSION = _lib.TLS1_VERSION
-    TLS1_1_VERSION = _lib.TLS1_1_VERSION
-    TLS1_2_VERSION = _lib.TLS1_2_VERSION
-    TLS1_3_VERSION = _lib.TLS1_3_VERSION
-except AttributeError:
-    # Hardcode constants for cryptography < 3.4, see
-    # https://github.com/pyca/pyopenssl/pull/985#issuecomment-775186682
-    SSL3_VERSION = 768
-    TLS1_VERSION = 769
-    TLS1_1_VERSION = 770
-    TLS1_2_VERSION = 771
-    TLS1_3_VERSION = 772
+SSL3_VERSION = _lib.SSL3_VERSION
+TLS1_VERSION = _lib.TLS1_VERSION
+TLS1_1_VERSION = _lib.TLS1_1_VERSION
+TLS1_2_VERSION = _lib.TLS1_2_VERSION
+TLS1_3_VERSION = _lib.TLS1_3_VERSION
 
 OP_NO_SSLv2 = _lib.SSL_OP_NO_SSLv2
 OP_NO_SSLv3 = _lib.SSL_OP_NO_SSLv3

diff --git a/tox.ini b/tox.ini
@@ -18,7 +18,7 @@ extras =
     test
 deps =
     coverage>=4.2
-    cryptographyMinimum: cryptography==41.0.5
+    cryptographyMinimum: cryptography==42.0.0
     randomorder: pytest-randomly
 setenv =
     # Do not allow the executing environment to pollute the test environment