python3: Fix compilation without deprecated APIs

This is based on upstream work here: https://github.com/python/cpython/pull/3934 and https://github.com/python/cpython/pull/39430 First patch was kept as is (just rebased) while the second was combined into one. Signed-off-by: Rosen Penev <rosenp@gmail.com>
2025-12-19 09:01:22 +00:00 · 2019-05-19 14:25:00 -07:00
parent 802d9e3460
commit d869dc8010
3 changed files with 287 additions and 1 deletions
--- a/lang/python/python3/patches/021-openssl-deprecated.patch
+++ b/lang/python/python3/patches/021-openssl-deprecated.patch
@@ -0,0 +1,63 @@
+--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
+@@ -201,6 +202,11 @@ static void _PySSLFixErrno(void) {
+ #define TLS_method SSLv23_method
+ #define TLS_client_method SSLv23_client_method
+ #define TLS_server_method SSLv23_server_method
+#define X509_getm_notBefore X509_get_notBefore
+#define X509_getm_notAfter X509_get_notAfter
+#define OpenSSL_version_num SSLeay
+#define OpenSSL_version SSLeay_version
+#define OPENSSL_VERSION SSLEAY_VERSION
+ 
+ static int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne)
+ {
+@@ -1677,7 +1683,7 @@ _decode_certificate(X509 *certificate) {
+     Py_DECREF(sn_obj);
+ 
+     (void) BIO_reset(biobuf);
+-    notBefore = X509_get_notBefore(certificate);
+    notBefore = X509_getm_notBefore(certificate);
+     ASN1_TIME_print(biobuf, notBefore);
+     len = BIO_gets(biobuf, buf, sizeof(buf)-1);
+     if (len < 0) {
+@@ -1694,7 +1700,7 @@ _decode_certificate(X509 *certificate) {
+     Py_DECREF(pnotBefore);
+ 
+     (void) BIO_reset(biobuf);
+-    notAfter = X509_get_notAfter(certificate);
+    notAfter = X509_getm_notAfter(certificate);
+     ASN1_TIME_print(biobuf, notAfter);
+     len = BIO_gets(biobuf, buf, sizeof(buf)-1);
+     if (len < 0) {
+@@ -3235,7 +3241,7 @@ _ssl__SSLContext_impl(PyTypeObject *type, int proto_version)
+        conservative and assume it wasn't fixed until release. We do this check
+        at runtime to avoid problems from the dynamic linker.
+        See #25672 for more on this. */
+-    libver = SSLeay();
+    libver = OpenSSL_version_num();
+     if (!(libver >= 0x10001000UL && libver < 0x1000108fUL) &&
+         !(libver >= 0x10000000UL && libver < 0x100000dfUL)) {
+         SSL_CTX_set_mode(self->ctx, SSL_MODE_RELEASE_BUFFERS);
+@@ -6403,10 +6409,10 @@ PyInit__ssl(void)
+         return NULL;
+ 
+     /* OpenSSL version */
+-    /* SSLeay() gives us the version of the library linked against,
+    /* OpenSSL_version_num() gives us the version of the library linked against,
+        which could be different from the headers version.
+     */
+-    libver = SSLeay();
+    libver = OpenSSL_version_num();
+     r = PyLong_FromUnsignedLong(libver);
+     if (r == NULL)
+         return NULL;
+@@ -6416,7 +6422,7 @@ PyInit__ssl(void)
+     r = Py_BuildValue("IIIII", major, minor, fix, patch, status);
+     if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION_INFO", r))
+         return NULL;
+-    r = PyUnicode_FromString(SSLeay_version(SSLEAY_VERSION));
+    r = PyUnicode_FromString(OpenSSL_version(OPENSSL_VERSION));
+     if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION", r))
+         return NULL;
+