[issue32378] test_npn_protocols broken with LibreSSL 2.6.1+

Bernard Spil added the comment: See also https://github.com/python/cpython/pull/5343 Note: I am Sp1l on Github, spil here, CLA has been signed. -- nosy: +spil pull_requests: +5190 ___ Python tracker <https://bugs.python.org/issue32

[issue32378] test_npn_protocols broken with LibreSSL 2.6.1+

Bernard Spil added the comment: My pleasure! Glad we sorted this out for no-nextprotoneg and LibreSSL :D -- ___ Python tracker <https://bugs.python.org/issue32

[issue24557] Refactor LibreSSL / EGD detection

Bernard Spil added the comment: It's been a year since this was created. Can we move this forward? For the OpenSSL 1.1 changes, see https://github.com/openssl/openssl/blob/master/Configure#L363 (egd is disabled in the default configuration) and https://github.com/openssl/openssl/blob/m

[issue26470] Make OpenSSL module compatible with OpenSSL 1.1.0

Bernard Spil added the comment: Can you please replace the HAVE_RAND_EGD bits with OPENSSL_NO_EGD as defined by both OpenSSL 1.1 and LibreSSL? EGD default disabled https://github.com/openssl/openssl/blob/master/Configure#L363 EGD methods not available https://github.com/openssl/openssl/blob

[issue21356] Support LibreSSL (instead of OpenSSL): make RAND_egd optional

Bernard Spil added the comment: EGD was only necessary for some commercial UNIX systems, versions that needed it all reached end of life. It no longer makes sense to have any code referring to it. EGD needed untilOS release date IRIX6.5.19 feb 2003 Solaris

[issue21356] Support LibreSSL (instead of OpenSSL): make RAND_egd optional

Bernard Spil added the comment: Hi, I think this can be found in LibreSSL's opensslv.h An ifdef LIBRESSL_VERSION_NUMBER should work See https://github.com/libressl-portable/openbsd/blob/master/src/lib/libssl/src/crypto/opensslv.h _ssl.c includes crypto.h which in turn includes opens

[issue21356] Support LibreSSL (instead of OpenSSL): make RAND_egd optional

Bernard Spil added the comment: When configure is called with correct LDFLAGS and CPPFLAGS for LibreSSL these patches to configure, Modules/_ssl.c and Lib/_ssl.py will detect not having RAND_egd support in OpenSSL and make the build succeed. -- Added file: http://bugs.python.org

[issue21356] Support LibreSSL (instead of OpenSSL): make RAND_egd optional

Changes by Bernard Spil : Added file: http://bugs.python.org/file37300/patch-Lib_ssl.py ___ Python tracker <http://bugs.python.org/issue21356> ___ ___ Python-bugs-list m

[issue21356] Support LibreSSL (instead of OpenSSL): make RAND_egd optional

Changes by Bernard Spil : Added file: http://bugs.python.org/file37301/patch-Modules__ssl.c ___ Python tracker <http://bugs.python.org/issue21356> ___ ___ Python-bug

[issue21356] Support LibreSSL (instead of OpenSSL): make RAND_egd optional

Changes by Bernard Spil : Removed file: http://bugs.python.org/file37242/patch-Modules__ssl.c ___ Python tracker <http://bugs.python.org/issue21356> ___ ___ Python-bug

[issue21356] Support LibreSSL (instead of OpenSSL): make RAND_egd optional

Bernard Spil added the comment: Victor: That is a change that has been implemented in the downstream port to fix wxPython, see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=192365 this ended up in this patch as my primary objective was to fix it for the FreeBSD port. Antoine: Sorry, I&#

[issue21356] Support LibreSSL (instead of OpenSSL): make RAND_egd optional

Bernard Spil added the comment: Remove https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=192365 patch from this patch-set -- Added file: http://bugs.python.org/file37302/patch-configure.ac ___ Python tracker <http://bugs.python.org/issue21

[issue21356] Support LibreSSL (instead of OpenSSL): make RAND_egd optional

Changes by Bernard Spil : Removed file: http://bugs.python.org/file37299/patch-configure.ac ___ Python tracker <http://bugs.python.org/issue21356> ___ ___ Python-bug

[issue21356] Support LibreSSL (instead of OpenSSL): make RAND_egd optional

Bernard Spil added the comment: FAILED (failures=2, errors=2, skipped=5) That is OK, as these 2 tests should fail with LibreSSL since SSLv2 and SSLv3 support has been removed from LibreSSL. ERROR: test_protocol_sslv23 (__main__.ThreadedTests) ERROR: test_protocol_sslv3 (__main__.ThreadedTests

[issue21356] Support LibreSSL (instead of OpenSSL): make RAND_egd optional

Bernard Spil added the comment: Merged the patch from haypo back into the FreeBSD port for 2.7 at https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=192511 In the process I discovered during test_ssl that I had to patch Lib/socket.py as well to make RAND_egd conditional

[issue23177] test_ssl: failures on OpenBSD with LibreSSL

Bernard Spil added the comment: Note that the FreeBSD port modifies the OPENSSL_VERSION_NUMBER and sets the version number to 1.0.1g. https://svnweb.freebsd.org/ports?view=revision&revision=361642 -- nosy: +spil ___ Python tracker &

[issue23177] test_ssl: failures on OpenBSD with LibreSSL

Bernard Spil added the comment: LibreSSL defines in opensslv.h #define LIBRESSL_VERSION_NUMBER 0x2000L #define OPENSSL_VERSION_NUMBER 0x2000L And FreeBSD replaces #define OPENSSL_VERSION_NUMBER 0x1000107fL Proper way would be to check for LIBRESSL_VERSION_NUMBER string, FreeBSD

[issue24557] Refactor LibreSSL / EGD detection

New submission from Bernard Spil: LibreSSL added a define OPENSSL_NO_EGD to their headers in version 2.2.0 in line with the defines of the other removed features. These patches remove detection of RAND_egd from configure and replace the detection in the source code. -- messages

[issue24557] Refactor LibreSSL / EGD detection

Changes by Bernard Spil : Added file: http://bugs.python.org/file39852/patch-RAND_egd ___ Python tracker <http://bugs.python.org/issue24557> ___ ___ Python-bugs-list m

[issue24557] Refactor LibreSSL / EGD detection

Changes by Bernard Spil : -- versions: +Python 3.3, Python 3.4 ___ Python tracker <http://bugs.python.org/issue24557> ___ ___ Python-bugs-list mailing list Unsub

[issue23329] _ssl cannot be compiled with LibreSSL anymore (on OpenBSD 5.5) because of ALPN

Bernard Spil added the comment: ALPN was removed originally but added again later http://marc.info/?l=openbsd-announce&m=142193407304782 -- ___ Python tracker <http://bugs.python.org/iss

[issue23329] _ssl cannot be compiled with LibreSSL anymore (on OpenBSD 5.5) because of ALPN

Bernard Spil added the comment: Checking if the method is actually defined is the smart way to go >From include/openssl/tls1.h # define TLSEXT_TYPE_application_layer_protocol_negotiation So #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation would show you if the feature is availa

[issue24557] Refactor LibreSSL / EGD detection

Bernard Spil added the comment: This is now also required for the upcoming OpenSSL 1.1.0 which also removed EGD by default -- ___ Python tracker <http://bugs.python.org/issue24

[issue26470] Make OpenSSL module compatible with OpenSSL 1.1.0

Bernard Spil added the comment: Testing this patch on HardenedBSD/LibreSSL (base SSL libs replaced with LibreSSL) -- nosy: +spil ___ Python tracker <http://bugs.python.org/issue26

[issue26470] Make OpenSSL module compatible with OpenSSL 1.1.0

Bernard Spil added the comment: Checking version numbers to see if a feature is available is a bad practice. How can features ever be removed this way! Would be better to check for the feature itself (using autoconf). The patch was mostly OK but any check for OPENSSL_VERSION_NUMBER for now

[issue26470] Make OpenSSL module compatible with OpenSSL 1.1.0

Bernard Spil added the comment: Hi Christian, Great stuff! Please can you replace the HAVE_RAND_EGD ifdefs into OPENSSL_NO_EGD checks? Then the RAND_egd checks in configure.ac can also be removed. This was introduced by OpenSSL in https://github.com/openssl/openssl/commit

[issue26470] Make OpenSSL module compatible with OpenSSL 1.1.0

Bernard Spil added the comment: Sorry for the noise Christian, I thought the former EGD handling was still in place. That was fixed with https://github.com/python/cpython/commit/968ec1d29b44ca7a600df5984adff00a78392368 on 07 Jul 2016 -- ___ Python