bpo-43794: OpenSSL 3.0.0: set OP_IGNORE_UNEXPECTED_EOF by default (GH-25309) Signed-off-by: Christian Heimes <christian@python.org>

commit: 6f37ebc61e9e0d13bcb1a2ddb7fc9723c04b6372 [log] [tgz]
author: Christian Heimes <christian@python.org> Fri Apr 09 17:59:21 2021 +0200
committer: GitHub <noreply@github.com> Fri Apr 09 17:59:21 2021 +0200
tree: 9628d3fbacd52f426f15aa90150542d1acd7cb9b
parent: 507a574de31a1bd7fed8ba4f04afa285d985109b [diff] [blame]
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 3ee61e3..c08665b 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c

@@ -3203,6 +3203,10 @@ _ssl__SSLContext_impl(PyTypeObject *type, int proto_version)
 #ifdef SSL_OP_SINGLE_ECDH_USE
     options |= SSL_OP_SINGLE_ECDH_USE;
 #endif
+#ifdef SSL_OP_IGNORE_UNEXPECTED_EOF
+    /* Make OpenSSL 3.0.0 behave like 1.1.1 */
+    options |= SSL_OP_IGNORE_UNEXPECTED_EOF;
+#endif
     SSL_CTX_set_options(self->ctx, options);
 
     /* A bare minimum cipher list without completely broken cipher suites.
@@ -6313,6 +6317,10 @@ sslmodule_init_constants(PyObject *m)
     PyModule_AddIntConstant(m, "OP_NO_RENEGOTIATION",
                             SSL_OP_NO_RENEGOTIATION);
 #endif
+#ifdef SSL_OP_IGNORE_UNEXPECTED_EOF
+    PyModule_AddIntConstant(m, "OP_IGNORE_UNEXPECTED_EOF",
+                            SSL_OP_IGNORE_UNEXPECTED_EOF);
+#endif
 
 #ifdef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
     PyModule_AddIntConstant(m, "HOSTFLAG_ALWAYS_CHECK_SUBJECT",
commit	6f37ebc61e9e0d13bcb1a2ddb7fc9723c04b6372	[log] [tgz]
author	Christian Heimes <christian@python.org>	Fri Apr 09 17:59:21 2021 +0200
committer	GitHub <noreply@github.com>	Fri Apr 09 17:59:21 2021 +0200
tree	9628d3fbacd52f426f15aa90150542d1acd7cb9b
parent	507a574de31a1bd7fed8ba4f04afa285d985109b [diff] [blame]