bpo-41195: Add getter for Openssl security level (GH-21282)
Add an accessor under SSLContext.security_level as a wrapper around
SSL_CTX_get_security_level, see:
https://www.openssl.org/docs/manmaster/man3/SSL_CTX_get_security_level.html
------
This is my first time contributing, so please pull me up on all the things I missed or did incorrectly.
Automerge-Triggered-By: @tiran
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index a8c339d..55a95dd 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -3746,6 +3746,15 @@
"Control the number of TLSv1.3 session tickets");
#endif /* OpenSSL 1.1.1 */
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)
+static PyObject *
+get_security_level(PySSLContext *self, void *c)
+{
+ return PyLong_FromLong(SSL_CTX_get_security_level(self->ctx));
+}
+PyDoc_STRVAR(PySSLContext_security_level_doc, "The current security level");
+#endif /* OpenSSL 1.1.0 */
+
static PyObject *
get_options(PySSLContext *self, void *c)
{
@@ -4793,6 +4802,10 @@
(setter) set_verify_flags, NULL},
{"verify_mode", (getter) get_verify_mode,
(setter) set_verify_mode, NULL},
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)
+ {"security_level", (getter) get_security_level,
+ NULL, PySSLContext_security_level_doc},
+#endif
{NULL}, /* sentinel */
};