[3.8] bpo-38820: OpenSSL 3.0.0 compatibility. (GH-17190) (GH-17499)
test_openssl_version now accepts version 3.0.0.
getpeercert() no longer returns IPv6 addresses with a trailing new line.
Signed-off-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue38820
(cherry picked from commit 2b7de6696bf2f924cd2cd9ff0a539c8aa37c6244)
Co-authored-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue38820
Automerge-Triggered-By: @tiran
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 6f1f9c8..43b236c 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -1410,6 +1410,54 @@
PyTuple_SET_ITEM(t, 1, v);
break;
+ case GEN_IPADD:
+ /* OpenSSL < 3.0.0 adds a trailing \n to IPv6. 3.0.0 removed
+ * the trailing newline. Remove it in all versions
+ */
+ t = PyTuple_New(2);
+ if (t == NULL)
+ goto fail;
+
+ v = PyUnicode_FromString("IP Address");
+ if (v == NULL) {
+ Py_DECREF(t);
+ goto fail;
+ }
+ PyTuple_SET_ITEM(t, 0, v);
+
+ if (name->d.ip->length == 4) {
+ unsigned char *p = name->d.ip->data;
+ v = PyUnicode_FromFormat(
+ "%d.%d.%d.%d",
+ p[0], p[1], p[2], p[3]
+ );
+ } else if (name->d.ip->length == 16) {
+ /* PyUnicode_FromFormat() does not support %X */
+ unsigned char *p = name->d.ip->data;
+ len = sprintf(
+ buf,
+ "%X:%X:%X:%X:%X:%X:%X:%X",
+ p[0] << 8 | p[1],
+ p[2] << 8 | p[3],
+ p[4] << 8 | p[5],
+ p[6] << 8 | p[7],
+ p[8] << 8 | p[9],
+ p[10] << 8 | p[11],
+ p[12] << 8 | p[13],
+ p[14] << 8 | p[15]
+ );
+ v = PyUnicode_FromStringAndSize(buf, len);
+ } else {
+ v = PyUnicode_FromString("<invalid>");
+ }
+
+ if (v == NULL) {
+ Py_DECREF(t);
+ goto fail;
+ }
+ PyTuple_SET_ITEM(t, 1, v);
+ break;
+
default:
/* for everything else, we use the OpenSSL print form */
switch (gntype) {
@@ -1417,7 +1465,6 @@
case GEN_OTHERNAME:
case GEN_X400:
case GEN_EDIPARTY:
- case GEN_IPADD:
case GEN_RID:
break;
default: