bpo-43799: OpenSSL 3.0.0: declare OPENSSL_API_COMPAT 1.1.1 (GH-25329)
Signed-off-by: Christian Heimes <christian@python.org>
diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c
index ef927ab..272df35 100644
--- a/Modules/_hashopenssl.c
+++ b/Modules/_hashopenssl.c
@@ -11,20 +11,26 @@
*
*/
+/* Don't warn about deprecated functions, */
+#ifndef OPENSSL_API_COMPAT
+ // 0x10101000L == 1.1.1, 30000 == 3.0.0
+ #define OPENSSL_API_COMPAT 0x10101000L
+#endif
+#define OPENSSL_NO_DEPRECATED 1
+
#define PY_SSIZE_T_CLEAN
#include "Python.h"
#include "hashlib.h"
#include "pystrhex.h"
-
/* EVP is the preferred interface to hashing in OpenSSL */
#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <openssl/crypto.h>
/* We use the object interface to discover what hashes OpenSSL supports. */
#include <openssl/objects.h>
-#include "openssl/err.h"
+#include <openssl/err.h>
#include <openssl/crypto.h> // FIPS_mode()
@@ -1862,12 +1868,11 @@ _hashlib_get_fips_mode_impl(PyObject *module)
/*[clinic end generated code: output=87eece1bab4d3fa9 input=2db61538c41c6fef]*/
{
- int result;
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- result = EVP_default_properties_is_fips_enabled(NULL);
+ return EVP_default_properties_is_fips_enabled(NULL);
#else
ERR_clear_error();
- result = FIPS_mode();
+ int result = FIPS_mode();
if (result == 0) {
// "If the library was built without support of the FIPS Object Module,
// then the function will return 0 with an error code of
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index c08665b..d2b257e 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -14,6 +14,13 @@
http://bugs.python.org/issue8108#msg102867 ?
*/
+/* Don't warn about deprecated functions, */
+#ifndef OPENSSL_API_COMPAT
+ // 0x10101000L == 1.1.1, 30000 == 3.0.0
+ #define OPENSSL_API_COMPAT 0x10101000L
+#endif
+#define OPENSSL_NO_DEPRECATED 1
+
#define PY_SSIZE_T_CLEAN
#include "Python.h"
@@ -43,14 +50,6 @@ static PySocketModule_APIObject PySocketModule;
#include <sys/poll.h>
#endif
-/* Don't warn about deprecated functions */
-#ifdef __GNUC__
-#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
-#endif
-#ifdef __clang__
-#pragma clang diagnostic ignored "-Wdeprecated-declarations"
-#endif
-
/* Include OpenSSL header files */
#include "openssl/rsa.h"
#include "openssl/crypto.h"
@@ -148,24 +147,20 @@ static void _PySSLFixErrno(void) {
# define PY_OPENSSL_1_1_API 1
#endif
-/* OpenSSL API compat */
-#ifdef OPENSSL_API_COMPAT
-#if OPENSSL_API_COMPAT >= 0x10100000L
-
-/* OpenSSL API 1.1.0+ does not include version methods */
+/* OpenSSL API 1.1.0+ does not include version methods. Define the methods
+ * unless OpenSSL is compiled without the methods. It's the easiest way to
+ * make 1.0.2, 1.1.0, 1.1.1, and 3.0.0 happy without deprecation warnings.
+ */
#ifndef OPENSSL_NO_TLS1_METHOD
-#define OPENSSL_NO_TLS1_METHOD 1
+extern const SSL_METHOD *TLSv1_method(void);
#endif
#ifndef OPENSSL_NO_TLS1_1_METHOD
-#define OPENSSL_NO_TLS1_1_METHOD 1
+extern const SSL_METHOD *TLSv1_1_method(void);
#endif
#ifndef OPENSSL_NO_TLS1_2_METHOD
-#define OPENSSL_NO_TLS1_2_METHOD 1
+extern const SSL_METHOD *TLSv1_2_method(void);
#endif
-#endif /* >= 1.1.0 compcat */
-#endif /* OPENSSL_API_COMPAT */
-
/* LibreSSL 2.7.0 provides necessary OpenSSL 1.1.0 APIs */
#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x2070000fL
# define PY_OPENSSL_1_1_API 1