diff options
| author | Cory Benfield <lukasaoz@gmail.com> | 2015-12-14 08:35:20 +0000 |
|---|---|---|
| committer | Cory Benfield <lukasaoz@gmail.com> | 2015-12-14 08:35:20 +0000 |
| commit | 90c6a53a885dd5c66992309e0af98ac554f1bb97 (patch) | |
| tree | c7220943919e2b8795365f45c417d7c4359c0f50 | |
| parent | 891844881e40b767bce3594043c68bf109e99b19 (diff) | |
| download | cryptography-90c6a53a885dd5c66992309e0af98ac554f1bb97.tar.gz cryptography-90c6a53a885dd5c66992309e0af98ac554f1bb97.tar.bz2 cryptography-90c6a53a885dd5c66992309e0af98ac554f1bb97.zip | |
Remove SSLv2 bindings.
This commit removes bindings that allow users to set SSLv2 handshake
methods. These are regarded as unnecessary and out-of-date: see #2527.
This commit does leave in a few options that refer to SSLv2 in order to
avoid breaking deployments that rely on them, and in order to allow
users to continue to request that SSLv2 not be enabled at all in their
OpenSSL.
| -rw-r--r-- | src/_cffi_src/openssl/ssl.py | 17 | ||||
| -rw-r--r-- | src/cryptography/hazmat/bindings/openssl/_conditional.py | 6 |
2 files changed, 1 insertions, 22 deletions
diff --git a/src/_cffi_src/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py index 83a7386f..4d66f6cd 100644 --- a/src/_cffi_src/openssl/ssl.py +++ b/src/_cffi_src/openssl/ssl.py @@ -301,15 +301,6 @@ unsigned long SSL_CTX_add_extra_chain_cert(SSL_CTX *, X509 *); /* methods */ -/* SSLv2 support is compiled out of some versions of OpenSSL. These will - * get special support when we generate the bindings so that if they are - * available they will be wrapped, but if they are not they won't cause - * problems (like link errors). - */ -const SSL_METHOD *SSLv2_method(void); -const SSL_METHOD *SSLv2_server_method(void); -const SSL_METHOD *SSLv2_client_method(void); - /* * TLSv1_1 and TLSv1_2 are recent additions. Only sufficiently new versions of * OpenSSL support them. @@ -441,14 +432,8 @@ const long SSL_OP_LEGACY_SERVER_CONNECT = 0; #else static const long Cryptography_HAS_SECURE_RENEGOTIATION = 1; #endif -#ifdef OPENSSL_NO_SSL2 + static const long Cryptography_HAS_SSL2 = 0; -SSL_METHOD* (*SSLv2_method)(void) = NULL; -SSL_METHOD* (*SSLv2_client_method)(void) = NULL; -SSL_METHOD* (*SSLv2_server_method)(void) = NULL; -#else -static const long Cryptography_HAS_SSL2 = 1; -#endif #ifdef OPENSSL_NO_SSL3_METHOD static const long Cryptography_HAS_SSL3_METHOD = 0; diff --git a/src/cryptography/hazmat/bindings/openssl/_conditional.py b/src/cryptography/hazmat/bindings/openssl/_conditional.py index dad37436..206c2915 100644 --- a/src/cryptography/hazmat/bindings/openssl/_conditional.py +++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py @@ -276,12 +276,6 @@ CONDITIONAL_NAMES = { "TLSv1_2_client_method", ], - "Cryptography_HAS_SSL2": [ - "SSLv2_method", - "SSLv2_client_method", - "SSLv2_server_method", - ], - "Cryptography_HAS_SSL3_METHOD": [ "SSLv3_method", "SSLv3_client_method", |