Closed
Conversation
The ssl module now contains a workaround for missing NPN support in LibreSSL 2.6.1. Upstream has removed NPN without setting OPENSSL_NO_NEXTPROTONEG.
tiran
added
type-bug
4a6f656c
reviewed
Jan 28, 2018
| * designated OPENSSL_NO_NEXTPROTONEG feature flag. See upstream issue | ||
| * https://github.com/libressl-portable/portable/issues/368 | ||
| */ | ||
| #if defined(LIBRESSL_VERSION_NUMBER) && !defined(TLSEXT_TYPE_next_proto_neg) |
There was a problem hiding this comment.
This is not really a LibreSSL quirk - due to various history, no one can set OPENSSL_NO_NEXTPROTONEG without breaking multiple open source projects (each in different ways). As such, I would strongly recommend conditioning on the availability of TLSEXT_TYPE_next_proto_neg, rather than trying to map this to OPENSSL_NO_NEXTPROTONEG.
If you wish to retain this approach, the comment above could at least be updated to explain why OPENSSL_NO_NEXTPROTONEG cannot be set via LibreSSL (or OpenSSL for that matter).
Member
Author
|
I'm closing my PR in favor of GH-5343 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The ssl module now contains a workaround for missing NPN support in LibreSSL
2.6.1. Upstream has removed NPN without setting OPENSSL_NO_NEXTPROTONEG.
Obsoletes PR #4930
See libressl/portable#368
https://bugs.python.org/issue32378