OpenSSL 1.1.0 compatibility fixes

- function check missed 1.1.0 release - TLS didn't work with anonymous ciphers
2017-01-14 17:47:57 +01:00 · 2017-01-14 17:47:57 +01:00 · 59b5ac3a61
commit 59b5ac3a61
parent 6247e1d3ea
2 changed files with 9 additions and 3 deletions
--- a/src/protocol.py
+++ b/src/protocol.py
@ -495,3 +495,9 @@ else:
    # this means TLSv1, there is no way to set "TLSv1 or higher" or
    # "TLSv1.2" in < 2.7.9
    sslProtocolVersion = ssl.PROTOCOL_TLSv1
+
+# ciphers
+if ssl.OPENSSL_VERSION_NUMBER >= 0x10100000
+    sslProtocolCiphers = "AECDH-AES256-SHA@SECLEVEL=0"
+else:
+    sslProtocolCiphers = "AECDH-AES256-SHA"
--- a/src/pyelliptic/openssl.py
+++ b/src/pyelliptic/openssl.py
@ -170,7 +170,7 @@ class _OpenSSL:
        self.EC_KEY_set_private_key.argtypes = [ctypes.c_void_p,
                                                ctypes.c_void_p]

-        if self._hexversion > 0x10100000:
+        if self._hexversion >= 0x10100000:
            self.EC_KEY_OpenSSL = self._lib.EC_KEY_OpenSSL
            self._lib.EC_KEY_OpenSSL.restype = ctypes.c_void_p
            self._lib.EC_KEY_OpenSSL.argtypes = []
@ -250,7 +250,7 @@ class _OpenSSL:
        self.EVP_rc4.restype = ctypes.c_void_p
        self.EVP_rc4.argtypes = []
 
-        if self._hexversion > 0x10100000:
+        if self._hexversion >= 0x10100000:
            self.EVP_CIPHER_CTX_reset = self._lib.EVP_CIPHER_CTX_reset
            self.EVP_CIPHER_CTX_reset.restype = ctypes.c_int
            self.EVP_CIPHER_CTX_reset.argtypes = [ctypes.c_void_p]
@ -306,7 +306,7 @@ class _OpenSSL:
        self.ECDSA_verify.argtypes = [ctypes.c_int, ctypes.c_void_p,
                                      ctypes.c_int, ctypes.c_void_p, ctypes.c_int, ctypes.c_void_p]

-        if self._hexversion > 0x10100000:
+        if self._hexversion >= 0x10100000:
            self.EVP_MD_CTX_new = self._lib.EVP_MD_CTX_new
            self.EVP_MD_CTX_new.restype = ctypes.c_void_p
            self.EVP_MD_CTX_new.argtypes = []