Skip to content

Commit d0fee9c

Browse files
rickpricerickprice
committed
CVE-2023-40217 Add the definitions Python needs to know about the new methods
1 parent 975a51b commit d0fee9c

File tree

1 file changed

+31
-23
lines changed

1 file changed

+31
-23
lines changed

Modules/_ssl.c

Lines changed: 31 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -2125,6 +2125,36 @@ If the TLS handshake is not yet complete, None is returned");
21252125

21262126
#endif /* HAVE_OPENSSL_FINISHED */
21272127

2128+
/*[clinic input]
2129+
_ssl._SSLSocket.verify_client_post_handshake
2130+
2131+
Initiate TLS 1.3 post-handshake authentication
2132+
[clinic start generated code]*/
2133+
2134+
PyDoc_STRVAR(_ssl__SSLSocket_verify_client_post_handshake__doc__,
2135+
"verify_client_post_handshake($self, /)\n"
2136+
"--\n"
2137+
"\n"
2138+
"Initiate TLS 1.3 post-handshake authentication");
2139+
2140+
static PyObject *
2141+
_ssl__SSLSocket_verify_client_post_handshake_impl(PySSLSocket *self)
2142+
/*[clinic end generated code: output=532147f3b1341425 input=6bfa874810a3d889]*/
2143+
{
2144+
#ifdef TLS1_3_VERSION
2145+
int err = SSL_verify_client_post_handshake(self->ssl);
2146+
if (err == 0)
2147+
return _setSSLError(NULL, 0, __FILE__, __LINE__);
2148+
else
2149+
Py_RETURN_NONE;
2150+
#else
2151+
PyErr_SetString(PyExc_NotImplementedError,
2152+
"Post-handshake auth is not supported by your "
2153+
"OpenSSL version.");
2154+
return NULL;
2155+
#endif
2156+
}
2157+
21282158
static PyGetSetDef ssl_getsetlist[] = {
21292159
{"context", (getter) PySSL_get_context,
21302160
(setter) PySSL_set_context, PySSL_set_context_doc},
@@ -2156,6 +2186,7 @@ static PyMethodDef PySSLMethods[] = {
21562186
{"tls_unique_cb", (PyCFunction)PySSL_tls_unique_cb, METH_NOARGS,
21572187
PySSL_tls_unique_cb_doc},
21582188
#endif
2189+
{"verify_client_post_handshake", (PyCFunction)_ssl__SSLSocket_verify_client_post_handshake_impl, METH_NOARGS, _ssl__SSLSocket_verify_client_post_handshake__doc__},
21592190
{NULL, NULL}
21602191
};
21612192

@@ -4611,26 +4642,3 @@ init_ssl(void)
46114642
return;
46124643
}
46134644

4614-
/*[clinic input]
4615-
_ssl._SSLSocket.verify_client_post_handshake
4616-
4617-
Initiate TLS 1.3 post-handshake authentication
4618-
[clinic start generated code]*/
4619-
4620-
static PyObject *
4621-
_ssl__SSLSocket_verify_client_post_handshake_impl(PySSLSocket *self)
4622-
/*[clinic end generated code: output=532147f3b1341425 input=6bfa874810a3d889]*/
4623-
{
4624-
#ifdef TLS1_3_VERSION
4625-
int err = SSL_verify_client_post_handshake(self->ssl);
4626-
if (err == 0)
4627-
return _setSSLError(NULL, 0, __FILE__, __LINE__);
4628-
else
4629-
Py_RETURN_NONE;
4630-
#else
4631-
PyErr_SetString(PyExc_NotImplementedError,
4632-
"Post-handshake auth is not supported by your "
4633-
"OpenSSL version.");
4634-
return NULL;
4635-
#endif
4636-
}

0 commit comments

Comments
 (0)