[Git][NTPsec/ntpsec][master] wafhelpers/tlscheck: Fix versions, add .py

James Browning gitlab at mg.gitlab.com
Sun Nov 22 12:49:33 UTC 2020



James Browning pushed to branch master at NTPsec / ntpsec


Commits:
73826ec6 by James Browning at 2020-11-22T12:41:34+00:00
wafhelpers/tlscheck: Fix versions, add .py


- - - - -


3 changed files:

- tests/option-tester.sh
- − wafhelpers/tlscheck
- + wafhelpers/tlscheck.py


Changes:

=====================================
tests/option-tester.sh
=====================================
@@ -38,7 +38,7 @@ then
     DISABLE_NTS="--disable-nts"
   fi
 else
-  if ! $PYTHON ../wafhelpers/tlscheck
+  if ! $PYTHON ../wafhelpers/tlscheck.py
   then
     DISABLE_NTS="--disable-nts"
   fi


=====================================
wafhelpers/tlscheck deleted
=====================================
@@ -1,19 +0,0 @@
-#! /usr/bin/env python
-import ctypes
-
-try:
-    tls = ctypes.CDLL('libssl.so')
-    tls.OpenSSL_version_num.restype = ctypes.c_ulong
-    ver = tls.OpenSSL_version_num() # unsigned long OpenSSL_version_num();
-    # MNNFFPPS: major minor fix patch status
-    maj = (ver & 0xf0000000) >> 28
-    if maj > 2:
-        exit(0)
-    elif maj == 2:
-        exit(1)
-    trip = ver & 0xfffffff0
-    if trip < 0x10100000 or trip == 0x101000010:
-        exit(1)
-    exit(0)
-except Exception:
-    exit(1)


=====================================
wafhelpers/tlscheck.py
=====================================
@@ -0,0 +1,53 @@
+#! /usr/bin/env python
+
+"""tlscheck - Helper for checking SSL library bits."""
+import ctypes
+import ctypes.util
+import sys
+ver, vers = 0, []
+try:
+    tls = ctypes.CDLL(ctypes.util.find_library('ssl'))
+except OSError:
+    sys.stderr.write('Could not find SSL library.\n')
+    sys.exit(1)
+
+tls.OpenSSL_version_num.restype = ctypes.c_ulong
+tls.OpenSSL_version.argtypes = [ctypes.c_int]
+tls.OpenSSL_version.restype = ctypes.c_char_p
+
+ver = tls.OpenSSL_version_num()  # unsigned long OpenSSL_version_num();
+
+_ = '%08x' % ver
+# OPENSSL_VERSION_NUMBER is a numeric release version identifier:
+# MNNFFPPS: major minor fix patch status
+for a, b in ((0, 1), (1, 3), (3, 5), (5, 7), (7, 8)):
+    vers.append(int(_[a:b], 16))
+
+polystr = str
+if str is not bytes:
+    def polystr(string):
+        """Convert bytes into a string."""
+        return str(string, encoding='latin-1')
+
+
+def ver_to_int(*va):
+    """Split the version number into parts."""
+    return int('%x%02x%02x%02x%x' % va, 16)
+
+
+def verstr():
+    """Return SSL library version string."""
+    return polystr(tls.OpenSSL_version(0))
+
+
+if __name__ == '__main__':
+    if vers[0] > 2:  # If notionally OpenSSL 3
+        sys.exit(0)
+    elif vers[0] == 2:  # If notionally OpenSSL 2
+        sys.exit(1)
+    # OPENSSL_VERSION_NUMBER is a numeric release version identifier:
+    # major minor fix patch status
+    # Check if version is earlier than 1.1.1b
+    if ver <= ver_to_int(1, 1, 1, 2, 15):
+        sys.exit(1)
+    sys.exit(0)



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/commit/73826ec6812308fb137ebeb4e6fe7c21448c7c4b

-- 
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/commit/73826ec6812308fb137ebeb4e6fe7c21448c7c4b
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20201122/2c111ee3/attachment-0001.htm>


More information about the vc mailing list