|
 |
2d7806 |
diff -r -u python-nss-0.16.0.orig/doc/examples/ssl_version_range.py python-nss-0.16.0/doc/examples/ssl_version_range.py
|
|
|
2d7806 |
--- python-nss-0.16.0.orig/doc/examples/ssl_version_range.py 2014-11-25 12:20:58.744325434 -0500
|
|
|
2d7806 |
+++ python-nss-0.16.0/doc/examples/ssl_version_range.py 2014-11-25 14:50:42.530189512 -0500
|
|
|
2d7806 |
@@ -96,13 +96,12 @@
|
|
|
2d7806 |
|
|
|
2d7806 |
names = [
|
|
|
2d7806 |
'ssl2', 'ssl3',
|
|
|
2d7806 |
- 'tls1.0', 'tls1.1', 'tls1.2', 'tls1.3',
|
|
|
2d7806 |
+ 'tls1.0', 'tls1.1', 'tls1.2',
|
|
|
2d7806 |
'SSL_LIBRARY_VERSION_2',
|
|
|
2d7806 |
'SSL_LIBRARY_VERSION_3_0',
|
|
|
2d7806 |
'SSL_LIBRARY_VERSION_TLS_1_0',
|
|
|
2d7806 |
'SSL_LIBRARY_VERSION_TLS_1_1',
|
|
|
2d7806 |
'SSL_LIBRARY_VERSION_TLS_1_2',
|
|
|
2d7806 |
- 'SSL_LIBRARY_VERSION_TLS_1_3',
|
|
|
2d7806 |
]
|
|
|
2d7806 |
|
|
|
2d7806 |
print
|
|
|
2d7806 |
diff -r -u python-nss-0.16.0.orig/src/py_ssl.c python-nss-0.16.0/src/py_ssl.c
|
|
|
2d7806 |
--- python-nss-0.16.0.orig/src/py_ssl.c 2014-11-25 12:20:58.766325459 -0500
|
|
|
2d7806 |
+++ python-nss-0.16.0/src/py_ssl.c 2014-11-25 14:49:47.032128344 -0500
|
|
|
2d7806 |
@@ -193,9 +193,11 @@
|
|
|
2d7806 |
case 3:
|
|
|
2d7806 |
version_enum = SSL_LIBRARY_VERSION_TLS_1_2;
|
|
|
2d7806 |
break;
|
|
|
2d7806 |
+#if (NSS_VMAJOR > 3) || (NSS_VMAJOR == 3 && NSS_VMINOR >= 17)
|
|
|
2d7806 |
case 4:
|
|
|
2d7806 |
version_enum = SSL_LIBRARY_VERSION_TLS_1_3;
|
|
|
2d7806 |
break;
|
|
|
2d7806 |
+#endif
|
|
|
2d7806 |
default:
|
|
|
2d7806 |
PyErr_Format(PyExc_ValueError,
|
|
|
2d7806 |
"Verson %d.%d has unkown minor version",
|
|
|
2d7806 |
@@ -4411,7 +4413,9 @@
|
|
|
2d7806 |
ExportConstant(SSL_LIBRARY_VERSION_TLS_1_0);
|
|
|
2d7806 |
ExportConstant(SSL_LIBRARY_VERSION_TLS_1_1);
|
|
|
2d7806 |
ExportConstant(SSL_LIBRARY_VERSION_TLS_1_2);
|
|
|
2d7806 |
+#if (NSS_VMAJOR > 3) || (NSS_VMAJOR == 3 && NSS_VMINOR >= 17)
|
|
|
2d7806 |
ExportConstant(SSL_LIBRARY_VERSION_TLS_1_3);
|
|
|
2d7806 |
+#endif
|
|
|
2d7806 |
|
|
|
2d7806 |
|
|
|
2d7806 |
if ((ssl_library_version_alias_to_value = PyDict_New()) == NULL) {
|
|
|
2d7806 |
@@ -4430,7 +4434,9 @@
|
|
|
2d7806 |
ExportConstantAlias(SSL_LIBRARY_VERSION_TLS_1_0, "tls1.0");
|
|
|
2d7806 |
ExportConstantAlias(SSL_LIBRARY_VERSION_TLS_1_1, "tls1.1");
|
|
|
2d7806 |
ExportConstantAlias(SSL_LIBRARY_VERSION_TLS_1_2, "tls1.2");
|
|
|
2d7806 |
+#if (NSS_VMAJOR > 3) || (NSS_VMAJOR == 3 && NSS_VMINOR >= 17)
|
|
|
2d7806 |
ExportConstantAlias(SSL_LIBRARY_VERSION_TLS_1_3, "tls1.3");
|
|
|
2d7806 |
+#endif
|
|
|
2d7806 |
|
|
|
2d7806 |
|
|
|
2d7806 |
#undef ExportConstant
|
|
|
2d7806 |
@@ -4639,7 +4645,9 @@
|
|
|
2d7806 |
/* TLS_FALLBACK_SCSV is a signaling cipher suite value that indicates that a
|
|
|
2d7806 |
* handshake is the result of TLS version fallback.
|
|
|
2d7806 |
*/
|
|
|
2d7806 |
+#if (NSS_VMAJOR > 3) || (NSS_VMAJOR == 3 && NSS_VMINOR >= 17)
|
|
|
2d7806 |
ExportConstant(TLS_FALLBACK_SCSV);
|
|
|
2d7806 |
+#endif
|
|
|
2d7806 |
|
|
|
2d7806 |
/* Cipher Suite Values starting with 0xC000 are defined in informational
|
|
|
2d7806 |
* RFCs.
|
|
|
2d7806 |
diff -r -u python-nss-0.16.0.orig/src/SSLerrs.h python-nss-0.16.0/src/SSLerrs.h
|
|
|
2d7806 |
--- python-nss-0.16.0.orig/src/SSLerrs.h 2014-11-25 12:20:58.766325459 -0500
|
|
|
2d7806 |
+++ python-nss-0.16.0/src/SSLerrs.h 2014-11-25 14:49:47.033128345 -0500
|
|
|
2d7806 |
@@ -419,6 +419,8 @@
|
|
|
2d7806 |
ER3(SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL, (SSL_ERROR_BASE + 130),
|
|
|
2d7806 |
"The server supports no protocols that the client advertises in the ALPN extension.")
|
|
|
2d7806 |
|
|
|
2d7806 |
+#if (NSS_VMAJOR > 3) || (NSS_VMAJOR == 3 && NSS_VMINOR >= 17)
|
|
|
2d7806 |
ER3(SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT, (SSL_ERROR_BASE + 131),
|
|
|
2d7806 |
"The server rejected the handshake because the client downgraded to a lower "
|
|
|
2d7806 |
"TLS version than the server supports.")
|
|
|
2d7806 |
+#endif
|