diff options
author | Oleg Pudeyev <p@users.noreply.github.com> | 2022-01-11 14:21:28 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-01-11 14:21:28 -0500 |
commit | 997935f48e6bdd59e585726a8bfa57f337d858ed (patch) | |
tree | f51f7d14fc7ed7dadb8f83c05d7bccd93ce7e495 | |
parent | 121169921ded16579ea282c666ea668e5f708219 (diff) | |
parent | 3adfed3d2ce2a2ed6ee1f64f2457fac3aec86c91 (diff) | |
download | pycurl-997935f48e6bdd59e585726a8bfa57f337d858ed.tar.gz |
Merge pull request #701 from swt2c/secure_transport
Add support for SecureTransport SSL backend
-rw-r--r-- | INSTALL.rst | 4 | ||||
-rw-r--r-- | setup.py | 18 | ||||
-rw-r--r-- | src/module.c | 3 | ||||
-rw-r--r-- | src/pycurl.h | 5 | ||||
-rw-r--r-- | tests/fake-curl/libcurl/Makefile | 8 | ||||
-rw-r--r-- | tests/option_constants_test.py | 8 | ||||
-rw-r--r-- | tests/util.py | 2 |
7 files changed, 37 insertions, 11 deletions
diff --git a/INSTALL.rst b/INSTALL.rst index ffc8030..89b868e 100644 --- a/INSTALL.rst +++ b/INSTALL.rst @@ -53,7 +53,7 @@ It will then fail at runtime as follows:: To fix this, you need to tell ``setup.py`` what SSL backend is used:: - python setup.py --with-[openssl|gnutls|nss|mbedtls|wolfssl] install + python setup.py --with-[openssl|gnutls|nss|mbedtls|wolfssl|sectransp] install Note: as of PycURL 7.21.5, setup.py accepts ``--with-openssl`` option to indicate that libcurl is built against OpenSSL/LibreSSL/BoringSSL. @@ -86,7 +86,7 @@ environment variable:: The same applies to the SSL backend, if you need to specify it (see the SSL note above):: - export PYCURL_SSL_LIBRARY=[openssl|gnutls|nss|mbedtls] + export PYCURL_SSL_LIBRARY=[openssl|gnutls|nss|mbedtls|sectransp] easy_install pycurl @@ -145,6 +145,7 @@ class ExtensionConfiguration(object): '--with-gnutls': self.using_gnutls, '--with-nss': self.using_nss, '--with-mbedtls': self.using_mbedtls, + '--with-sectransp': self.using_sectransp, } def detect_ssl_option(self): @@ -162,7 +163,7 @@ class ExtensionConfiguration(object): if 'PYCURL_SSL_LIBRARY' in os.environ: ssl_lib = os.environ['PYCURL_SSL_LIBRARY'] - if ssl_lib in ['openssl', 'wolfssl', 'gnutls', 'nss', 'mbedtls']: + if ssl_lib in ['openssl', 'wolfssl', 'gnutls', 'nss', 'mbedtls', 'sectransp']: ssl_lib_detected = ssl_lib getattr(self, 'using_%s' % ssl_lib)() else: @@ -326,8 +327,9 @@ class ExtensionConfiguration(object): sys.stderr.write('''\ Warning: libcurl is configured to use SSL, but we have not been able to \ determine which SSL backend it is using. If your Curl is built against \ -OpenSSL, LibreSSL, BoringSSL, GnuTLS, NSS or mbedTLS please specify the SSL backend \ -manually. For other SSL backends please ignore this message.''') +OpenSSL, LibreSSL, BoringSSL, GnuTLS, NSS, mbedTLS, or Secure Transport \ +please specify the SSL backend manually. For other SSL backends please \ +ignore this message.''') else: if self.detect_ssl_option(): sys.stderr.write("Warning: SSL backend specified manually but libcurl does not use SSL\n") @@ -371,6 +373,9 @@ manually. For other SSL backends please ignore this message.''') elif ssl_version.startswith('mbedTLS/'): self.using_mbedtls() ssl_lib_detected = 'mbedtls' + elif ssl_version.startswith('SecureTransport'): + self.using_sectransp() + ssl_lib_detected = 'sectransp' return ssl_lib_detected def detect_ssl_lib_on_centos6_plus(self): @@ -572,6 +577,11 @@ manually. For other SSL backends please ignore this message.''') self.define_macros.append(('HAVE_CURL_SSL', 1)) self.ssl_lib_detected = 'mbedtls' + def using_sectransp(self): + self.define_macros.append(('HAVE_CURL_SECTRANSP', 1)) + self.define_macros.append(('HAVE_CURL_SSL', 1)) + self.ssl_lib_detected = 'sectransp' + def get_bdist_msi_version_hack(): # workaround for distutils/msi version requirement per # epydoc.sourceforge.net/stdlib/distutils.version.StrictVersion-class.html - @@ -627,6 +637,7 @@ PRETTY_SSL_LIBS = { 'gnutls': 'GnuTLS', 'nss': 'NSS', 'mbedtls': 'mbedTLS', + 'sectransp': 'Secure Transport', } def get_extension(argv, split_extension_source=False): @@ -954,6 +965,7 @@ PycURL Unix options: --with-nss libcurl is linked against NSS --with-mbedtls libcurl is linked against mbedTLS --with-wolfssl libcurl is linked against wolfSSL + --with-sectransp libcurl is linked against Secure Transport ''' windows_help = '''\ diff --git a/src/module.c b/src/module.c index 2331168..cfc257a 100644 --- a/src/module.c +++ b/src/module.c @@ -374,6 +374,7 @@ initpycurl(void) case CURLSSLBACKEND_NSS: case CURLSSLBACKEND_WOLFSSL: case CURLSSLBACKEND_MBEDTLS: + case CURLSSLBACKEND_SECURETRANSPORT: runtime_supported_backend_found = 1; break; default: @@ -404,6 +405,8 @@ initpycurl(void) runtime_ssl_lib = "nss"; } else if (!strncmp(vi->ssl_version, "mbedTLS/", 8)) { runtime_ssl_lib = "mbedtls"; + } else if (!strncmp(vi->ssl_version, "Secure Transport", 16)) { + runtime_ssl_lib = "secure-transport"; } else { runtime_ssl_lib = "none/other"; } diff --git a/src/pycurl.h b/src/pycurl.h index 31d1eac..42c7d57 100644 --- a/src/pycurl.h +++ b/src/pycurl.h @@ -220,6 +220,9 @@ pycurl_inet_ntop (int family, void *addr, char *string, size_t string_size); # define PYCURL_NEED_MBEDTLS_TSL # define COMPILE_SSL_LIB "mbedtls" # define COMPILE_SUPPORTED_SSL_BACKEND_FOUND 1 +# elif defined(HAVE_CURL_SECTRANSP) +# define COMPILE_SSL_LIB "secure-transport" +# define COMPILE_SUPPORTED_SSL_BACKEND_FOUND 1 # else # ifdef _MSC_VER /* sigh */ @@ -237,7 +240,7 @@ pycurl_inet_ntop (int family, void *addr, char *string, size_t string_size); * no reason to require users match those */ # define COMPILE_SSL_LIB "none/other" # define COMPILE_SUPPORTED_SSL_BACKEND_FOUND 0 -# endif /* HAVE_CURL_OPENSSL || HAVE_CURL_WOLFSSL || HAVE_CURL_GNUTLS || HAVE_CURL_NSS || HAVE_CURL_MBEDTLS */ +# endif /* HAVE_CURL_OPENSSL || HAVE_CURL_WOLFSSL || HAVE_CURL_GNUTLS || HAVE_CURL_NSS || HAVE_CURL_MBEDTLS || HAVE_CURL_SECTRANSP */ #else # define COMPILE_SSL_LIB "none/other" # define COMPILE_SUPPORTED_SSL_BACKEND_FOUND 0 diff --git a/tests/fake-curl/libcurl/Makefile b/tests/fake-curl/libcurl/Makefile index 57943e9..b5d0816 100644 --- a/tests/fake-curl/libcurl/Makefile +++ b/tests/fake-curl/libcurl/Makefile @@ -13,10 +13,16 @@ clean: CC = `curl-config --cc` CFLAGS += `curl-config --cflags` +UNAME := $(shell uname -s) +ifeq ($(UNAME),Darwin) + SONAME_FLAG = -install_name +else + SONAME_FLAG = -soname +endif .c.so: $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -shared -fPIC \ - -Wl,-soname,$@ -o $@ $< + -Wl,$(SONAME_FLAG),$@ -o $@ $< show-targets: ls *c |sed -e 's/.c$$/.so/' | awk '{print $$1 " \\"}' diff --git a/tests/option_constants_test.py b/tests/option_constants_test.py index b8aab1e..9eda4e3 100644 --- a/tests/option_constants_test.py +++ b/tests/option_constants_test.py @@ -241,7 +241,7 @@ class OptionConstantsTest(unittest.TestCase): curl.close() @util.min_libcurl(7, 42, 0) - @util.only_ssl_backends('nss') + @util.only_ssl_backends('nss', 'secure-transport') def test_ssl_falsestart(self): curl = pycurl.Curl() curl.setopt(curl.SSL_FALSESTART, 1) @@ -263,7 +263,7 @@ class OptionConstantsTest(unittest.TestCase): curl.setopt(curl.ISSUERCERT, '/bogus-issuercert') curl.close() - @util.only_ssl + @util.only_ssl_backends('openssl', 'gnutls', 'nss') def test_capath(self): curl = pycurl.Curl() curl.setopt(curl.CAPATH, '/bogus-capath') @@ -271,7 +271,7 @@ class OptionConstantsTest(unittest.TestCase): # CURLOPT_PROXY_CAPATH was introduced in libcurl-7.52.0 @util.min_libcurl(7, 52, 0) - @util.only_ssl + @util.only_ssl_backends('openssl', 'gnutls', 'nss') def test_proxy_capath(self): curl = pycurl.Curl() curl.setopt(curl.PROXY_CAPATH, '/bogus-capath') @@ -331,7 +331,7 @@ class OptionConstantsTest(unittest.TestCase): curl.setopt(curl.RANDOM_FILE, '/bogus-random') curl.close() - @util.only_ssl_backends('openssl', 'gnutls') + @util.only_ssl_backends('openssl', 'gnutls', 'secure-transport') def test_egdsocket(self): curl = pycurl.Curl() curl.setopt(curl.EGDSOCKET, '/bogus-egdsocket') diff --git a/tests/util.py b/tests/util.py index de8b0e7..d9c0b57 100644 --- a/tests/util.py +++ b/tests/util.py @@ -175,6 +175,8 @@ def only_ssl_backends(*backends): current_backend = 'gnutls' elif 'NSS/' in pycurl.version: current_backend = 'nss' + elif 'SecureTransport' in pycurl.version: + current_backend = 'secure-transport' else: current_backend = 'none' if current_backend not in backends: |