Skip to content

Commit 669672e

Browse files
vstinnervstinner
committed
pythongh-106687: _ssl: use uint64_t for SSL options
SSL_CTX_get_options() uses uint64_t for options: https://www.openssl.org/docs/man3.1/man3/SSL_CTX_get_options.html Fix this compiler warning on Windows with MSC: conversion from 'uint64_t' to 'long', possible loss of data
1 parent e4b88c1 commit 669672e

File tree

2 files changed

+24
-5
lines changed

2 files changed

+24
-5
lines changed

Lib/test/test_ssl.py

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -969,6 +969,14 @@ def test_options(self):
969969
# Ubuntu has OP_NO_SSLv3 forced on by default
970970
self.assertEqual(0, ctx.options & ~ssl.OP_NO_SSLv3)
971971

972+
# invalid options
973+
with self.assertRaises(OverflowError):
974+
ctx.options = -1
975+
with self.assertRaises(OverflowError):
976+
ctx.options = 2 ** 100
977+
with self.assertRaises(TypeError):
978+
ctx.options = "abc"
979+
972980
def test_verify_mode_protocol(self):
973981
with warnings_helper.check_warnings():
974982
ctx = ssl.SSLContext(ssl.PROTOCOL_TLS)

Modules/_ssl.c

Lines changed: 16 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -3614,20 +3614,30 @@ PyDoc_STRVAR(PySSLContext_security_level_doc, "The current security level");
36143614
static PyObject *
36153615
get_options(PySSLContext *self, void *c)
36163616
{
3617-
return PyLong_FromLong(SSL_CTX_get_options(self->ctx));
3617+
return PyLong_FromUnsignedLongLong(SSL_CTX_get_options(self->ctx));
36183618
}
36193619

36203620
static int
36213621
set_options(PySSLContext *self, PyObject *arg, void *c)
36223622
{
3623-
long new_opts, opts, set, clear;
3624-
long opt_no = (
3623+
PyObject *new_opts_obj;
3624+
unsigned long new_opts_arg;
3625+
uint64_t new_opts, opts, clear, set;
3626+
uint64_t opt_no = (
36253627
SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 |
36263628
SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3
36273629
);
36283630

3629-
if (!PyArg_Parse(arg, "l", &new_opts))
3631+
if (!PyArg_Parse(arg, "O!", &PyLong_Type, &new_opts_obj)) {
36303632
return -1;
3633+
}
3634+
new_opts_arg = PyLong_AsUnsignedLong(new_opts_obj);
3635+
if (new_opts_arg == (unsigned long)-1 && PyErr_Occurred()) {
3636+
return -1;
3637+
}
3638+
Py_BUILD_ASSERT(sizeof(new_opts) >= sizeof(new_opts_arg));
3639+
new_opts = (uint64_t)new_opts_arg;
3640+
36313641
opts = SSL_CTX_get_options(self->ctx);
36323642
clear = opts & ~new_opts;
36333643
set = ~opts & new_opts;
@@ -3641,8 +3651,9 @@ set_options(PySSLContext *self, PyObject *arg, void *c)
36413651
if (clear) {
36423652
SSL_CTX_clear_options(self->ctx, clear);
36433653
}
3644-
if (set)
3654+
if (set) {
36453655
SSL_CTX_set_options(self->ctx, set);
3656+
}
36463657
return 0;
36473658
}
36483659

0 commit comments

Comments
 (0)