gh-89532: Remove LibreSSL workarounds (#28728)

ramikg · tiran · gpshead · web-flow · commit 84d1f76092c2 · 2024-01-06T23:25:58.000Z
Remove LibreSSL specific workaround ifdefs from `_ssl.c` and delete the non-version-specific `_ssl_data.h` file (relevant for OpenSSL &lt; 1.1.1, which we no longer support per PEP 644).

Co-authored-by: Christian Heimes &lt;christian@python.org&gt;
Co-authored-by: Gregory P. Smith &lt;greg@krypto.org&gt;
diff --git a/Lib/ssl.py b/Lib/ssl.py
@@ -110,7 +110,7 @@
 try:
     from _ssl import RAND_egd
 except ImportError:
-    # LibreSSL does not provide RAND_egd
+    # RAND_egd is not supported on some platforms
     pass
 
 
diff --git a/Makefile.pre.in b/Makefile.pre.in
@@ -2865,7 +2865,7 @@ MODULE__SHA1_DEPS=$(srcdir)/Modules/hashlib.h $(LIBHACL_HEADERS) Modules/_hacl/H
 MODULE__SHA2_DEPS=$(srcdir)/Modules/hashlib.h $(LIBHACL_SHA2_HEADERS) $(LIBHACL_SHA2_A)
 MODULE__SHA3_DEPS=$(srcdir)/Modules/hashlib.h $(LIBHACL_HEADERS) Modules/_hacl/Hacl_Hash_SHA3.h Modules/_hacl/Hacl_Hash_SHA3.c
 MODULE__SOCKET_DEPS=$(srcdir)/Modules/socketmodule.h $(srcdir)/Modules/addrinfo.h $(srcdir)/Modules/getaddrinfo.c $(srcdir)/Modules/getnameinfo.c
-MODULE__SSL_DEPS=$(srcdir)/Modules/_ssl.h $(srcdir)/Modules/_ssl/cert.c $(srcdir)/Modules/_ssl/debughelpers.c $(srcdir)/Modules/_ssl/misc.c $(srcdir)/Modules/_ssl_data.h $(srcdir)/Modules/_ssl_data_111.h $(srcdir)/Modules/_ssl_data_300.h $(srcdir)/Modules/socketmodule.h
+MODULE__SSL_DEPS=$(srcdir)/Modules/_ssl.h $(srcdir)/Modules/_ssl/cert.c $(srcdir)/Modules/_ssl/debughelpers.c $(srcdir)/Modules/_ssl/misc.c $(srcdir)/Modules/_ssl_data_111.h $(srcdir)/Modules/_ssl_data_300.h $(srcdir)/Modules/socketmodule.h
 MODULE__TESTCAPI_DEPS=$(srcdir)/Modules/_testcapi/testcapi_long.h $(srcdir)/Modules/_testcapi/parts.h $(srcdir)/Modules/_testcapi/util.h
 MODULE__TESTINTERNALCAPI_DEPS=$(srcdir)/Modules/_testinternalcapi/parts.h
 MODULE__SQLITE3_DEPS=$(srcdir)/Modules/_sqlite/connection.h $(srcdir)/Modules/_sqlite/cursor.h $(srcdir)/Modules/_sqlite/microprotocols.h $(srcdir)/Modules/_sqlite/module.h $(srcdir)/Modules/_sqlite/prepare_protocol.h $(srcdir)/Modules/_sqlite/row.h $(srcdir)/Modules/_sqlite/util.h
diff --git a/Misc/NEWS.d/next/Core and Builtins/2021-10-05-05-00-16.bpo-45369.tluk_X.rst b/Misc/NEWS.d/next/Core and Builtins/2021-10-05-05-00-16.bpo-45369.tluk_X.rst
@@ -0,0 +1 @@
+Remove LibreSSL workarounds as per :pep:`644`.
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
@@ -125,10 +125,10 @@ static void _PySSLFixErrno(void) {
 #include "_ssl_data_31.h"
 #elif (OPENSSL_VERSION_NUMBER >= 0x30000000L)
 #include "_ssl_data_300.h"
-#elif (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(LIBRESSL_VERSION_NUMBER)
+#elif (OPENSSL_VERSION_NUMBER >= 0x10101000L)
 #include "_ssl_data_111.h"
 #else
-#include "_ssl_data.h"
+#error Unsupported OpenSSL version
 #endif
 
 /* OpenSSL API 1.1.0+ does not include version methods */
@@ -867,7 +867,7 @@ newPySSLSocket(PySSLContext *sslctx, PySocketSockObject *sock,
     }
 
     /* bpo43522 and OpenSSL < 1.1.1l: copy hostflags manually */
-#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION < 0x101010cf
+#if OPENSSL_VERSION < 0x101010cf
     X509_VERIFY_PARAM *ssl_params = SSL_get0_param(self->ssl);
     X509_VERIFY_PARAM_set_hostflags(ssl_params, sslctx->hostflags);
 #endif
diff --git a/Modules/_ssl_data.h b/Modules/_ssl_data.h
diff --git a/Tools/c-analyzer/cpython/_parser.py b/Tools/c-analyzer/cpython/_parser.py

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	+Remove LibreSSL workarounds as per :pep:`644`.