Use ALL cipher list for building with LC

WillChilds-Klein · Sep 26, 2023 · 6a06d06 · 6a06d06
1 parent 313d87c
commit 6a06d06
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 11 deletions.
diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c
@@ -1879,8 +1879,7 @@ hashlib_md_meth_names(PyObject *module)
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
     // get algorithms from all activated providers in default context
     EVP_MD_do_all_provided(NULL, &_openssl_hash_name_mapper, &state);
-#elif !defined(OPENSSL_IS_AWSLC)
-    // TODO [childw]
+#else
     EVP_MD_do_all(&_openssl_hash_name_mapper, &state);
 #endif
 

diff --git a/Modules/_ssl.c b/Modules/_ssl.c
@@ -51,6 +51,10 @@
 #include <sys/poll.h>
 #endif
 
+#if defined(OPENSSL_IS_AWSLC)
+  #define SSL_OP_NO_TLSv1_3
+#endif
+
 /* Include OpenSSL header files */
 #include "openssl/rsa.h"
 #include "openssl/crypto.h"
@@ -3170,7 +3174,8 @@ _ssl__SSLContext_impl(PyTypeObject *type, int proto_version)
         /* stick to OpenSSL's default settings */
         result = 1;
 #else
-        result = SSL_CTX_set_cipher_list(ctx, PY_SSL_DEFAULT_CIPHER_STRING);
+        // TODO [childw]
+        result = SSL_CTX_set_cipher_list(ctx, "ALL"/*PY_SSL_DEFAULT_CIPHER_STRING*/);
 #endif
     } else {
         /* SSLv2 needs MD5 */
@@ -3180,7 +3185,7 @@ _ssl__SSLContext_impl(PyTypeObject *type, int proto_version)
         Py_DECREF(self);
         ERR_clear_error();
         PyErr_SetString(get_state_ctx(self)->PySSLErrorObject,
-                        "No cipher can be selected.");
+                        "No cipher can be selected. 1");
         goto error;
     }
 #ifdef PY_SSL_MIN_PROTOCOL
@@ -3276,14 +3281,15 @@ static PyObject *
 _ssl__SSLContext_set_ciphers_impl(PySSLContext *self, const char *cipherlist)
 /*[clinic end generated code: output=3a3162f3557c0f3f input=a7ac931b9f3ca7fc]*/
 {
-    int ret = SSL_CTX_set_cipher_list(self->ctx, cipherlist);
+    // TODO [childw]
+    int ret = SSL_CTX_set_cipher_list(self->ctx, "ALL");
     if (ret == 0) {
         /* Clearing the error queue is necessary on some OpenSSL versions,
            otherwise the error will be reported again when another SSL call
            is done. */
         ERR_clear_error();
         PyErr_SetString(get_state_ctx(self)->PySSLErrorObject,
-                        "No cipher can be selected.");
+                        "No cipher can be selected. 2");
         return NULL;
     }
     Py_RETURN_NONE;

diff --git a/Modules/_ssl/debughelpers.c b/Modules/_ssl/debughelpers.c
@@ -197,12 +197,7 @@ _PySSLContext_set_keylog_filename(PySSLContext *self, PyObject *arg, void *c) {
     if (fp == NULL)
         return -1;
 
-#if defined(OPENSSL_IS_AWSLC)
-    self->keylog_bio = BIO_new_fp(fp, BIO_CLOSE);
-#else
     self->keylog_bio = BIO_new_fp(fp, BIO_CLOSE | BIO_FP_TEXT);
-#endif
-    self->keylog_bio = BIO_new_fp(fp, BIO_CLOSE);
     if (self->keylog_bio == NULL) {
         PyErr_SetString(get_state_ctx(self)->PySSLErrorObject,
                         "Can't malloc memory for keylog file");