[Python-checkins] gh-95095: Use SSL_CTX_get_max_proto_version instead of SSL_CTX_ctrl (GH-95096)

Thu Jul 21 15:11:20 EDT 2022

https://github.com/python/cpython/commit/8fd2d36c1c6da78b2402fcb8bcefdad8428c8bc3
commit: 8fd2d36c1c6da78b2402fcb8bcefdad8428c8bc3
branch: 3.10
author: Miss Islington (bot) <31488909+miss-islington at users.noreply.github.com>
committer: miss-islington <31488909+miss-islington at users.noreply.github.com>
date: 2022年07月21日T12:10:53-07:00
summary:
gh-95095: Use SSL_CTX_get_max_proto_version instead of SSL_CTX_ctrl (GH-95096)
The wrapper macros are more readable and match the form recommended in
the OpenSSL documentation. They also slightly less error-prone, as the
mapping of arguments to SSL_CTX_ctrl is not always clear. (Though in
this case it's straightforward.)
https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_get_max_proto_version.html
(cherry picked from commit 936f71e5d4f50f2238b0320d44f7fb5f88e39809)
Co-authored-by: David Benjamin <davidben at davidben.net>
files:
M Modules/_ssl.c

diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 51bb2d00e3e8a..f1bb39f57b229 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -3518,7 +3518,7 @@ set_min_max_proto_version(PySSLContext *self, PyObject *arg, int what)
 static PyObject *
 get_minimum_version(PySSLContext *self, void *c)
 {
- int v = SSL_CTX_ctrl(self->ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL);
+ int v = SSL_CTX_get_min_proto_version(self->ctx);
 if (v == 0) {
 v = PY_PROTO_MINIMUM_SUPPORTED;
 }
@@ -3534,7 +3534,7 @@ set_minimum_version(PySSLContext *self, PyObject *arg, void *c)
 static PyObject *
 get_maximum_version(PySSLContext *self, void *c)
 {
- int v = SSL_CTX_ctrl(self->ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL);
+ int v = SSL_CTX_get_max_proto_version(self->ctx);
 if (v == 0) {
 v = PY_PROTO_MAXIMUM_SUPPORTED;
 }
