Changes between Initial Version and Version 1 of Ticket #2215, comment 6


Ignore:
Timestamp:
2014-04-19T01:05:46Z (11 years ago)
Author:
daira
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #2215, comment 6

    initial v1  
    11It was suggested on #cryptography-dev that (rather than looking at build date as the patch currently does), we should call the `tls1_process_heartbeat` function to directly check whether it is vulnerable. (This is possible without invoking undefined behaviour.)
    22
    3 For pyOpenSSL >= 0.14, this can be done relatively easily by importing `OpenSSL._util._lib`, which gives access to arbitrary OpenSSL functions via cffi. For pyOpenSSL 0.13, however, it's basically impossible because there is no way to add to the set of OpenSSL functions exposed by the extension module. I don't know where that leaves us, given the cffi-related build problems described in #2193 and #2117.
     3For pyOpenSSL >= 0.14, this can be done relatively easily by importing `OpenSSL._util.lib`, which gives access to arbitrary OpenSSL functions via cffi. For pyOpenSSL 0.13, however, it's basically impossible because there is no way to add to the set of OpenSSL functions exposed by the extension module. I don't know where that leaves us, given the cffi-related build problems described in #2193 and #2117.