Add support for disable-oldtls

If wolfSSL is build with `--disable-oldtls` then we need to support
this. Otherwise link errors will occur.

Author: LinuxJedi

tests/conftest.py

@@ -26,7 +26,7 @@
 import ssl
 import pytest
 import wolfssl
-
+from wolfssl._ffi import lib as _lib
 
 @pytest.fixture
 def tcp_socket():
@@ -44,8 +44,14 @@ def ssl_provider(request):
     return request.param
 
 
+tls_params = ["TLSv1.2", "TLSv1.3", "SSLv23"]
+
+if _lib.OLDTLS_ENABLED:
+    tls_params.append("TLSv1.1")
+
+
 @pytest.fixture(
-    params=["TLSv1.1", "TLSv1.2", "TLSv1.3", "SSLv23"])
+    params=tls_params)
 def ssl_context(ssl_provider, request):
     if request.param == "TLSv1.1":
         return ssl_provider.SSLContext(ssl_provider.PROTOCOL_TLSv1_1)

tests/test_methods.py

@@ -27,6 +27,7 @@
                               PROTOCOL_TLS, PROTOCOL_TLSv1, PROTOCOL_TLSv1_1,
                               PROTOCOL_TLSv1_2, PROTOCOL_TLSv1_3)
 from wolfssl._ffi import ffi as _ffi
+from wolfssl._ffi import lib as _lib
 
 
 @pytest.fixture(
@@ -36,10 +37,19 @@ def unsupported_method(request):
     yield request.param
 
 
+tls_params = [PROTOCOL_SSLv23, PROTOCOL_TLSv1_2, PROTOCOL_TLSv1_3]
+tls_ids = ["SSLv23", "TLSv1_2", "TLSv1_3"]
+
+if _lib.OLDTLS_ENABLED:
+    tls_params.append(PROTOCOL_TLS)
+    tls_params.append(PROTOCOL_TLSv1_1)
+    tls_ids.append("TLS")
+    tls_ids.append("TLSv1_1")
+
+
 @pytest.fixture(
-    params=[PROTOCOL_SSLv23, PROTOCOL_TLS, PROTOCOL_TLSv1_1, PROTOCOL_TLSv1_2,
-            PROTOCOL_TLSv1_3],
-    ids=["SSLv23", "TLS", "TLSv1_1", "TLSv1_2", "TLSv1_3"])
+    params=tls_params,
+    ids=tls_ids)
 def supported_method(request):
     yield request.param
 

wolfssl/_build_ffi.py

@@ -155,7 +155,6 @@ def make_flags(prefix, debug):
 
     # tls 1.3
     flags.append("--enable-tls13")
-    flags.append("--enable-sslv3")
 
     # for urllib3 - requires SNI (tlsx), options (openssl compat), peer cert
     flags.append("--enable-tlsx")
@@ -212,6 +211,7 @@ def build_wolfssl(ref, debug=False):
 
 
 def make_optional_func_list(libwolfssl_path, funcs):
+    sys.stderr.write("\nlibwolfssl Path: %s\n" % libwolfssl_path)
     if libwolfssl_path.endswith(".so"):
         libwolfssl = cdll.LoadLibrary(libwolfssl_path)
         defined = []
@@ -282,6 +282,13 @@ def generate_libwolfssl():
         generate_libwolfssl()
         get_libwolfssl()
 
+# default values
+OLDTLS_ENABLED = 1
+
+if featureDetection:
+    OLDTLS_ENABLED = 0 if '#define NO_OLD_TLS' in optionsHeaderStr else 1
+
+sys.stderr.write("\nOLDTLS: %d\n" % OLDTLS_ENABLED)
 
 WolfFunction = namedtuple("WolfFunction", ["name", "native_sig", "ossl_sig"])
 # Depending on how wolfSSL was configured, the functions below may or may not be
@@ -302,6 +309,8 @@ def generate_libwolfssl():
 source = """
     #include <wolfssl/options.h>
     #include <wolfssl/ssl.h>
+
+    int OLDTLS_ENABLED = """ + str(OLDTLS_ENABLED) + """;
 """
 ffi_source = source + openssl.source
 
@@ -326,7 +335,9 @@ def generate_libwolfssl():
      */
     typedef unsigned char byte;
     typedef unsigned int word32;
-    
+
+    extern int OLDTLS_ENABLED;
+
     typedef ... WOLFSSL_CTX;
     typedef ... WOLFSSL;
     typedef ... WOLFSSL_X509;
@@ -360,9 +371,16 @@ def generate_libwolfssl():
     /**
      * SSL/TLS Method functions
      */
+"""
+
+if OLDTLS_ENABLED:
+    sys.stderr.write("\nAdding OLDTLS\n")
+    cdef += """
     WOLFSSL_METHOD* wolfTLSv1_1_server_method(void);
     WOLFSSL_METHOD* wolfTLSv1_1_client_method(void);
+    """
 
+cdef += """
     WOLFSSL_METHOD* wolfTLSv1_2_server_method(void);
     WOLFSSL_METHOD* wolfTLSv1_2_client_method(void);
 
@@ -373,7 +391,12 @@ def generate_libwolfssl():
     WOLFSSL_METHOD* wolfSSLv23_client_method(void);
 
     WOLFSSL_METHOD* wolfSSLv23_method(void);
+    """
+if OLDTLS_ENABLED:
+    cdef += """
     WOLFSSL_METHOD* wolfTLSv1_1_method(void);
+    """
+cdef += """
     WOLFSSL_METHOD* wolfTLSv1_2_method(void);
 
     /**
@@ -501,7 +524,7 @@ def generate_libwolfssl():
 for func in optional_funcs:
     cdef += "{};".format(func.native_sig)
 
-ffi_cdef = cdef + openssl.construct_cdef(optional_funcs)
+ffi_cdef = cdef + openssl.construct_cdef(optional_funcs, OLDTLS_ENABLED)
 ffi.cdef(ffi_cdef)
 
 if __name__ == "__main__":

wolfssl/_methods.py

@@ -65,6 +65,8 @@ def __init__(self, protocol, server_side):
             raise ValueError("this protocol is not supported")
 
         elif protocol == PROTOCOL_TLSv1_1:
+            if not _lib.OLDTLS_ENABLED:
+                raise ValueError("wolfSSL not built with old TLS support")
             self.native_object =                                     \
                 _lib.wolfTLSv1_1_server_method() if server_side else \
                 _lib.wolfTLSv1_1_client_method()

wolfssl/_openssl.py

@@ -31,7 +31,7 @@
     #include <wolfssl/openssl/crypto.h>
 """
 
-def construct_cdef(optional_funcs):
+def construct_cdef(optional_funcs, OLDTLS_ENABLED):
     cdef = """
         /**
          * Constants
@@ -172,16 +172,30 @@ def construct_cdef(optional_funcs):
         /**
          * SSL/TLS Method functions
          */
+        """
+
+    if OLDTLS_ENABLED:
+        cdef += """
         SSL_METHOD* TLSv1_1_server_method(void);
         SSL_METHOD* TLSv1_1_client_method(void);
+        """
+
+    cdef += """
         SSL_METHOD* TLSv1_2_server_method(void);
         SSL_METHOD* TLSv1_2_client_method(void);
         SSL_METHOD* TLSv1_3_server_method(void);
         SSL_METHOD* TLSv1_3_client_method(void);
         SSL_METHOD* SSLv23_server_method(void);
         SSL_METHOD* SSLv23_client_method(void);
         SSL_METHOD* SSLv23_method(void);
+        """
+
+    if OLDTLS_ENABLED:
+        cdef += """
         SSL_METHOD* TLSv1_1_method(void);
+        """
+
+    cdef += """
         SSL_METHOD* TLSv1_2_method(void);
         SSL_METHOD* TLSv1_3_method(void);