wafhelpers/tlscheck.py

   1 # Copyright the NTPsec project contributors
   2 #
   3 # SPDX-License-Identifier: BSD-2-Clause
   4
   5 """tlscheck - Helper for checking SSL library bits."""
   6 import ctypes
   7 import ctypes.util
   8 import sys
   9 ver, vers = 0, []
  10 try:
  11     tls = ctypes.CDLL(ctypes.util.find_library('ssl'))
  12 except OSError:
  13     sys.stderr.write('Could not find SSL library.\n')
  14     sys.exit(1)
  15
  16 tls.OpenSSL_version_num.restype = ctypes.c_ulong
  17 tls.OpenSSL_version.argtypes = [ctypes.c_int]
  18 tls.OpenSSL_version.restype = ctypes.c_char_p
  19
  20 ver = tls.OpenSSL_version_num()  # unsigned long OpenSSL_version_num();
  21
  22 _ = '%08x' % ver
  23 # OPENSSL_VERSION_NUMBER is a numeric release version identifier:
  24 # MNNFFPPS: major minor fix patch status
  25 for a, b in ((0, 1), (1, 3), (3, 5), (5, 7), (7, 8)):
  26     vers.append(int(_[a:b], 16))
  27
  28 polystr = str
  29 if str is not bytes:
  30     def polystr(string):
  31         """Convert bytes into a string."""
  32         return str(string, encoding='latin-1')
  33
  34
  35 def ver_to_int(*va):
  36     """Split the version number into parts."""
  37     return int('%x%02x%02x%02x%x' % va, 16)
  38
  39
  40 def verstr():
  41     """Return SSL library version string."""
  42     return polystr(tls.OpenSSL_version(0))
  43
  44
  45 if __name__ == '__main__':
  46     if vers[0] > 2:  # If notionally OpenSSL 3
  47         sys.exit(0)
  48     elif vers[0] == 2:  # If notionally OpenSSL 2
  49         sys.exit(1)
  50     # OPENSSL_VERSION_NUMBER is a numeric release version identifier:
  51     # major minor fix patch status
  52     # Check if version is earlier than 1.1.1b
  53     if ver <= ver_to_int(1, 1, 1, 2, 15):
  54         sys.exit(1)
  55     sys.exit(0)