File urllib3-cve-2019-11324.patch of Package python-urllib3

Index: urllib3-1.23/urllib3/util/ssl_.py
===================================================================
--- urllib3-1.23.orig/urllib3/util/ssl_.py
+++ urllib3-1.23/urllib3/util/ssl_.py
@@ -342,7 +342,10 @@ def ssl_wrap_socket(sock, keyfile=None,
             if e.errno == errno.ENOENT:
                 raise SSLError(e)
             raise
-    elif getattr(context, 'load_default_certs', None) is not None:
+
+    # Don't load system certs unless there were no CA certs or
+    # SSLContext object specified manually.
+    elif ssl_context is None and hasattr(context, 'load_default_certs'):
         # try to load OS default certs; works well on Windows (require Python3.4+)
         context.load_default_certs()
     elif cert_reqs != ssl.CERT_NONE and hasattr(context, 'set_default_verify_paths'):

Places

File urllib3-cve-2019-11324.patch of Package python-urllib3

Places