Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:olh:SLE_11
python.6852
python-2.6.9-disable-sslv2.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File python-2.6.9-disable-sslv2.patch of Package python.6852
# HG changeset patch # User Antoine Pitrou <solipsis@pitrou.net> # Date 1389293532 -3600 # Node ID 163c090412808f0dad193735a3fd2fbcac7e7664 # Parent 369bf9fbaeffe2e531325fa5cc1526474e46a80c Issue #20207: Always disable SSLv2 except when PROTOCOL_SSLv2 is explicitly asked for. Index: Python-2.6.9/Lib/test/test_ssl.py =================================================================== --- Python-2.6.9.orig/Lib/test/test_ssl.py 2014-11-05 17:08:03.283711750 +0100 +++ Python-2.6.9/Lib/test/test_ssl.py 2014-11-05 17:08:17.545778612 +0100 @@ -859,7 +859,7 @@ try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True) try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True, ssl.CERT_OPTIONAL) try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True, ssl.CERT_REQUIRED) - try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv23, True) + try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv23, False) try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv3, False) try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_TLSv1, False) Index: Python-2.6.9/Modules/_ssl.c =================================================================== --- Python-2.6.9.orig/Modules/_ssl.c 2014-11-05 17:08:03.283711750 +0100 +++ Python-2.6.9/Modules/_ssl.c 2014-11-05 17:10:42.735459632 +0100 @@ -269,6 +269,7 @@ char *errstr = NULL; int ret; int verification_mode; + long options; self = PyObject_New(PySSLObject, &PySSL_Type); /* Create new object */ if (self == NULL) @@ -359,8 +360,10 @@ } /* ssl compatibility */ - SSL_CTX_set_options(self->ctx, - SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS); + options = SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; + if (proto_version != PY_SSL_VERSION_SSL2) + options |= SSL_OP_NO_SSLv2; + SSL_CTX_set_options(self->ctx, options); SSL_CTX_set_mode(self->ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); verification_mode = SSL_VERIFY_NONE;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor