File python-2.6.9-disable-sslv2.patch of Package python.6852

Overview Repositories Revisions Requests Users Attributes Meta

File python-2.6.9-disable-sslv2.patch of Package python.6852

# HG changeset patch
# User Antoine Pitrou <solipsis@pitrou.net>
# Date 1389293532 -3600
# Node ID 163c090412808f0dad193735a3fd2fbcac7e7664
# Parent  369bf9fbaeffe2e531325fa5cc1526474e46a80c
Issue #20207: Always disable SSLv2 except when PROTOCOL_SSLv2 is explicitly asked for.

Index: Python-2.6.9/Lib/test/test_ssl.py
===================================================================
--- Python-2.6.9.orig/Lib/test/test_ssl.py	2014-11-05 17:08:03.283711750 +0100
+++ Python-2.6.9/Lib/test/test_ssl.py	2014-11-05 17:08:17.545778612 +0100
@@ -859,7 +859,7 @@
             try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True)
             try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True, ssl.CERT_OPTIONAL)
             try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True, ssl.CERT_REQUIRED)
-            try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv23, True)
+            try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv23, False)
             try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv3, False)
             try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_TLSv1, False)
 
Index: Python-2.6.9/Modules/_ssl.c
===================================================================
--- Python-2.6.9.orig/Modules/_ssl.c	2014-11-05 17:08:03.283711750 +0100
+++ Python-2.6.9/Modules/_ssl.c	2014-11-05 17:10:42.735459632 +0100
@@ -269,6 +269,7 @@
     char *errstr = NULL;
     int ret;
     int verification_mode;
+    long options;
 
     self = PyObject_New(PySSLObject, &PySSL_Type); /* Create new object */
     if (self == NULL)
@@ -359,8 +360,10 @@
     }
 
     /* ssl compatibility */
-    SSL_CTX_set_options(self->ctx,
-                        SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
+    options = SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
+    if (proto_version != PY_SSL_VERSION_SSL2)
+        options |= SSL_OP_NO_SSLv2;
+    SSL_CTX_set_options(self->ctx, options);
     SSL_CTX_set_mode(self->ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
 
     verification_mode = SSL_VERIFY_NONE;

Places

File python-2.6.9-disable-sslv2.patch of Package python.6852

Places