File python-3.2.3rc2-CVE-2011-3389-ssl-compat.patch of Package python3.openSUSE_12.1_Update

# HG changeset patch
# User Antoine Pitrou <solipsis@pitrou.net>
# Date 1327654245 -3600
# Node ID 4386686a035d5881357484e0e0c43026e27eca3e
# Parent  90368391f0f9b9c135e8d5a9ca96d2b4f4de6763# Parent  e7706bdaaa0df23158463b214c5aae6f92cc4a15
Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure.

diff --git a/Modules/_ssl.c b/Modules/_ssl.c
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -1481,7 +1481,8 @@ context_new(PyTypeObject *type, PyObject
     self->ctx = ctx;
     /* Defaults */
     SSL_CTX_set_verify(self->ctx, SSL_VERIFY_NONE, NULL);
-    SSL_CTX_set_options(self->ctx, SSL_OP_ALL);
+    SSL_CTX_set_options(self->ctx,
+                        SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
 
 #define SID_CTX "Python"
     SSL_CTX_set_session_id_context(self->ctx, (const unsigned char *) SID_CTX,
@@ -2143,7 +2144,8 @@ PyInit__ssl(void)
                             PY_SSL_VERSION_TLS1);
 
     /* protocol options */
-    PyModule_AddIntConstant(m, "OP_ALL", SSL_OP_ALL);
+    PyModule_AddIntConstant(m, "OP_ALL",
+                            SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
     PyModule_AddIntConstant(m, "OP_NO_SSLv2", SSL_OP_NO_SSLv2);
     PyModule_AddIntConstant(m, "OP_NO_SSLv3", SSL_OP_NO_SSLv3);
     PyModule_AddIntConstant(m, "OP_NO_TLSv1", SSL_OP_NO_TLSv1);