Changeset View
Changeset View
Standalone View
Standalone View
lang/python33/files/patch-PR195511
- This file was added.
Property | Old Value | New Value |
---|---|---|
fbsd:nokeywords | null | yes \ No newline at end of property |
svn:eol-style | null | native \ No newline at end of property |
svn:mime-type | null | text/plain \ No newline at end of property |
--- Modules/_ssl.c.orig 2014-03-09 09:40:26.000000000 +0100 | |||||
+++ Modules/_ssl.c 2015-09-26 15:53:49.266985391 +0200 | |||||
@@ -1746,8 +1746,10 @@ context_new(PyTypeObject *type, PyObject | |||||
PySSL_BEGIN_ALLOW_THREADS | |||||
if (proto_version == PY_SSL_VERSION_TLS1) | |||||
ctx = SSL_CTX_new(TLSv1_method()); | |||||
+#ifndef OPENSSL_NO_SSL3 | |||||
else if (proto_version == PY_SSL_VERSION_SSL3) | |||||
ctx = SSL_CTX_new(SSLv3_method()); | |||||
+#endif | |||||
#ifndef OPENSSL_NO_SSL2 | |||||
else if (proto_version == PY_SSL_VERSION_SSL2) | |||||
ctx = SSL_CTX_new(SSLv2_method()); | |||||
@@ -2559,6 +2561,9 @@ Returns 1 if the OpenSSL PRNG has been s | |||||
It is necessary to seed the PRNG with RAND_add() on some platforms before\n\ | |||||
using the ssl() function."); | |||||
+/* ### Fix build with LibreSSL (does not have RAND_egd) | |||||
+ ### PR195511, http://bugs.python.org/issue21356 */ | |||||
+#ifndef OPENSSL_NO_EGD | |||||
static PyObject * | |||||
PySSL_RAND_egd(PyObject *self, PyObject *args) | |||||
{ | |||||
@@ -2586,6 +2591,8 @@ PyDoc_STRVAR(PySSL_RAND_egd_doc, | |||||
Queries the entropy gather daemon (EGD) on the socket named by 'path'.\n\ | |||||
Returns number of bytes read. Raises SSLError if connection to EGD\n\ | |||||
fails or if it does not provide enough data to seed PRNG."); | |||||
+#endif /* OPENSSL_NO_EGD */ | |||||
+/* ### End PR195511 */ | |||||
#endif /* HAVE_OPENSSL_RAND */ | |||||
@@ -2604,8 +2611,13 @@ static PyMethodDef PySSL_methods[] = { | |||||
PySSL_RAND_bytes_doc}, | |||||
{"RAND_pseudo_bytes", PySSL_RAND_pseudo_bytes, METH_VARARGS, | |||||
PySSL_RAND_pseudo_bytes_doc}, | |||||
+/* ### Fix build with LibreSSL (does not have RAND_egd) | |||||
+ ### PR195511, http://bugs.python.org/issue21356 */ | |||||
+#ifndef OPENSSL_NO_EGD | |||||
{"RAND_egd", PySSL_RAND_egd, METH_VARARGS, | |||||
PySSL_RAND_egd_doc}, | |||||
+#endif /* OPENSSL_NO_EGD */ | |||||
+/* ### End PR195511 */ | |||||
{"RAND_status", (PyCFunction)PySSL_RAND_status, METH_NOARGS, | |||||
PySSL_RAND_status_doc}, | |||||
#endif | |||||
@@ -2842,8 +2854,10 @@ PyInit__ssl(void) | |||||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", | |||||
PY_SSL_VERSION_SSL2); | |||||
#endif | |||||
+#ifndef OPENSSL_NO_SSL3 | |||||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", | |||||
PY_SSL_VERSION_SSL3); | |||||
+#endif | |||||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", | |||||
PY_SSL_VERSION_SSL23); | |||||
PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", | |||||
--- Lib/ssl.py.orig 2014-03-09 09:40:13.000000000 +0100 | |||||
+++ Lib/ssl.py 2015-09-26 15:55:40.209981202 +0200 | |||||
@@ -78,7 +78,15 @@ try: | |||||
from _ssl import OP_SINGLE_ECDH_USE | |||||
except ImportError: | |||||
pass | |||||
-from _ssl import RAND_status, RAND_egd, RAND_add, RAND_bytes, RAND_pseudo_bytes | |||||
+### Fix build with LibreSSL (does not have RAND_egd) | |||||
+### PR195511, http://bugs.python.org/issue21356 | |||||
+from _ssl import RAND_status, RAND_add, RAND_bytes, RAND_pseudo_bytes | |||||
+try: | |||||
+ from _ssl import RAND_egd | |||||
+except ImportError: | |||||
+ # LibreSSL does not provide RAND_egd | |||||
+ pass | |||||
+### End PR195511 | |||||
from _ssl import ( | |||||
SSL_ERROR_ZERO_RETURN, | |||||
SSL_ERROR_WANT_READ, | |||||
@@ -91,14 +99,13 @@ from _ssl import ( | |||||
SSL_ERROR_INVALID_ERROR_CODE, | |||||
) | |||||
from _ssl import HAS_SNI, HAS_ECDH, HAS_NPN | |||||
-from _ssl import (PROTOCOL_SSLv3, PROTOCOL_SSLv23, | |||||
+from _ssl import (PROTOCOL_SSLv23, | |||||
PROTOCOL_TLSv1) | |||||
from _ssl import _OPENSSL_API_VERSION | |||||
_PROTOCOL_NAMES = { | |||||
PROTOCOL_TLSv1: "TLSv1", | |||||
PROTOCOL_SSLv23: "SSLv23", | |||||
- PROTOCOL_SSLv3: "SSLv3", | |||||
} | |||||
try: | |||||
from _ssl import PROTOCOL_SSLv2 | |||||
@@ -107,6 +114,13 @@ except ImportError: | |||||
_SSLv2_IF_EXISTS = None | |||||
else: | |||||
_PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" | |||||
+try: | |||||
+ from _ssl import PROTOCOL_SSLv3 | |||||
+ _SSLv3_IF_EXISTS = PROTOCOL_SSLv3 | |||||
+except ImportError: | |||||
+ _SSLv3_IF_EXISTS = None | |||||
+else: | |||||
+ _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv3" | |||||
from socket import getnameinfo as _getnameinfo | |||||
from socket import error as socket_error | |||||
@@ -664,7 +678,7 @@ def PEM_cert_to_DER_cert(pem_cert_string | |||||
d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] | |||||
return base64.decodebytes(d.encode('ASCII', 'strict')) | |||||
-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): | |||||
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): | |||||
"""Retrieve the certificate from the server at the specified address, | |||||
and return it as a PEM-encoded string. | |||||
If 'ca_certs' is specified, validate the server cert against it. | |||||
--- Lib/test/test_ssl.py.orig 2014-03-09 09:40:19.000000000 +0100 | |||||
+++ Lib/test/test_ssl.py 2015-09-26 15:58:58.264964564 +0200 | |||||
@@ -21,11 +21,12 @@ import functools | |||||
ssl = support.import_module("ssl") | |||||
PROTOCOLS = [ | |||||
- ssl.PROTOCOL_SSLv3, | |||||
ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1 | |||||
] | |||||
if hasattr(ssl, 'PROTOCOL_SSLv2'): | |||||
PROTOCOLS.append(ssl.PROTOCOL_SSLv2) | |||||
+if hasattr(ssl, 'PROTOCOL_SSLv3'): | |||||
+ PROTOCOLS.append(ssl.PROTOCOL_SSLv3) | |||||
HOST = support.HOST | |||||
@@ -96,7 +97,8 @@ class BasicSocketTests(unittest.TestCase | |||||
def test_constants(self): | |||||
#ssl.PROTOCOL_SSLv2 | |||||
ssl.PROTOCOL_SSLv23 | |||||
- ssl.PROTOCOL_SSLv3 | |||||
+ if hasattr(ssl, 'PROTOCOL_SSLv3'): | |||||
+ ssl.PROTOCOL_SSLv3 | |||||
ssl.PROTOCOL_TLSv1 | |||||
ssl.CERT_NONE | |||||
ssl.CERT_OPTIONAL | |||||
@@ -130,8 +132,12 @@ class BasicSocketTests(unittest.TestCase | |||||
self.assertRaises(ValueError, ssl.RAND_bytes, -5) | |||||
self.assertRaises(ValueError, ssl.RAND_pseudo_bytes, -5) | |||||
- self.assertRaises(TypeError, ssl.RAND_egd, 1) | |||||
- self.assertRaises(TypeError, ssl.RAND_egd, 'foo', 1) | |||||
+### Fix build with LibreSSL (does not have RAND_egd) | |||||
+### PR195511, http://bugs.python.org/issue21356 | |||||
+ if hasattr(ssl, 'RAND_egd'): | |||||
+ self.assertRaises(TypeError, ssl.RAND_egd, 1) | |||||
+ self.assertRaises(TypeError, ssl.RAND_egd, 'foo', 1) | |||||
+### End PR195511 | |||||
ssl.RAND_add("this is a random string", 75.0) | |||||
@unittest.skipUnless(os.name == 'posix', 'requires posix') | |||||
@@ -512,7 +518,8 @@ class ContextTests(unittest.TestCase): | |||||
if hasattr(ssl, 'PROTOCOL_SSLv2'): | |||||
ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv2) | |||||
ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23) | |||||
- ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv3) | |||||
+ if hasattr(ssl, 'PROTOCOL_SSLv3'): | |||||
+ ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv3) | |||||
ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1) | |||||
self.assertRaises(TypeError, ssl.SSLContext) | |||||
self.assertRaises(ValueError, ssl.SSLContext, -1) |