mirror of
https://github.com/pyenv/pyenv.git
synced 2024-11-21 20:47:00 -05:00
Add OPENSSL_NO_SSL2
& OPENSSL_NO_SSL3
patch for 2.6.6 .. 2.6.8
This commit is contained in:
parent
f228825879
commit
471fa24531
6 changed files with 285 additions and 231 deletions
|
@ -1,77 +0,0 @@
|
|||
diff -r -u ./Lib/ssl.py ../Python-2.6.8/Lib/ssl.py
|
||||
--- ./Lib/ssl.py 2012-04-11 00:32:06.000000000 +0900
|
||||
+++ ../Python-2.6.8/Lib/ssl.py 2013-05-08 19:44:49.000000000 +0900
|
||||
@@ -61,7 +61,19 @@
|
||||
|
||||
from _ssl import SSLError
|
||||
from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
|
||||
-from _ssl import PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
|
||||
+from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
|
||||
+_PROTOCOL_NAMES = {
|
||||
+ PROTOCOL_TLSv1: "TLSv1",
|
||||
+ PROTOCOL_SSLv23: "SSLv23",
|
||||
+ PROTOCOL_SSLv3: "SSLv3",
|
||||
+}
|
||||
+try:
|
||||
+ from _ssl import PROTOCOL_SSLv2
|
||||
+ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2
|
||||
+except ImportError:
|
||||
+ _SSLv2_IF_EXISTS = None
|
||||
+else:
|
||||
+ _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2"
|
||||
from _ssl import RAND_status, RAND_egd, RAND_add
|
||||
from _ssl import \
|
||||
SSL_ERROR_ZERO_RETURN, \
|
||||
@@ -402,16 +414,7 @@
|
||||
return DER_cert_to_PEM_cert(dercert)
|
||||
|
||||
def get_protocol_name(protocol_code):
|
||||
- if protocol_code == PROTOCOL_TLSv1:
|
||||
- return "TLSv1"
|
||||
- elif protocol_code == PROTOCOL_SSLv23:
|
||||
- return "SSLv23"
|
||||
- elif protocol_code == PROTOCOL_SSLv2:
|
||||
- return "SSLv2"
|
||||
- elif protocol_code == PROTOCOL_SSLv3:
|
||||
- return "SSLv3"
|
||||
- else:
|
||||
- return "<unknown>"
|
||||
+ return _PROTOCOL_NAMES.get(protocol_code, '<unknown>')
|
||||
|
||||
|
||||
# a replacement for the old socket.ssl function
|
||||
diff -r -u ./Modules/_ssl.c ../Python-2.6.8/Modules/_ssl.c
|
||||
--- ./Modules/_ssl.c 2012-04-11 00:32:09.000000000 +0900
|
||||
+++ ../Python-2.6.8/Modules/_ssl.c 2013-05-08 17:34:38.000000000 +0900
|
||||
@@ -62,7 +62,9 @@
|
||||
};
|
||||
|
||||
enum py_ssl_version {
|
||||
+#ifndef OPENSSL_NO_SSL2
|
||||
PY_SSL_VERSION_SSL2,
|
||||
+#endif
|
||||
PY_SSL_VERSION_SSL3,
|
||||
PY_SSL_VERSION_SSL23,
|
||||
PY_SSL_VERSION_TLS1
|
||||
@@ -302,8 +304,10 @@
|
||||
self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
|
||||
else if (proto_version == PY_SSL_VERSION_SSL3)
|
||||
self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
|
||||
+#ifndef OPENSSL_NO_SSL2
|
||||
else if (proto_version == PY_SSL_VERSION_SSL2)
|
||||
self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
|
||||
+#endif
|
||||
else if (proto_version == PY_SSL_VERSION_SSL23)
|
||||
self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
|
||||
PySSL_END_ALLOW_THREADS
|
||||
@@ -1688,8 +1692,10 @@
|
||||
PY_SSL_CERT_REQUIRED);
|
||||
|
||||
/* protocol versions */
|
||||
+#ifndef OPENSSL_NO_SSL2
|
||||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
|
||||
PY_SSL_VERSION_SSL2);
|
||||
+#endif
|
||||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
|
||||
PY_SSL_VERSION_SSL3);
|
||||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
|
|
@ -0,0 +1,95 @@
|
|||
diff -r -u ../Python-2.6.8.orig/Lib/ssl.py ./Lib/ssl.py
|
||||
--- ../Python-2.6.8.orig/Lib/ssl.py 2012-04-10 15:32:06.000000000 +0000
|
||||
+++ ./Lib/ssl.py 2015-12-18 14:46:36.487188331 +0000
|
||||
@@ -61,18 +61,24 @@
|
||||
|
||||
from _ssl import SSLError
|
||||
from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
|
||||
-from _ssl import PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
|
||||
-from _ssl import RAND_status, RAND_egd, RAND_add
|
||||
-from _ssl import \
|
||||
- SSL_ERROR_ZERO_RETURN, \
|
||||
- SSL_ERROR_WANT_READ, \
|
||||
- SSL_ERROR_WANT_WRITE, \
|
||||
- SSL_ERROR_WANT_X509_LOOKUP, \
|
||||
- SSL_ERROR_SYSCALL, \
|
||||
- SSL_ERROR_SSL, \
|
||||
- SSL_ERROR_WANT_CONNECT, \
|
||||
- SSL_ERROR_EOF, \
|
||||
- SSL_ERROR_INVALID_ERROR_CODE
|
||||
+from _ssl import RAND_status, RAND_add
|
||||
+try:
|
||||
+ from _ssl import RAND_egd
|
||||
+except ImportError:
|
||||
+ # LibreSSL does not provide RAND_egd
|
||||
+ pass
|
||||
+
|
||||
+def _import_symbols(prefix):
|
||||
+ for n in dir(_ssl):
|
||||
+ if n.startswith(prefix):
|
||||
+ globals()[n] = getattr(_ssl, n)
|
||||
+
|
||||
+_import_symbols('OP_')
|
||||
+_import_symbols('ALERT_DESCRIPTION_')
|
||||
+_import_symbols('SSL_ERROR_')
|
||||
+_import_symbols('PROTOCOL_')
|
||||
+
|
||||
+_PROTOCOL_NAMES = dict([(value, name) for name, value in globals().items() if name.startswith('PROTOCOL_')])
|
||||
|
||||
from socket import socket, _fileobject, _delegate_methods
|
||||
from socket import error as socket_error
|
||||
@@ -382,7 +388,7 @@
|
||||
d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
|
||||
return base64.decodestring(d)
|
||||
|
||||
-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
|
||||
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
|
||||
|
||||
"""Retrieve the certificate from the server at the specified address,
|
||||
and return it as a PEM-encoded string.
|
||||
diff -r -u ../Python-2.6.8.orig/Modules/_ssl.c ./Modules/_ssl.c
|
||||
--- ../Python-2.6.8.orig/Modules/_ssl.c 2012-04-10 15:32:09.000000000 +0000
|
||||
+++ ./Modules/_ssl.c 2015-12-18 14:45:30.419597074 +0000
|
||||
@@ -62,8 +62,12 @@
|
||||
};
|
||||
|
||||
enum py_ssl_version {
|
||||
+#ifndef OPENSSL_NO_SSL2
|
||||
PY_SSL_VERSION_SSL2,
|
||||
+#endif
|
||||
+#ifndef OPENSSL_NO_SSL3
|
||||
PY_SSL_VERSION_SSL3,
|
||||
+#endif
|
||||
PY_SSL_VERSION_SSL23,
|
||||
PY_SSL_VERSION_TLS1
|
||||
};
|
||||
@@ -300,10 +304,14 @@
|
||||
PySSL_BEGIN_ALLOW_THREADS
|
||||
if (proto_version == PY_SSL_VERSION_TLS1)
|
||||
self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
|
||||
+#ifndef OPENSSL_NO_SSL3
|
||||
else if (proto_version == PY_SSL_VERSION_SSL3)
|
||||
self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
|
||||
+#endif
|
||||
+#ifndef OPENSSL_NO_SSL2
|
||||
else if (proto_version == PY_SSL_VERSION_SSL2)
|
||||
self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
|
||||
+#endif
|
||||
else if (proto_version == PY_SSL_VERSION_SSL23)
|
||||
self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
|
||||
PySSL_END_ALLOW_THREADS
|
||||
@@ -1688,10 +1696,14 @@
|
||||
PY_SSL_CERT_REQUIRED);
|
||||
|
||||
/* protocol versions */
|
||||
+#ifndef OPENSSL_NO_SSL2
|
||||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
|
||||
PY_SSL_VERSION_SSL2);
|
||||
+#endif
|
||||
+#ifndef OPENSSL_NO_SSL3
|
||||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
|
||||
PY_SSL_VERSION_SSL3);
|
||||
+#endif
|
||||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
|
||||
PY_SSL_VERSION_SSL23);
|
||||
PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",
|
|
@ -1,77 +0,0 @@
|
|||
diff -r -u ./Lib/ssl.py ../Python-2.6.8/Lib/ssl.py
|
||||
--- ./Lib/ssl.py 2012-04-11 00:32:06.000000000 +0900
|
||||
+++ ../Python-2.6.8/Lib/ssl.py 2013-05-08 19:44:49.000000000 +0900
|
||||
@@ -61,7 +61,19 @@
|
||||
|
||||
from _ssl import SSLError
|
||||
from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
|
||||
-from _ssl import PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
|
||||
+from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
|
||||
+_PROTOCOL_NAMES = {
|
||||
+ PROTOCOL_TLSv1: "TLSv1",
|
||||
+ PROTOCOL_SSLv23: "SSLv23",
|
||||
+ PROTOCOL_SSLv3: "SSLv3",
|
||||
+}
|
||||
+try:
|
||||
+ from _ssl import PROTOCOL_SSLv2
|
||||
+ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2
|
||||
+except ImportError:
|
||||
+ _SSLv2_IF_EXISTS = None
|
||||
+else:
|
||||
+ _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2"
|
||||
from _ssl import RAND_status, RAND_egd, RAND_add
|
||||
from _ssl import \
|
||||
SSL_ERROR_ZERO_RETURN, \
|
||||
@@ -402,16 +414,7 @@
|
||||
return DER_cert_to_PEM_cert(dercert)
|
||||
|
||||
def get_protocol_name(protocol_code):
|
||||
- if protocol_code == PROTOCOL_TLSv1:
|
||||
- return "TLSv1"
|
||||
- elif protocol_code == PROTOCOL_SSLv23:
|
||||
- return "SSLv23"
|
||||
- elif protocol_code == PROTOCOL_SSLv2:
|
||||
- return "SSLv2"
|
||||
- elif protocol_code == PROTOCOL_SSLv3:
|
||||
- return "SSLv3"
|
||||
- else:
|
||||
- return "<unknown>"
|
||||
+ return _PROTOCOL_NAMES.get(protocol_code, '<unknown>')
|
||||
|
||||
|
||||
# a replacement for the old socket.ssl function
|
||||
diff -r -u ./Modules/_ssl.c ../Python-2.6.8/Modules/_ssl.c
|
||||
--- ./Modules/_ssl.c 2012-04-11 00:32:09.000000000 +0900
|
||||
+++ ../Python-2.6.8/Modules/_ssl.c 2013-05-08 17:34:38.000000000 +0900
|
||||
@@ -62,7 +62,9 @@
|
||||
};
|
||||
|
||||
enum py_ssl_version {
|
||||
+#ifndef OPENSSL_NO_SSL2
|
||||
PY_SSL_VERSION_SSL2,
|
||||
+#endif
|
||||
PY_SSL_VERSION_SSL3,
|
||||
PY_SSL_VERSION_SSL23,
|
||||
PY_SSL_VERSION_TLS1
|
||||
@@ -302,8 +304,10 @@
|
||||
self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
|
||||
else if (proto_version == PY_SSL_VERSION_SSL3)
|
||||
self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
|
||||
+#ifndef OPENSSL_NO_SSL2
|
||||
else if (proto_version == PY_SSL_VERSION_SSL2)
|
||||
self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
|
||||
+#endif
|
||||
else if (proto_version == PY_SSL_VERSION_SSL23)
|
||||
self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
|
||||
PySSL_END_ALLOW_THREADS
|
||||
@@ -1688,8 +1692,10 @@
|
||||
PY_SSL_CERT_REQUIRED);
|
||||
|
||||
/* protocol versions */
|
||||
+#ifndef OPENSSL_NO_SSL2
|
||||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
|
||||
PY_SSL_VERSION_SSL2);
|
||||
+#endif
|
||||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
|
||||
PY_SSL_VERSION_SSL3);
|
||||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
|
|
@ -0,0 +1,95 @@
|
|||
diff -r -u ../Python-2.6.8.orig/Lib/ssl.py ./Lib/ssl.py
|
||||
--- ../Python-2.6.8.orig/Lib/ssl.py 2012-04-10 15:32:06.000000000 +0000
|
||||
+++ ./Lib/ssl.py 2015-12-18 14:46:36.487188331 +0000
|
||||
@@ -61,18 +61,24 @@
|
||||
|
||||
from _ssl import SSLError
|
||||
from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
|
||||
-from _ssl import PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
|
||||
-from _ssl import RAND_status, RAND_egd, RAND_add
|
||||
-from _ssl import \
|
||||
- SSL_ERROR_ZERO_RETURN, \
|
||||
- SSL_ERROR_WANT_READ, \
|
||||
- SSL_ERROR_WANT_WRITE, \
|
||||
- SSL_ERROR_WANT_X509_LOOKUP, \
|
||||
- SSL_ERROR_SYSCALL, \
|
||||
- SSL_ERROR_SSL, \
|
||||
- SSL_ERROR_WANT_CONNECT, \
|
||||
- SSL_ERROR_EOF, \
|
||||
- SSL_ERROR_INVALID_ERROR_CODE
|
||||
+from _ssl import RAND_status, RAND_add
|
||||
+try:
|
||||
+ from _ssl import RAND_egd
|
||||
+except ImportError:
|
||||
+ # LibreSSL does not provide RAND_egd
|
||||
+ pass
|
||||
+
|
||||
+def _import_symbols(prefix):
|
||||
+ for n in dir(_ssl):
|
||||
+ if n.startswith(prefix):
|
||||
+ globals()[n] = getattr(_ssl, n)
|
||||
+
|
||||
+_import_symbols('OP_')
|
||||
+_import_symbols('ALERT_DESCRIPTION_')
|
||||
+_import_symbols('SSL_ERROR_')
|
||||
+_import_symbols('PROTOCOL_')
|
||||
+
|
||||
+_PROTOCOL_NAMES = dict([(value, name) for name, value in globals().items() if name.startswith('PROTOCOL_')])
|
||||
|
||||
from socket import socket, _fileobject, _delegate_methods
|
||||
from socket import error as socket_error
|
||||
@@ -382,7 +388,7 @@
|
||||
d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
|
||||
return base64.decodestring(d)
|
||||
|
||||
-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
|
||||
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
|
||||
|
||||
"""Retrieve the certificate from the server at the specified address,
|
||||
and return it as a PEM-encoded string.
|
||||
diff -r -u ../Python-2.6.8.orig/Modules/_ssl.c ./Modules/_ssl.c
|
||||
--- ../Python-2.6.8.orig/Modules/_ssl.c 2012-04-10 15:32:09.000000000 +0000
|
||||
+++ ./Modules/_ssl.c 2015-12-18 14:45:30.419597074 +0000
|
||||
@@ -62,8 +62,12 @@
|
||||
};
|
||||
|
||||
enum py_ssl_version {
|
||||
+#ifndef OPENSSL_NO_SSL2
|
||||
PY_SSL_VERSION_SSL2,
|
||||
+#endif
|
||||
+#ifndef OPENSSL_NO_SSL3
|
||||
PY_SSL_VERSION_SSL3,
|
||||
+#endif
|
||||
PY_SSL_VERSION_SSL23,
|
||||
PY_SSL_VERSION_TLS1
|
||||
};
|
||||
@@ -300,10 +304,14 @@
|
||||
PySSL_BEGIN_ALLOW_THREADS
|
||||
if (proto_version == PY_SSL_VERSION_TLS1)
|
||||
self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
|
||||
+#ifndef OPENSSL_NO_SSL3
|
||||
else if (proto_version == PY_SSL_VERSION_SSL3)
|
||||
self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
|
||||
+#endif
|
||||
+#ifndef OPENSSL_NO_SSL2
|
||||
else if (proto_version == PY_SSL_VERSION_SSL2)
|
||||
self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
|
||||
+#endif
|
||||
else if (proto_version == PY_SSL_VERSION_SSL23)
|
||||
self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
|
||||
PySSL_END_ALLOW_THREADS
|
||||
@@ -1688,10 +1696,14 @@
|
||||
PY_SSL_CERT_REQUIRED);
|
||||
|
||||
/* protocol versions */
|
||||
+#ifndef OPENSSL_NO_SSL2
|
||||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
|
||||
PY_SSL_VERSION_SSL2);
|
||||
+#endif
|
||||
+#ifndef OPENSSL_NO_SSL3
|
||||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
|
||||
PY_SSL_VERSION_SSL3);
|
||||
+#endif
|
||||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
|
||||
PY_SSL_VERSION_SSL23);
|
||||
PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",
|
|
@ -1,77 +0,0 @@
|
|||
diff -r -u ./Lib/ssl.py ../Python-2.6.8/Lib/ssl.py
|
||||
--- ./Lib/ssl.py 2012-04-11 00:32:06.000000000 +0900
|
||||
+++ ../Python-2.6.8/Lib/ssl.py 2013-05-08 19:44:49.000000000 +0900
|
||||
@@ -61,7 +61,19 @@
|
||||
|
||||
from _ssl import SSLError
|
||||
from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
|
||||
-from _ssl import PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
|
||||
+from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
|
||||
+_PROTOCOL_NAMES = {
|
||||
+ PROTOCOL_TLSv1: "TLSv1",
|
||||
+ PROTOCOL_SSLv23: "SSLv23",
|
||||
+ PROTOCOL_SSLv3: "SSLv3",
|
||||
+}
|
||||
+try:
|
||||
+ from _ssl import PROTOCOL_SSLv2
|
||||
+ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2
|
||||
+except ImportError:
|
||||
+ _SSLv2_IF_EXISTS = None
|
||||
+else:
|
||||
+ _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2"
|
||||
from _ssl import RAND_status, RAND_egd, RAND_add
|
||||
from _ssl import \
|
||||
SSL_ERROR_ZERO_RETURN, \
|
||||
@@ -402,16 +414,7 @@
|
||||
return DER_cert_to_PEM_cert(dercert)
|
||||
|
||||
def get_protocol_name(protocol_code):
|
||||
- if protocol_code == PROTOCOL_TLSv1:
|
||||
- return "TLSv1"
|
||||
- elif protocol_code == PROTOCOL_SSLv23:
|
||||
- return "SSLv23"
|
||||
- elif protocol_code == PROTOCOL_SSLv2:
|
||||
- return "SSLv2"
|
||||
- elif protocol_code == PROTOCOL_SSLv3:
|
||||
- return "SSLv3"
|
||||
- else:
|
||||
- return "<unknown>"
|
||||
+ return _PROTOCOL_NAMES.get(protocol_code, '<unknown>')
|
||||
|
||||
|
||||
# a replacement for the old socket.ssl function
|
||||
diff -r -u ./Modules/_ssl.c ../Python-2.6.8/Modules/_ssl.c
|
||||
--- ./Modules/_ssl.c 2012-04-11 00:32:09.000000000 +0900
|
||||
+++ ../Python-2.6.8/Modules/_ssl.c 2013-05-08 17:34:38.000000000 +0900
|
||||
@@ -62,7 +62,9 @@
|
||||
};
|
||||
|
||||
enum py_ssl_version {
|
||||
+#ifndef OPENSSL_NO_SSL2
|
||||
PY_SSL_VERSION_SSL2,
|
||||
+#endif
|
||||
PY_SSL_VERSION_SSL3,
|
||||
PY_SSL_VERSION_SSL23,
|
||||
PY_SSL_VERSION_TLS1
|
||||
@@ -302,8 +304,10 @@
|
||||
self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
|
||||
else if (proto_version == PY_SSL_VERSION_SSL3)
|
||||
self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
|
||||
+#ifndef OPENSSL_NO_SSL2
|
||||
else if (proto_version == PY_SSL_VERSION_SSL2)
|
||||
self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
|
||||
+#endif
|
||||
else if (proto_version == PY_SSL_VERSION_SSL23)
|
||||
self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
|
||||
PySSL_END_ALLOW_THREADS
|
||||
@@ -1688,8 +1692,10 @@
|
||||
PY_SSL_CERT_REQUIRED);
|
||||
|
||||
/* protocol versions */
|
||||
+#ifndef OPENSSL_NO_SSL2
|
||||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
|
||||
PY_SSL_VERSION_SSL2);
|
||||
+#endif
|
||||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
|
||||
PY_SSL_VERSION_SSL3);
|
||||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
|
|
@ -0,0 +1,95 @@
|
|||
diff -r -u ../Python-2.6.8.orig/Lib/ssl.py ./Lib/ssl.py
|
||||
--- ../Python-2.6.8.orig/Lib/ssl.py 2012-04-10 15:32:06.000000000 +0000
|
||||
+++ ./Lib/ssl.py 2015-12-18 14:46:36.487188331 +0000
|
||||
@@ -61,18 +61,24 @@
|
||||
|
||||
from _ssl import SSLError
|
||||
from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
|
||||
-from _ssl import PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
|
||||
-from _ssl import RAND_status, RAND_egd, RAND_add
|
||||
-from _ssl import \
|
||||
- SSL_ERROR_ZERO_RETURN, \
|
||||
- SSL_ERROR_WANT_READ, \
|
||||
- SSL_ERROR_WANT_WRITE, \
|
||||
- SSL_ERROR_WANT_X509_LOOKUP, \
|
||||
- SSL_ERROR_SYSCALL, \
|
||||
- SSL_ERROR_SSL, \
|
||||
- SSL_ERROR_WANT_CONNECT, \
|
||||
- SSL_ERROR_EOF, \
|
||||
- SSL_ERROR_INVALID_ERROR_CODE
|
||||
+from _ssl import RAND_status, RAND_add
|
||||
+try:
|
||||
+ from _ssl import RAND_egd
|
||||
+except ImportError:
|
||||
+ # LibreSSL does not provide RAND_egd
|
||||
+ pass
|
||||
+
|
||||
+def _import_symbols(prefix):
|
||||
+ for n in dir(_ssl):
|
||||
+ if n.startswith(prefix):
|
||||
+ globals()[n] = getattr(_ssl, n)
|
||||
+
|
||||
+_import_symbols('OP_')
|
||||
+_import_symbols('ALERT_DESCRIPTION_')
|
||||
+_import_symbols('SSL_ERROR_')
|
||||
+_import_symbols('PROTOCOL_')
|
||||
+
|
||||
+_PROTOCOL_NAMES = dict([(value, name) for name, value in globals().items() if name.startswith('PROTOCOL_')])
|
||||
|
||||
from socket import socket, _fileobject, _delegate_methods
|
||||
from socket import error as socket_error
|
||||
@@ -382,7 +388,7 @@
|
||||
d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
|
||||
return base64.decodestring(d)
|
||||
|
||||
-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
|
||||
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
|
||||
|
||||
"""Retrieve the certificate from the server at the specified address,
|
||||
and return it as a PEM-encoded string.
|
||||
diff -r -u ../Python-2.6.8.orig/Modules/_ssl.c ./Modules/_ssl.c
|
||||
--- ../Python-2.6.8.orig/Modules/_ssl.c 2012-04-10 15:32:09.000000000 +0000
|
||||
+++ ./Modules/_ssl.c 2015-12-18 14:45:30.419597074 +0000
|
||||
@@ -62,8 +62,12 @@
|
||||
};
|
||||
|
||||
enum py_ssl_version {
|
||||
+#ifndef OPENSSL_NO_SSL2
|
||||
PY_SSL_VERSION_SSL2,
|
||||
+#endif
|
||||
+#ifndef OPENSSL_NO_SSL3
|
||||
PY_SSL_VERSION_SSL3,
|
||||
+#endif
|
||||
PY_SSL_VERSION_SSL23,
|
||||
PY_SSL_VERSION_TLS1
|
||||
};
|
||||
@@ -300,10 +304,14 @@
|
||||
PySSL_BEGIN_ALLOW_THREADS
|
||||
if (proto_version == PY_SSL_VERSION_TLS1)
|
||||
self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
|
||||
+#ifndef OPENSSL_NO_SSL3
|
||||
else if (proto_version == PY_SSL_VERSION_SSL3)
|
||||
self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
|
||||
+#endif
|
||||
+#ifndef OPENSSL_NO_SSL2
|
||||
else if (proto_version == PY_SSL_VERSION_SSL2)
|
||||
self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
|
||||
+#endif
|
||||
else if (proto_version == PY_SSL_VERSION_SSL23)
|
||||
self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
|
||||
PySSL_END_ALLOW_THREADS
|
||||
@@ -1688,10 +1696,14 @@
|
||||
PY_SSL_CERT_REQUIRED);
|
||||
|
||||
/* protocol versions */
|
||||
+#ifndef OPENSSL_NO_SSL2
|
||||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
|
||||
PY_SSL_VERSION_SSL2);
|
||||
+#endif
|
||||
+#ifndef OPENSSL_NO_SSL3
|
||||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
|
||||
PY_SSL_VERSION_SSL3);
|
||||
+#endif
|
||||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
|
||||
PY_SSL_VERSION_SSL23);
|
||||
PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",
|
Loading…
Reference in a new issue