mirror of
https://github.com/pyenv/pyenv.git
synced 2024-12-22 20:44:13 +00:00
Add OPENSSL_NO_SSL3
patch for 3.4.x
This commit is contained in:
parent
d6e0120cc8
commit
526fa03968
3 changed files with 216 additions and 0 deletions
|
@ -0,0 +1,72 @@
|
|||
diff -r -u ../Python-3.4.2.orig/Lib/ssl.py ./Lib/ssl.py
|
||||
--- ../Python-3.4.2.orig/Lib/ssl.py 2014-10-08 08:18:12.000000000 +0000
|
||||
+++ ./Lib/ssl.py 2015-12-18 13:34:24.530051626 +0000
|
||||
@@ -106,7 +106,12 @@
|
||||
from _ssl import (VERIFY_DEFAULT, VERIFY_CRL_CHECK_LEAF, VERIFY_CRL_CHECK_CHAIN,
|
||||
VERIFY_X509_STRICT)
|
||||
from _ssl import txt2obj as _txt2obj, nid2obj as _nid2obj
|
||||
-from _ssl import RAND_status, RAND_egd, RAND_add, RAND_bytes, RAND_pseudo_bytes
|
||||
+from _ssl import RAND_status, RAND_add, RAND_bytes, RAND_pseudo_bytes
|
||||
+try:
|
||||
+ from _ssl import RAND_egd
|
||||
+except ImportError:
|
||||
+ # LibreSSL does not provide RAND_egd
|
||||
+ pass
|
||||
|
||||
def _import_symbols(prefix):
|
||||
for n in dir(_ssl):
|
||||
@@ -116,18 +121,14 @@
|
||||
_import_symbols('OP_')
|
||||
_import_symbols('ALERT_DESCRIPTION_')
|
||||
_import_symbols('SSL_ERROR_')
|
||||
+_import_symbols('PROTOCOL_')
|
||||
|
||||
from _ssl import HAS_SNI, HAS_ECDH, HAS_NPN
|
||||
|
||||
-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
|
||||
from _ssl import _OPENSSL_API_VERSION
|
||||
|
||||
|
||||
-_PROTOCOL_NAMES = {
|
||||
- PROTOCOL_TLSv1: "TLSv1",
|
||||
- PROTOCOL_SSLv23: "SSLv23",
|
||||
- PROTOCOL_SSLv3: "SSLv3",
|
||||
-}
|
||||
+_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')}
|
||||
try:
|
||||
from _ssl import PROTOCOL_SSLv2
|
||||
_SSLv2_IF_EXISTS = PROTOCOL_SSLv2
|
||||
@@ -922,7 +923,7 @@
|
||||
d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
|
||||
return base64.decodebytes(d.encode('ASCII', 'strict'))
|
||||
|
||||
-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
|
||||
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
|
||||
"""Retrieve the certificate from the server at the specified address,
|
||||
and return it as a PEM-encoded string.
|
||||
If 'ca_certs' is specified, validate the server cert against it.
|
||||
diff -r -u ../Python-3.4.2.orig/Modules/_ssl.c ./Modules/_ssl.c
|
||||
--- ../Python-3.4.2.orig/Modules/_ssl.c 2014-10-08 08:18:15.000000000 +0000
|
||||
+++ ./Modules/_ssl.c 2015-12-18 13:32:44.967611074 +0000
|
||||
@@ -2016,8 +2016,10 @@
|
||||
else if (proto_version == PY_SSL_VERSION_TLS1_2)
|
||||
ctx = SSL_CTX_new(TLSv1_2_method());
|
||||
#endif
|
||||
+#ifndef OPENSSL_NO_SSL3
|
||||
else if (proto_version == PY_SSL_VERSION_SSL3)
|
||||
ctx = SSL_CTX_new(SSLv3_method());
|
||||
+#endif
|
||||
#ifndef OPENSSL_NO_SSL2
|
||||
else if (proto_version == PY_SSL_VERSION_SSL2)
|
||||
ctx = SSL_CTX_new(SSLv2_method());
|
||||
@@ -4071,8 +4073,10 @@
|
||||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
|
||||
PY_SSL_VERSION_SSL2);
|
||||
#endif
|
||||
+#ifndef OPENSSL_NO_SSL3
|
||||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
|
||||
PY_SSL_VERSION_SSL3);
|
||||
+#endif
|
||||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
|
||||
PY_SSL_VERSION_SSL23);
|
||||
PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",
|
|
@ -0,0 +1,72 @@
|
|||
diff -r -u ../Python-3.4.2.orig/Lib/ssl.py ./Lib/ssl.py
|
||||
--- ../Python-3.4.2.orig/Lib/ssl.py 2014-10-08 08:18:12.000000000 +0000
|
||||
+++ ./Lib/ssl.py 2015-12-18 13:34:24.530051626 +0000
|
||||
@@ -106,7 +106,12 @@
|
||||
from _ssl import (VERIFY_DEFAULT, VERIFY_CRL_CHECK_LEAF, VERIFY_CRL_CHECK_CHAIN,
|
||||
VERIFY_X509_STRICT)
|
||||
from _ssl import txt2obj as _txt2obj, nid2obj as _nid2obj
|
||||
-from _ssl import RAND_status, RAND_egd, RAND_add, RAND_bytes, RAND_pseudo_bytes
|
||||
+from _ssl import RAND_status, RAND_add, RAND_bytes, RAND_pseudo_bytes
|
||||
+try:
|
||||
+ from _ssl import RAND_egd
|
||||
+except ImportError:
|
||||
+ # LibreSSL does not provide RAND_egd
|
||||
+ pass
|
||||
|
||||
def _import_symbols(prefix):
|
||||
for n in dir(_ssl):
|
||||
@@ -116,18 +121,14 @@
|
||||
_import_symbols('OP_')
|
||||
_import_symbols('ALERT_DESCRIPTION_')
|
||||
_import_symbols('SSL_ERROR_')
|
||||
+_import_symbols('PROTOCOL_')
|
||||
|
||||
from _ssl import HAS_SNI, HAS_ECDH, HAS_NPN
|
||||
|
||||
-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
|
||||
from _ssl import _OPENSSL_API_VERSION
|
||||
|
||||
|
||||
-_PROTOCOL_NAMES = {
|
||||
- PROTOCOL_TLSv1: "TLSv1",
|
||||
- PROTOCOL_SSLv23: "SSLv23",
|
||||
- PROTOCOL_SSLv3: "SSLv3",
|
||||
-}
|
||||
+_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')}
|
||||
try:
|
||||
from _ssl import PROTOCOL_SSLv2
|
||||
_SSLv2_IF_EXISTS = PROTOCOL_SSLv2
|
||||
@@ -922,7 +923,7 @@
|
||||
d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
|
||||
return base64.decodebytes(d.encode('ASCII', 'strict'))
|
||||
|
||||
-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
|
||||
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
|
||||
"""Retrieve the certificate from the server at the specified address,
|
||||
and return it as a PEM-encoded string.
|
||||
If 'ca_certs' is specified, validate the server cert against it.
|
||||
diff -r -u ../Python-3.4.2.orig/Modules/_ssl.c ./Modules/_ssl.c
|
||||
--- ../Python-3.4.2.orig/Modules/_ssl.c 2014-10-08 08:18:15.000000000 +0000
|
||||
+++ ./Modules/_ssl.c 2015-12-18 13:32:44.967611074 +0000
|
||||
@@ -2016,8 +2016,10 @@
|
||||
else if (proto_version == PY_SSL_VERSION_TLS1_2)
|
||||
ctx = SSL_CTX_new(TLSv1_2_method());
|
||||
#endif
|
||||
+#ifndef OPENSSL_NO_SSL3
|
||||
else if (proto_version == PY_SSL_VERSION_SSL3)
|
||||
ctx = SSL_CTX_new(SSLv3_method());
|
||||
+#endif
|
||||
#ifndef OPENSSL_NO_SSL2
|
||||
else if (proto_version == PY_SSL_VERSION_SSL2)
|
||||
ctx = SSL_CTX_new(SSLv2_method());
|
||||
@@ -4071,8 +4073,10 @@
|
||||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
|
||||
PY_SSL_VERSION_SSL2);
|
||||
#endif
|
||||
+#ifndef OPENSSL_NO_SSL3
|
||||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
|
||||
PY_SSL_VERSION_SSL3);
|
||||
+#endif
|
||||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
|
||||
PY_SSL_VERSION_SSL23);
|
||||
PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",
|
|
@ -0,0 +1,72 @@
|
|||
diff -r -u ../Python-3.4.2.orig/Lib/ssl.py ./Lib/ssl.py
|
||||
--- ../Python-3.4.2.orig/Lib/ssl.py 2014-10-08 08:18:12.000000000 +0000
|
||||
+++ ./Lib/ssl.py 2015-12-18 13:34:24.530051626 +0000
|
||||
@@ -106,7 +106,12 @@
|
||||
from _ssl import (VERIFY_DEFAULT, VERIFY_CRL_CHECK_LEAF, VERIFY_CRL_CHECK_CHAIN,
|
||||
VERIFY_X509_STRICT)
|
||||
from _ssl import txt2obj as _txt2obj, nid2obj as _nid2obj
|
||||
-from _ssl import RAND_status, RAND_egd, RAND_add, RAND_bytes, RAND_pseudo_bytes
|
||||
+from _ssl import RAND_status, RAND_add, RAND_bytes, RAND_pseudo_bytes
|
||||
+try:
|
||||
+ from _ssl import RAND_egd
|
||||
+except ImportError:
|
||||
+ # LibreSSL does not provide RAND_egd
|
||||
+ pass
|
||||
|
||||
def _import_symbols(prefix):
|
||||
for n in dir(_ssl):
|
||||
@@ -116,18 +121,14 @@
|
||||
_import_symbols('OP_')
|
||||
_import_symbols('ALERT_DESCRIPTION_')
|
||||
_import_symbols('SSL_ERROR_')
|
||||
+_import_symbols('PROTOCOL_')
|
||||
|
||||
from _ssl import HAS_SNI, HAS_ECDH, HAS_NPN
|
||||
|
||||
-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
|
||||
from _ssl import _OPENSSL_API_VERSION
|
||||
|
||||
|
||||
-_PROTOCOL_NAMES = {
|
||||
- PROTOCOL_TLSv1: "TLSv1",
|
||||
- PROTOCOL_SSLv23: "SSLv23",
|
||||
- PROTOCOL_SSLv3: "SSLv3",
|
||||
-}
|
||||
+_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')}
|
||||
try:
|
||||
from _ssl import PROTOCOL_SSLv2
|
||||
_SSLv2_IF_EXISTS = PROTOCOL_SSLv2
|
||||
@@ -922,7 +923,7 @@
|
||||
d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
|
||||
return base64.decodebytes(d.encode('ASCII', 'strict'))
|
||||
|
||||
-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
|
||||
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
|
||||
"""Retrieve the certificate from the server at the specified address,
|
||||
and return it as a PEM-encoded string.
|
||||
If 'ca_certs' is specified, validate the server cert against it.
|
||||
diff -r -u ../Python-3.4.2.orig/Modules/_ssl.c ./Modules/_ssl.c
|
||||
--- ../Python-3.4.2.orig/Modules/_ssl.c 2014-10-08 08:18:15.000000000 +0000
|
||||
+++ ./Modules/_ssl.c 2015-12-18 13:32:44.967611074 +0000
|
||||
@@ -2016,8 +2016,10 @@
|
||||
else if (proto_version == PY_SSL_VERSION_TLS1_2)
|
||||
ctx = SSL_CTX_new(TLSv1_2_method());
|
||||
#endif
|
||||
+#ifndef OPENSSL_NO_SSL3
|
||||
else if (proto_version == PY_SSL_VERSION_SSL3)
|
||||
ctx = SSL_CTX_new(SSLv3_method());
|
||||
+#endif
|
||||
#ifndef OPENSSL_NO_SSL2
|
||||
else if (proto_version == PY_SSL_VERSION_SSL2)
|
||||
ctx = SSL_CTX_new(SSLv2_method());
|
||||
@@ -4071,8 +4073,10 @@
|
||||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
|
||||
PY_SSL_VERSION_SSL2);
|
||||
#endif
|
||||
+#ifndef OPENSSL_NO_SSL3
|
||||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
|
||||
PY_SSL_VERSION_SSL3);
|
||||
+#endif
|
||||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
|
||||
PY_SSL_VERSION_SSL23);
|
||||
PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",
|
Loading…
Reference in a new issue