mirror of
https://github.com/pyenv/pyenv.git
synced 2024-11-21 20:47:00 -05:00
Add OPENSSL_NO_SSL3 patch for 2.7.2
This commit is contained in:
Yamashita, Yuu
parent
5f0056886a
commit
659e532701
2 changed files with 98 additions and 13 deletions
|
|
@ -1,13 +0,0 @@
|
||||||
--- Modules/_ssl.c.orig 2015-12-06 09:38:40.581734108 -0500
|
|
||||||
+++ Modules/_ssl.c 2015-12-06 09:40:29.953991951 -0500
|
|
||||||
@@ -302,8 +302,10 @@
|
|
||||||
PySSL_BEGIN_ALLOW_THREADS
|
|
||||||
if (proto_version == PY_SSL_VERSION_TLS1)
|
|
||||||
self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
|
|
||||||
+#ifndef OPENSSL_NO_SSL3
|
|
||||||
else if (proto_version == PY_SSL_VERSION_SSL3)
|
|
||||||
self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
|
|
||||||
+#endif
|
|
||||||
#ifndef OPENSSL_NO_SSL2
|
|
||||||
else if (proto_version == PY_SSL_VERSION_SSL2)
|
|
||||||
self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
|
|
||||||
|
|
@ -0,0 +1,98 @@
|
||||||
|
diff -r -u ../Python-2.7.2.orig/Lib/ssl.py ./Lib/ssl.py
|
||||||
|
--- ../Python-2.7.2.orig/Lib/ssl.py 2011-06-11 15:46:25.000000000 +0000
|
||||||
|
+++ ./Lib/ssl.py 2015-12-18 13:55:37.444270735 +0000
|
||||||
|
@@ -62,29 +62,29 @@
|
||||||
|
from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION
|
||||||
|
from _ssl import SSLError
|
||||||
|
from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
|
||||||
|
-from _ssl import RAND_status, RAND_egd, RAND_add
|
||||||
|
-from _ssl import \
|
||||||
|
- SSL_ERROR_ZERO_RETURN, \
|
||||||
|
- SSL_ERROR_WANT_READ, \
|
||||||
|
- SSL_ERROR_WANT_WRITE, \
|
||||||
|
- SSL_ERROR_WANT_X509_LOOKUP, \
|
||||||
|
- SSL_ERROR_SYSCALL, \
|
||||||
|
- SSL_ERROR_SSL, \
|
||||||
|
- SSL_ERROR_WANT_CONNECT, \
|
||||||
|
- SSL_ERROR_EOF, \
|
||||||
|
- SSL_ERROR_INVALID_ERROR_CODE
|
||||||
|
-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
|
||||||
|
-_PROTOCOL_NAMES = {
|
||||||
|
- PROTOCOL_TLSv1: "TLSv1",
|
||||||
|
- PROTOCOL_SSLv23: "SSLv23",
|
||||||
|
- PROTOCOL_SSLv3: "SSLv3",
|
||||||
|
-}
|
||||||
|
+from _ssl import RAND_status, RAND_add
|
||||||
|
try:
|
||||||
|
- from _ssl import PROTOCOL_SSLv2
|
||||||
|
+ from _ssl import RAND_egd
|
||||||
|
except ImportError:
|
||||||
|
+ # LibreSSL does not provide RAND_egd
|
||||||
|
pass
|
||||||
|
-else:
|
||||||
|
- _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2"
|
||||||
|
+
|
||||||
|
+def _import_symbols(prefix):
|
||||||
|
+ for n in dir(_ssl):
|
||||||
|
+ if n.startswith(prefix):
|
||||||
|
+ globals()[n] = getattr(_ssl, n)
|
||||||
|
+
|
||||||
|
+_import_symbols('OP_')
|
||||||
|
+_import_symbols('ALERT_DESCRIPTION_')
|
||||||
|
+_import_symbols('SSL_ERROR_')
|
||||||
|
+_import_symbols('PROTOCOL_')
|
||||||
|
+
|
||||||
|
+_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')}
|
||||||
|
+
|
||||||
|
+try:
|
||||||
|
+ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2
|
||||||
|
+except NameError:
|
||||||
|
+ _SSLv2_IF_EXISTS = None
|
||||||
|
|
||||||
|
from socket import socket, _fileobject, _delegate_methods, error as socket_error
|
||||||
|
from socket import getnameinfo as _getnameinfo
|
||||||
|
@@ -416,7 +416,7 @@
|
||||||
|
d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
|
||||||
|
return base64.decodestring(d)
|
||||||
|
|
||||||
|
-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
|
||||||
|
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
|
||||||
|
|
||||||
|
"""Retrieve the certificate from the server at the specified address,
|
||||||
|
and return it as a PEM-encoded string.
|
||||||
|
diff -r -u ../Python-2.7.2.orig/Modules/_ssl.c ./Modules/_ssl.c
|
||||||
|
--- ../Python-2.7.2.orig/Modules/_ssl.c 2011-06-11 15:46:27.000000000 +0000
|
||||||
|
+++ ./Modules/_ssl.c 2015-12-18 13:49:22.254728756 +0000
|
||||||
|
@@ -65,7 +65,9 @@
|
||||||
|
#ifndef OPENSSL_NO_SSL2
|
||||||
|
PY_SSL_VERSION_SSL2,
|
||||||
|
#endif
|
||||||
|
+#ifndef OPENSSL_NO_SSL3
|
||||||
|
PY_SSL_VERSION_SSL3=1,
|
||||||
|
+#endif
|
||||||
|
PY_SSL_VERSION_SSL23,
|
||||||
|
PY_SSL_VERSION_TLS1
|
||||||
|
};
|
||||||
|
@@ -302,8 +304,10 @@
|
||||||
|
PySSL_BEGIN_ALLOW_THREADS
|
||||||
|
if (proto_version == PY_SSL_VERSION_TLS1)
|
||||||
|
self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
|
||||||
|
+#ifndef OPENSSL_NO_SSL3
|
||||||
|
else if (proto_version == PY_SSL_VERSION_SSL3)
|
||||||
|
self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
|
||||||
|
+#endif
|
||||||
|
#ifndef OPENSSL_NO_SSL2
|
||||||
|
else if (proto_version == PY_SSL_VERSION_SSL2)
|
||||||
|
self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
|
||||||
|
@@ -1716,8 +1720,10 @@
|
||||||
|
PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
|
||||||
|
PY_SSL_VERSION_SSL2);
|
||||||
|
#endif
|
||||||
|
+#ifndef OPENSSL_NO_SSL3
|
||||||
|
PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
|
||||||
|
PY_SSL_VERSION_SSL3);
|
||||||
|
+#endif
|
||||||
|
PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
|
||||||
|
PY_SSL_VERSION_SSL23);
|
||||||
|
PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",
|
||||||
|
Only in ./Modules: _ssl.c.orig
|
||||||
Loading…
Reference in a new issue