From 526fa0396812509256c7f81f473c9d6fcd5076ae Mon Sep 17 00:00:00 2001 From: "Yamashita, Yuu" Date: Fri, 18 Dec 2015 11:47:37 +0000 Subject: [PATCH 1/8] Add `OPENSSL_NO_SSL3` patch for 3.4.x --- .../3.4.0/Python-3.4.0/010_ssl_no_ssl3.patch | 72 +++++++++++++++++++ .../3.4.1/Python-3.4.1/010_ssl_no_ssl3.patch | 72 +++++++++++++++++++ .../3.4.2/Python-3.4.2/010_ssl_no_ssl3.patch | 72 +++++++++++++++++++ 3 files changed, 216 insertions(+) create mode 100644 plugins/python-build/share/python-build/patches/3.4.0/Python-3.4.0/010_ssl_no_ssl3.patch create mode 100644 plugins/python-build/share/python-build/patches/3.4.1/Python-3.4.1/010_ssl_no_ssl3.patch create mode 100644 plugins/python-build/share/python-build/patches/3.4.2/Python-3.4.2/010_ssl_no_ssl3.patch diff --git a/plugins/python-build/share/python-build/patches/3.4.0/Python-3.4.0/010_ssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/3.4.0/Python-3.4.0/010_ssl_no_ssl3.patch new file mode 100644 index 00000000..f66fa460 --- /dev/null +++ b/plugins/python-build/share/python-build/patches/3.4.0/Python-3.4.0/010_ssl_no_ssl3.patch @@ -0,0 +1,72 @@ +diff -r -u ../Python-3.4.2.orig/Lib/ssl.py ./Lib/ssl.py +--- ../Python-3.4.2.orig/Lib/ssl.py 2014-10-08 08:18:12.000000000 +0000 ++++ ./Lib/ssl.py 2015-12-18 13:34:24.530051626 +0000 +@@ -106,7 +106,12 @@ + from _ssl import (VERIFY_DEFAULT, VERIFY_CRL_CHECK_LEAF, VERIFY_CRL_CHECK_CHAIN, + VERIFY_X509_STRICT) + from _ssl import txt2obj as _txt2obj, nid2obj as _nid2obj +-from _ssl import RAND_status, RAND_egd, RAND_add, RAND_bytes, RAND_pseudo_bytes ++from _ssl import RAND_status, RAND_add, RAND_bytes, RAND_pseudo_bytes ++try: ++ from _ssl import RAND_egd ++except ImportError: ++ # LibreSSL does not provide RAND_egd ++ pass + + def _import_symbols(prefix): + for n in dir(_ssl): +@@ -116,18 +121,14 @@ + _import_symbols('OP_') + _import_symbols('ALERT_DESCRIPTION_') + _import_symbols('SSL_ERROR_') ++_import_symbols('PROTOCOL_') + + from _ssl import HAS_SNI, HAS_ECDH, HAS_NPN + +-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 + from _ssl import _OPENSSL_API_VERSION + + +-_PROTOCOL_NAMES = { +- PROTOCOL_TLSv1: "TLSv1", +- PROTOCOL_SSLv23: "SSLv23", +- PROTOCOL_SSLv3: "SSLv3", +-} ++_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} + try: + from _ssl import PROTOCOL_SSLv2 + _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 +@@ -922,7 +923,7 @@ + d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] + return base64.decodebytes(d.encode('ASCII', 'strict')) + +-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): ++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): + """Retrieve the certificate from the server at the specified address, + and return it as a PEM-encoded string. + If 'ca_certs' is specified, validate the server cert against it. +diff -r -u ../Python-3.4.2.orig/Modules/_ssl.c ./Modules/_ssl.c +--- ../Python-3.4.2.orig/Modules/_ssl.c 2014-10-08 08:18:15.000000000 +0000 ++++ ./Modules/_ssl.c 2015-12-18 13:32:44.967611074 +0000 +@@ -2016,8 +2016,10 @@ + else if (proto_version == PY_SSL_VERSION_TLS1_2) + ctx = SSL_CTX_new(TLSv1_2_method()); + #endif ++#ifndef OPENSSL_NO_SSL3 + else if (proto_version == PY_SSL_VERSION_SSL3) + ctx = SSL_CTX_new(SSLv3_method()); ++#endif + #ifndef OPENSSL_NO_SSL2 + else if (proto_version == PY_SSL_VERSION_SSL2) + ctx = SSL_CTX_new(SSLv2_method()); +@@ -4071,8 +4073,10 @@ + PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", + PY_SSL_VERSION_SSL2); + #endif ++#ifndef OPENSSL_NO_SSL3 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", + PY_SSL_VERSION_SSL3); ++#endif + PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", + PY_SSL_VERSION_SSL23); + PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", diff --git a/plugins/python-build/share/python-build/patches/3.4.1/Python-3.4.1/010_ssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/3.4.1/Python-3.4.1/010_ssl_no_ssl3.patch new file mode 100644 index 00000000..f66fa460 --- /dev/null +++ b/plugins/python-build/share/python-build/patches/3.4.1/Python-3.4.1/010_ssl_no_ssl3.patch @@ -0,0 +1,72 @@ +diff -r -u ../Python-3.4.2.orig/Lib/ssl.py ./Lib/ssl.py +--- ../Python-3.4.2.orig/Lib/ssl.py 2014-10-08 08:18:12.000000000 +0000 ++++ ./Lib/ssl.py 2015-12-18 13:34:24.530051626 +0000 +@@ -106,7 +106,12 @@ + from _ssl import (VERIFY_DEFAULT, VERIFY_CRL_CHECK_LEAF, VERIFY_CRL_CHECK_CHAIN, + VERIFY_X509_STRICT) + from _ssl import txt2obj as _txt2obj, nid2obj as _nid2obj +-from _ssl import RAND_status, RAND_egd, RAND_add, RAND_bytes, RAND_pseudo_bytes ++from _ssl import RAND_status, RAND_add, RAND_bytes, RAND_pseudo_bytes ++try: ++ from _ssl import RAND_egd ++except ImportError: ++ # LibreSSL does not provide RAND_egd ++ pass + + def _import_symbols(prefix): + for n in dir(_ssl): +@@ -116,18 +121,14 @@ + _import_symbols('OP_') + _import_symbols('ALERT_DESCRIPTION_') + _import_symbols('SSL_ERROR_') ++_import_symbols('PROTOCOL_') + + from _ssl import HAS_SNI, HAS_ECDH, HAS_NPN + +-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 + from _ssl import _OPENSSL_API_VERSION + + +-_PROTOCOL_NAMES = { +- PROTOCOL_TLSv1: "TLSv1", +- PROTOCOL_SSLv23: "SSLv23", +- PROTOCOL_SSLv3: "SSLv3", +-} ++_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} + try: + from _ssl import PROTOCOL_SSLv2 + _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 +@@ -922,7 +923,7 @@ + d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] + return base64.decodebytes(d.encode('ASCII', 'strict')) + +-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): ++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): + """Retrieve the certificate from the server at the specified address, + and return it as a PEM-encoded string. + If 'ca_certs' is specified, validate the server cert against it. +diff -r -u ../Python-3.4.2.orig/Modules/_ssl.c ./Modules/_ssl.c +--- ../Python-3.4.2.orig/Modules/_ssl.c 2014-10-08 08:18:15.000000000 +0000 ++++ ./Modules/_ssl.c 2015-12-18 13:32:44.967611074 +0000 +@@ -2016,8 +2016,10 @@ + else if (proto_version == PY_SSL_VERSION_TLS1_2) + ctx = SSL_CTX_new(TLSv1_2_method()); + #endif ++#ifndef OPENSSL_NO_SSL3 + else if (proto_version == PY_SSL_VERSION_SSL3) + ctx = SSL_CTX_new(SSLv3_method()); ++#endif + #ifndef OPENSSL_NO_SSL2 + else if (proto_version == PY_SSL_VERSION_SSL2) + ctx = SSL_CTX_new(SSLv2_method()); +@@ -4071,8 +4073,10 @@ + PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", + PY_SSL_VERSION_SSL2); + #endif ++#ifndef OPENSSL_NO_SSL3 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", + PY_SSL_VERSION_SSL3); ++#endif + PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", + PY_SSL_VERSION_SSL23); + PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", diff --git a/plugins/python-build/share/python-build/patches/3.4.2/Python-3.4.2/010_ssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/3.4.2/Python-3.4.2/010_ssl_no_ssl3.patch new file mode 100644 index 00000000..f66fa460 --- /dev/null +++ b/plugins/python-build/share/python-build/patches/3.4.2/Python-3.4.2/010_ssl_no_ssl3.patch @@ -0,0 +1,72 @@ +diff -r -u ../Python-3.4.2.orig/Lib/ssl.py ./Lib/ssl.py +--- ../Python-3.4.2.orig/Lib/ssl.py 2014-10-08 08:18:12.000000000 +0000 ++++ ./Lib/ssl.py 2015-12-18 13:34:24.530051626 +0000 +@@ -106,7 +106,12 @@ + from _ssl import (VERIFY_DEFAULT, VERIFY_CRL_CHECK_LEAF, VERIFY_CRL_CHECK_CHAIN, + VERIFY_X509_STRICT) + from _ssl import txt2obj as _txt2obj, nid2obj as _nid2obj +-from _ssl import RAND_status, RAND_egd, RAND_add, RAND_bytes, RAND_pseudo_bytes ++from _ssl import RAND_status, RAND_add, RAND_bytes, RAND_pseudo_bytes ++try: ++ from _ssl import RAND_egd ++except ImportError: ++ # LibreSSL does not provide RAND_egd ++ pass + + def _import_symbols(prefix): + for n in dir(_ssl): +@@ -116,18 +121,14 @@ + _import_symbols('OP_') + _import_symbols('ALERT_DESCRIPTION_') + _import_symbols('SSL_ERROR_') ++_import_symbols('PROTOCOL_') + + from _ssl import HAS_SNI, HAS_ECDH, HAS_NPN + +-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 + from _ssl import _OPENSSL_API_VERSION + + +-_PROTOCOL_NAMES = { +- PROTOCOL_TLSv1: "TLSv1", +- PROTOCOL_SSLv23: "SSLv23", +- PROTOCOL_SSLv3: "SSLv3", +-} ++_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} + try: + from _ssl import PROTOCOL_SSLv2 + _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 +@@ -922,7 +923,7 @@ + d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] + return base64.decodebytes(d.encode('ASCII', 'strict')) + +-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): ++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): + """Retrieve the certificate from the server at the specified address, + and return it as a PEM-encoded string. + If 'ca_certs' is specified, validate the server cert against it. +diff -r -u ../Python-3.4.2.orig/Modules/_ssl.c ./Modules/_ssl.c +--- ../Python-3.4.2.orig/Modules/_ssl.c 2014-10-08 08:18:15.000000000 +0000 ++++ ./Modules/_ssl.c 2015-12-18 13:32:44.967611074 +0000 +@@ -2016,8 +2016,10 @@ + else if (proto_version == PY_SSL_VERSION_TLS1_2) + ctx = SSL_CTX_new(TLSv1_2_method()); + #endif ++#ifndef OPENSSL_NO_SSL3 + else if (proto_version == PY_SSL_VERSION_SSL3) + ctx = SSL_CTX_new(SSLv3_method()); ++#endif + #ifndef OPENSSL_NO_SSL2 + else if (proto_version == PY_SSL_VERSION_SSL2) + ctx = SSL_CTX_new(SSLv2_method()); +@@ -4071,8 +4073,10 @@ + PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", + PY_SSL_VERSION_SSL2); + #endif ++#ifndef OPENSSL_NO_SSL3 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", + PY_SSL_VERSION_SSL3); ++#endif + PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", + PY_SSL_VERSION_SSL23); + PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", From 6251c3bad503e0bc67b2ff11de61931300bc347e Mon Sep 17 00:00:00 2001 From: "Yamashita, Yuu" Date: Fri, 18 Dec 2015 12:51:51 +0000 Subject: [PATCH 2/8] Add `OPENSSL_NO_SSL3` patch for 3.3.x --- .../3.3.0/Python-3.3.0/010_ssl_no_ssl3.patch | 108 ++++++++++++++++++ .../3.3.1/Python-3.3.1/010_ssl_no_ssl3.patch | 108 ++++++++++++++++++ .../3.3.2/Python-3.3.2/010_ssl_no_ssl3.patch | 108 ++++++++++++++++++ .../3.3.3/Python-3.3.3/010_ssl_no_ssl3.patch | 108 ++++++++++++++++++ .../3.3.4/Python-3.3.4/010_ssl_no_ssl3.patch | 108 ++++++++++++++++++ .../3.3.5/Python-3.3.5/010_ssl_no_ssl3.patch | 108 ++++++++++++++++++ .../3.3.6/Python-3.3.6/010_ssl_no_ssl3.patch | 108 ++++++++++++++++++ 7 files changed, 756 insertions(+) create mode 100644 plugins/python-build/share/python-build/patches/3.3.0/Python-3.3.0/010_ssl_no_ssl3.patch create mode 100644 plugins/python-build/share/python-build/patches/3.3.1/Python-3.3.1/010_ssl_no_ssl3.patch create mode 100644 plugins/python-build/share/python-build/patches/3.3.2/Python-3.3.2/010_ssl_no_ssl3.patch create mode 100644 plugins/python-build/share/python-build/patches/3.3.3/Python-3.3.3/010_ssl_no_ssl3.patch create mode 100644 plugins/python-build/share/python-build/patches/3.3.4/Python-3.3.4/010_ssl_no_ssl3.patch create mode 100644 plugins/python-build/share/python-build/patches/3.3.5/Python-3.3.5/010_ssl_no_ssl3.patch create mode 100644 plugins/python-build/share/python-build/patches/3.3.6/Python-3.3.6/010_ssl_no_ssl3.patch diff --git a/plugins/python-build/share/python-build/patches/3.3.0/Python-3.3.0/010_ssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/3.3.0/Python-3.3.0/010_ssl_no_ssl3.patch new file mode 100644 index 00000000..5860b307 --- /dev/null +++ b/plugins/python-build/share/python-build/patches/3.3.0/Python-3.3.0/010_ssl_no_ssl3.patch @@ -0,0 +1,108 @@ +diff -r -u ../Python-3.3.6.orig/Lib/ssl.py ./Lib/ssl.py +--- ../Python-3.3.6.orig/Lib/ssl.py 2014-10-12 07:03:53.000000000 +0000 ++++ ./Lib/ssl.py 2015-12-18 12:49:03.860983039 +0000 +@@ -66,40 +66,27 @@ + SSLSyscallError, SSLEOFError, + ) + from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED +-from _ssl import ( +- OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1, +- OP_CIPHER_SERVER_PREFERENCE, OP_SINGLE_DH_USE +- ) +-try: +- from _ssl import OP_NO_COMPRESSION +-except ImportError: +- pass ++from _ssl import RAND_status, RAND_add, RAND_bytes, RAND_pseudo_bytes + try: +- from _ssl import OP_SINGLE_ECDH_USE ++ from _ssl import RAND_egd + except ImportError: ++ # LibreSSL does not provide RAND_egd + pass +-from _ssl import RAND_status, RAND_egd, RAND_add, RAND_bytes, RAND_pseudo_bytes +-from _ssl import ( +- SSL_ERROR_ZERO_RETURN, +- SSL_ERROR_WANT_READ, +- SSL_ERROR_WANT_WRITE, +- SSL_ERROR_WANT_X509_LOOKUP, +- SSL_ERROR_SYSCALL, +- SSL_ERROR_SSL, +- SSL_ERROR_WANT_CONNECT, +- SSL_ERROR_EOF, +- SSL_ERROR_INVALID_ERROR_CODE, +- ) ++ ++def _import_symbols(prefix): ++ for n in dir(_ssl): ++ if n.startswith(prefix): ++ globals()[n] = getattr(_ssl, n) ++ ++_import_symbols('OP_') ++_import_symbols('SSL_ERROR_') ++_import_symbols('PROTOCOL_') ++ + from _ssl import HAS_SNI, HAS_ECDH, HAS_NPN +-from _ssl import (PROTOCOL_SSLv3, PROTOCOL_SSLv23, +- PROTOCOL_TLSv1) ++ + from _ssl import _OPENSSL_API_VERSION + +-_PROTOCOL_NAMES = { +- PROTOCOL_TLSv1: "TLSv1", +- PROTOCOL_SSLv23: "SSLv23", +- PROTOCOL_SSLv3: "SSLv3", +-} ++_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} + try: + from _ssl import PROTOCOL_SSLv2 + _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 +@@ -108,6 +95,14 @@ + else: + _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" + ++try: ++ from _ssl import PROTOCOL_TLSv1_1, PROTOCOL_TLSv1_2 ++except ImportError: ++ pass ++else: ++ _PROTOCOL_NAMES[PROTOCOL_TLSv1_1] = "TLSv1.1" ++ _PROTOCOL_NAMES[PROTOCOL_TLSv1_2] = "TLSv1.2" ++ + from socket import getnameinfo as _getnameinfo + from socket import error as socket_error + from socket import socket, AF_INET, SOCK_STREAM, create_connection +@@ -664,7 +659,7 @@ + d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] + return base64.decodebytes(d.encode('ASCII', 'strict')) + +-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): ++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): + """Retrieve the certificate from the server at the specified address, + and return it as a PEM-encoded string. + If 'ca_certs' is specified, validate the server cert against it. +diff -r -u ../Python-3.3.6.orig/Modules/_ssl.c ./Modules/_ssl.c +--- ../Python-3.3.6.orig/Modules/_ssl.c 2014-10-12 07:03:53.000000000 +0000 ++++ ./Modules/_ssl.c 2015-12-18 12:41:01.706137147 +0000 +@@ -1746,8 +1746,10 @@ + PySSL_BEGIN_ALLOW_THREADS + if (proto_version == PY_SSL_VERSION_TLS1) + ctx = SSL_CTX_new(TLSv1_method()); ++#ifndef OPENSSL_NO_SSL3 + else if (proto_version == PY_SSL_VERSION_SSL3) + ctx = SSL_CTX_new(SSLv3_method()); ++#endif + #ifndef OPENSSL_NO_SSL2 + else if (proto_version == PY_SSL_VERSION_SSL2) + ctx = SSL_CTX_new(SSLv2_method()); +@@ -2842,8 +2844,10 @@ + PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", + PY_SSL_VERSION_SSL2); + #endif ++#ifndef OPENSSL_NO_SSL3 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", + PY_SSL_VERSION_SSL3); ++#endif + PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", + PY_SSL_VERSION_SSL23); + PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", diff --git a/plugins/python-build/share/python-build/patches/3.3.1/Python-3.3.1/010_ssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/3.3.1/Python-3.3.1/010_ssl_no_ssl3.patch new file mode 100644 index 00000000..5860b307 --- /dev/null +++ b/plugins/python-build/share/python-build/patches/3.3.1/Python-3.3.1/010_ssl_no_ssl3.patch @@ -0,0 +1,108 @@ +diff -r -u ../Python-3.3.6.orig/Lib/ssl.py ./Lib/ssl.py +--- ../Python-3.3.6.orig/Lib/ssl.py 2014-10-12 07:03:53.000000000 +0000 ++++ ./Lib/ssl.py 2015-12-18 12:49:03.860983039 +0000 +@@ -66,40 +66,27 @@ + SSLSyscallError, SSLEOFError, + ) + from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED +-from _ssl import ( +- OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1, +- OP_CIPHER_SERVER_PREFERENCE, OP_SINGLE_DH_USE +- ) +-try: +- from _ssl import OP_NO_COMPRESSION +-except ImportError: +- pass ++from _ssl import RAND_status, RAND_add, RAND_bytes, RAND_pseudo_bytes + try: +- from _ssl import OP_SINGLE_ECDH_USE ++ from _ssl import RAND_egd + except ImportError: ++ # LibreSSL does not provide RAND_egd + pass +-from _ssl import RAND_status, RAND_egd, RAND_add, RAND_bytes, RAND_pseudo_bytes +-from _ssl import ( +- SSL_ERROR_ZERO_RETURN, +- SSL_ERROR_WANT_READ, +- SSL_ERROR_WANT_WRITE, +- SSL_ERROR_WANT_X509_LOOKUP, +- SSL_ERROR_SYSCALL, +- SSL_ERROR_SSL, +- SSL_ERROR_WANT_CONNECT, +- SSL_ERROR_EOF, +- SSL_ERROR_INVALID_ERROR_CODE, +- ) ++ ++def _import_symbols(prefix): ++ for n in dir(_ssl): ++ if n.startswith(prefix): ++ globals()[n] = getattr(_ssl, n) ++ ++_import_symbols('OP_') ++_import_symbols('SSL_ERROR_') ++_import_symbols('PROTOCOL_') ++ + from _ssl import HAS_SNI, HAS_ECDH, HAS_NPN +-from _ssl import (PROTOCOL_SSLv3, PROTOCOL_SSLv23, +- PROTOCOL_TLSv1) ++ + from _ssl import _OPENSSL_API_VERSION + +-_PROTOCOL_NAMES = { +- PROTOCOL_TLSv1: "TLSv1", +- PROTOCOL_SSLv23: "SSLv23", +- PROTOCOL_SSLv3: "SSLv3", +-} ++_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} + try: + from _ssl import PROTOCOL_SSLv2 + _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 +@@ -108,6 +95,14 @@ + else: + _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" + ++try: ++ from _ssl import PROTOCOL_TLSv1_1, PROTOCOL_TLSv1_2 ++except ImportError: ++ pass ++else: ++ _PROTOCOL_NAMES[PROTOCOL_TLSv1_1] = "TLSv1.1" ++ _PROTOCOL_NAMES[PROTOCOL_TLSv1_2] = "TLSv1.2" ++ + from socket import getnameinfo as _getnameinfo + from socket import error as socket_error + from socket import socket, AF_INET, SOCK_STREAM, create_connection +@@ -664,7 +659,7 @@ + d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] + return base64.decodebytes(d.encode('ASCII', 'strict')) + +-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): ++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): + """Retrieve the certificate from the server at the specified address, + and return it as a PEM-encoded string. + If 'ca_certs' is specified, validate the server cert against it. +diff -r -u ../Python-3.3.6.orig/Modules/_ssl.c ./Modules/_ssl.c +--- ../Python-3.3.6.orig/Modules/_ssl.c 2014-10-12 07:03:53.000000000 +0000 ++++ ./Modules/_ssl.c 2015-12-18 12:41:01.706137147 +0000 +@@ -1746,8 +1746,10 @@ + PySSL_BEGIN_ALLOW_THREADS + if (proto_version == PY_SSL_VERSION_TLS1) + ctx = SSL_CTX_new(TLSv1_method()); ++#ifndef OPENSSL_NO_SSL3 + else if (proto_version == PY_SSL_VERSION_SSL3) + ctx = SSL_CTX_new(SSLv3_method()); ++#endif + #ifndef OPENSSL_NO_SSL2 + else if (proto_version == PY_SSL_VERSION_SSL2) + ctx = SSL_CTX_new(SSLv2_method()); +@@ -2842,8 +2844,10 @@ + PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", + PY_SSL_VERSION_SSL2); + #endif ++#ifndef OPENSSL_NO_SSL3 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", + PY_SSL_VERSION_SSL3); ++#endif + PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", + PY_SSL_VERSION_SSL23); + PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", diff --git a/plugins/python-build/share/python-build/patches/3.3.2/Python-3.3.2/010_ssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/3.3.2/Python-3.3.2/010_ssl_no_ssl3.patch new file mode 100644 index 00000000..5860b307 --- /dev/null +++ b/plugins/python-build/share/python-build/patches/3.3.2/Python-3.3.2/010_ssl_no_ssl3.patch @@ -0,0 +1,108 @@ +diff -r -u ../Python-3.3.6.orig/Lib/ssl.py ./Lib/ssl.py +--- ../Python-3.3.6.orig/Lib/ssl.py 2014-10-12 07:03:53.000000000 +0000 ++++ ./Lib/ssl.py 2015-12-18 12:49:03.860983039 +0000 +@@ -66,40 +66,27 @@ + SSLSyscallError, SSLEOFError, + ) + from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED +-from _ssl import ( +- OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1, +- OP_CIPHER_SERVER_PREFERENCE, OP_SINGLE_DH_USE +- ) +-try: +- from _ssl import OP_NO_COMPRESSION +-except ImportError: +- pass ++from _ssl import RAND_status, RAND_add, RAND_bytes, RAND_pseudo_bytes + try: +- from _ssl import OP_SINGLE_ECDH_USE ++ from _ssl import RAND_egd + except ImportError: ++ # LibreSSL does not provide RAND_egd + pass +-from _ssl import RAND_status, RAND_egd, RAND_add, RAND_bytes, RAND_pseudo_bytes +-from _ssl import ( +- SSL_ERROR_ZERO_RETURN, +- SSL_ERROR_WANT_READ, +- SSL_ERROR_WANT_WRITE, +- SSL_ERROR_WANT_X509_LOOKUP, +- SSL_ERROR_SYSCALL, +- SSL_ERROR_SSL, +- SSL_ERROR_WANT_CONNECT, +- SSL_ERROR_EOF, +- SSL_ERROR_INVALID_ERROR_CODE, +- ) ++ ++def _import_symbols(prefix): ++ for n in dir(_ssl): ++ if n.startswith(prefix): ++ globals()[n] = getattr(_ssl, n) ++ ++_import_symbols('OP_') ++_import_symbols('SSL_ERROR_') ++_import_symbols('PROTOCOL_') ++ + from _ssl import HAS_SNI, HAS_ECDH, HAS_NPN +-from _ssl import (PROTOCOL_SSLv3, PROTOCOL_SSLv23, +- PROTOCOL_TLSv1) ++ + from _ssl import _OPENSSL_API_VERSION + +-_PROTOCOL_NAMES = { +- PROTOCOL_TLSv1: "TLSv1", +- PROTOCOL_SSLv23: "SSLv23", +- PROTOCOL_SSLv3: "SSLv3", +-} ++_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} + try: + from _ssl import PROTOCOL_SSLv2 + _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 +@@ -108,6 +95,14 @@ + else: + _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" + ++try: ++ from _ssl import PROTOCOL_TLSv1_1, PROTOCOL_TLSv1_2 ++except ImportError: ++ pass ++else: ++ _PROTOCOL_NAMES[PROTOCOL_TLSv1_1] = "TLSv1.1" ++ _PROTOCOL_NAMES[PROTOCOL_TLSv1_2] = "TLSv1.2" ++ + from socket import getnameinfo as _getnameinfo + from socket import error as socket_error + from socket import socket, AF_INET, SOCK_STREAM, create_connection +@@ -664,7 +659,7 @@ + d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] + return base64.decodebytes(d.encode('ASCII', 'strict')) + +-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): ++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): + """Retrieve the certificate from the server at the specified address, + and return it as a PEM-encoded string. + If 'ca_certs' is specified, validate the server cert against it. +diff -r -u ../Python-3.3.6.orig/Modules/_ssl.c ./Modules/_ssl.c +--- ../Python-3.3.6.orig/Modules/_ssl.c 2014-10-12 07:03:53.000000000 +0000 ++++ ./Modules/_ssl.c 2015-12-18 12:41:01.706137147 +0000 +@@ -1746,8 +1746,10 @@ + PySSL_BEGIN_ALLOW_THREADS + if (proto_version == PY_SSL_VERSION_TLS1) + ctx = SSL_CTX_new(TLSv1_method()); ++#ifndef OPENSSL_NO_SSL3 + else if (proto_version == PY_SSL_VERSION_SSL3) + ctx = SSL_CTX_new(SSLv3_method()); ++#endif + #ifndef OPENSSL_NO_SSL2 + else if (proto_version == PY_SSL_VERSION_SSL2) + ctx = SSL_CTX_new(SSLv2_method()); +@@ -2842,8 +2844,10 @@ + PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", + PY_SSL_VERSION_SSL2); + #endif ++#ifndef OPENSSL_NO_SSL3 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", + PY_SSL_VERSION_SSL3); ++#endif + PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", + PY_SSL_VERSION_SSL23); + PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", diff --git a/plugins/python-build/share/python-build/patches/3.3.3/Python-3.3.3/010_ssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/3.3.3/Python-3.3.3/010_ssl_no_ssl3.patch new file mode 100644 index 00000000..5860b307 --- /dev/null +++ b/plugins/python-build/share/python-build/patches/3.3.3/Python-3.3.3/010_ssl_no_ssl3.patch @@ -0,0 +1,108 @@ +diff -r -u ../Python-3.3.6.orig/Lib/ssl.py ./Lib/ssl.py +--- ../Python-3.3.6.orig/Lib/ssl.py 2014-10-12 07:03:53.000000000 +0000 ++++ ./Lib/ssl.py 2015-12-18 12:49:03.860983039 +0000 +@@ -66,40 +66,27 @@ + SSLSyscallError, SSLEOFError, + ) + from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED +-from _ssl import ( +- OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1, +- OP_CIPHER_SERVER_PREFERENCE, OP_SINGLE_DH_USE +- ) +-try: +- from _ssl import OP_NO_COMPRESSION +-except ImportError: +- pass ++from _ssl import RAND_status, RAND_add, RAND_bytes, RAND_pseudo_bytes + try: +- from _ssl import OP_SINGLE_ECDH_USE ++ from _ssl import RAND_egd + except ImportError: ++ # LibreSSL does not provide RAND_egd + pass +-from _ssl import RAND_status, RAND_egd, RAND_add, RAND_bytes, RAND_pseudo_bytes +-from _ssl import ( +- SSL_ERROR_ZERO_RETURN, +- SSL_ERROR_WANT_READ, +- SSL_ERROR_WANT_WRITE, +- SSL_ERROR_WANT_X509_LOOKUP, +- SSL_ERROR_SYSCALL, +- SSL_ERROR_SSL, +- SSL_ERROR_WANT_CONNECT, +- SSL_ERROR_EOF, +- SSL_ERROR_INVALID_ERROR_CODE, +- ) ++ ++def _import_symbols(prefix): ++ for n in dir(_ssl): ++ if n.startswith(prefix): ++ globals()[n] = getattr(_ssl, n) ++ ++_import_symbols('OP_') ++_import_symbols('SSL_ERROR_') ++_import_symbols('PROTOCOL_') ++ + from _ssl import HAS_SNI, HAS_ECDH, HAS_NPN +-from _ssl import (PROTOCOL_SSLv3, PROTOCOL_SSLv23, +- PROTOCOL_TLSv1) ++ + from _ssl import _OPENSSL_API_VERSION + +-_PROTOCOL_NAMES = { +- PROTOCOL_TLSv1: "TLSv1", +- PROTOCOL_SSLv23: "SSLv23", +- PROTOCOL_SSLv3: "SSLv3", +-} ++_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} + try: + from _ssl import PROTOCOL_SSLv2 + _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 +@@ -108,6 +95,14 @@ + else: + _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" + ++try: ++ from _ssl import PROTOCOL_TLSv1_1, PROTOCOL_TLSv1_2 ++except ImportError: ++ pass ++else: ++ _PROTOCOL_NAMES[PROTOCOL_TLSv1_1] = "TLSv1.1" ++ _PROTOCOL_NAMES[PROTOCOL_TLSv1_2] = "TLSv1.2" ++ + from socket import getnameinfo as _getnameinfo + from socket import error as socket_error + from socket import socket, AF_INET, SOCK_STREAM, create_connection +@@ -664,7 +659,7 @@ + d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] + return base64.decodebytes(d.encode('ASCII', 'strict')) + +-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): ++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): + """Retrieve the certificate from the server at the specified address, + and return it as a PEM-encoded string. + If 'ca_certs' is specified, validate the server cert against it. +diff -r -u ../Python-3.3.6.orig/Modules/_ssl.c ./Modules/_ssl.c +--- ../Python-3.3.6.orig/Modules/_ssl.c 2014-10-12 07:03:53.000000000 +0000 ++++ ./Modules/_ssl.c 2015-12-18 12:41:01.706137147 +0000 +@@ -1746,8 +1746,10 @@ + PySSL_BEGIN_ALLOW_THREADS + if (proto_version == PY_SSL_VERSION_TLS1) + ctx = SSL_CTX_new(TLSv1_method()); ++#ifndef OPENSSL_NO_SSL3 + else if (proto_version == PY_SSL_VERSION_SSL3) + ctx = SSL_CTX_new(SSLv3_method()); ++#endif + #ifndef OPENSSL_NO_SSL2 + else if (proto_version == PY_SSL_VERSION_SSL2) + ctx = SSL_CTX_new(SSLv2_method()); +@@ -2842,8 +2844,10 @@ + PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", + PY_SSL_VERSION_SSL2); + #endif ++#ifndef OPENSSL_NO_SSL3 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", + PY_SSL_VERSION_SSL3); ++#endif + PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", + PY_SSL_VERSION_SSL23); + PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", diff --git a/plugins/python-build/share/python-build/patches/3.3.4/Python-3.3.4/010_ssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/3.3.4/Python-3.3.4/010_ssl_no_ssl3.patch new file mode 100644 index 00000000..5860b307 --- /dev/null +++ b/plugins/python-build/share/python-build/patches/3.3.4/Python-3.3.4/010_ssl_no_ssl3.patch @@ -0,0 +1,108 @@ +diff -r -u ../Python-3.3.6.orig/Lib/ssl.py ./Lib/ssl.py +--- ../Python-3.3.6.orig/Lib/ssl.py 2014-10-12 07:03:53.000000000 +0000 ++++ ./Lib/ssl.py 2015-12-18 12:49:03.860983039 +0000 +@@ -66,40 +66,27 @@ + SSLSyscallError, SSLEOFError, + ) + from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED +-from _ssl import ( +- OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1, +- OP_CIPHER_SERVER_PREFERENCE, OP_SINGLE_DH_USE +- ) +-try: +- from _ssl import OP_NO_COMPRESSION +-except ImportError: +- pass ++from _ssl import RAND_status, RAND_add, RAND_bytes, RAND_pseudo_bytes + try: +- from _ssl import OP_SINGLE_ECDH_USE ++ from _ssl import RAND_egd + except ImportError: ++ # LibreSSL does not provide RAND_egd + pass +-from _ssl import RAND_status, RAND_egd, RAND_add, RAND_bytes, RAND_pseudo_bytes +-from _ssl import ( +- SSL_ERROR_ZERO_RETURN, +- SSL_ERROR_WANT_READ, +- SSL_ERROR_WANT_WRITE, +- SSL_ERROR_WANT_X509_LOOKUP, +- SSL_ERROR_SYSCALL, +- SSL_ERROR_SSL, +- SSL_ERROR_WANT_CONNECT, +- SSL_ERROR_EOF, +- SSL_ERROR_INVALID_ERROR_CODE, +- ) ++ ++def _import_symbols(prefix): ++ for n in dir(_ssl): ++ if n.startswith(prefix): ++ globals()[n] = getattr(_ssl, n) ++ ++_import_symbols('OP_') ++_import_symbols('SSL_ERROR_') ++_import_symbols('PROTOCOL_') ++ + from _ssl import HAS_SNI, HAS_ECDH, HAS_NPN +-from _ssl import (PROTOCOL_SSLv3, PROTOCOL_SSLv23, +- PROTOCOL_TLSv1) ++ + from _ssl import _OPENSSL_API_VERSION + +-_PROTOCOL_NAMES = { +- PROTOCOL_TLSv1: "TLSv1", +- PROTOCOL_SSLv23: "SSLv23", +- PROTOCOL_SSLv3: "SSLv3", +-} ++_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} + try: + from _ssl import PROTOCOL_SSLv2 + _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 +@@ -108,6 +95,14 @@ + else: + _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" + ++try: ++ from _ssl import PROTOCOL_TLSv1_1, PROTOCOL_TLSv1_2 ++except ImportError: ++ pass ++else: ++ _PROTOCOL_NAMES[PROTOCOL_TLSv1_1] = "TLSv1.1" ++ _PROTOCOL_NAMES[PROTOCOL_TLSv1_2] = "TLSv1.2" ++ + from socket import getnameinfo as _getnameinfo + from socket import error as socket_error + from socket import socket, AF_INET, SOCK_STREAM, create_connection +@@ -664,7 +659,7 @@ + d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] + return base64.decodebytes(d.encode('ASCII', 'strict')) + +-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): ++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): + """Retrieve the certificate from the server at the specified address, + and return it as a PEM-encoded string. + If 'ca_certs' is specified, validate the server cert against it. +diff -r -u ../Python-3.3.6.orig/Modules/_ssl.c ./Modules/_ssl.c +--- ../Python-3.3.6.orig/Modules/_ssl.c 2014-10-12 07:03:53.000000000 +0000 ++++ ./Modules/_ssl.c 2015-12-18 12:41:01.706137147 +0000 +@@ -1746,8 +1746,10 @@ + PySSL_BEGIN_ALLOW_THREADS + if (proto_version == PY_SSL_VERSION_TLS1) + ctx = SSL_CTX_new(TLSv1_method()); ++#ifndef OPENSSL_NO_SSL3 + else if (proto_version == PY_SSL_VERSION_SSL3) + ctx = SSL_CTX_new(SSLv3_method()); ++#endif + #ifndef OPENSSL_NO_SSL2 + else if (proto_version == PY_SSL_VERSION_SSL2) + ctx = SSL_CTX_new(SSLv2_method()); +@@ -2842,8 +2844,10 @@ + PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", + PY_SSL_VERSION_SSL2); + #endif ++#ifndef OPENSSL_NO_SSL3 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", + PY_SSL_VERSION_SSL3); ++#endif + PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", + PY_SSL_VERSION_SSL23); + PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", diff --git a/plugins/python-build/share/python-build/patches/3.3.5/Python-3.3.5/010_ssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/3.3.5/Python-3.3.5/010_ssl_no_ssl3.patch new file mode 100644 index 00000000..5860b307 --- /dev/null +++ b/plugins/python-build/share/python-build/patches/3.3.5/Python-3.3.5/010_ssl_no_ssl3.patch @@ -0,0 +1,108 @@ +diff -r -u ../Python-3.3.6.orig/Lib/ssl.py ./Lib/ssl.py +--- ../Python-3.3.6.orig/Lib/ssl.py 2014-10-12 07:03:53.000000000 +0000 ++++ ./Lib/ssl.py 2015-12-18 12:49:03.860983039 +0000 +@@ -66,40 +66,27 @@ + SSLSyscallError, SSLEOFError, + ) + from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED +-from _ssl import ( +- OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1, +- OP_CIPHER_SERVER_PREFERENCE, OP_SINGLE_DH_USE +- ) +-try: +- from _ssl import OP_NO_COMPRESSION +-except ImportError: +- pass ++from _ssl import RAND_status, RAND_add, RAND_bytes, RAND_pseudo_bytes + try: +- from _ssl import OP_SINGLE_ECDH_USE ++ from _ssl import RAND_egd + except ImportError: ++ # LibreSSL does not provide RAND_egd + pass +-from _ssl import RAND_status, RAND_egd, RAND_add, RAND_bytes, RAND_pseudo_bytes +-from _ssl import ( +- SSL_ERROR_ZERO_RETURN, +- SSL_ERROR_WANT_READ, +- SSL_ERROR_WANT_WRITE, +- SSL_ERROR_WANT_X509_LOOKUP, +- SSL_ERROR_SYSCALL, +- SSL_ERROR_SSL, +- SSL_ERROR_WANT_CONNECT, +- SSL_ERROR_EOF, +- SSL_ERROR_INVALID_ERROR_CODE, +- ) ++ ++def _import_symbols(prefix): ++ for n in dir(_ssl): ++ if n.startswith(prefix): ++ globals()[n] = getattr(_ssl, n) ++ ++_import_symbols('OP_') ++_import_symbols('SSL_ERROR_') ++_import_symbols('PROTOCOL_') ++ + from _ssl import HAS_SNI, HAS_ECDH, HAS_NPN +-from _ssl import (PROTOCOL_SSLv3, PROTOCOL_SSLv23, +- PROTOCOL_TLSv1) ++ + from _ssl import _OPENSSL_API_VERSION + +-_PROTOCOL_NAMES = { +- PROTOCOL_TLSv1: "TLSv1", +- PROTOCOL_SSLv23: "SSLv23", +- PROTOCOL_SSLv3: "SSLv3", +-} ++_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} + try: + from _ssl import PROTOCOL_SSLv2 + _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 +@@ -108,6 +95,14 @@ + else: + _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" + ++try: ++ from _ssl import PROTOCOL_TLSv1_1, PROTOCOL_TLSv1_2 ++except ImportError: ++ pass ++else: ++ _PROTOCOL_NAMES[PROTOCOL_TLSv1_1] = "TLSv1.1" ++ _PROTOCOL_NAMES[PROTOCOL_TLSv1_2] = "TLSv1.2" ++ + from socket import getnameinfo as _getnameinfo + from socket import error as socket_error + from socket import socket, AF_INET, SOCK_STREAM, create_connection +@@ -664,7 +659,7 @@ + d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] + return base64.decodebytes(d.encode('ASCII', 'strict')) + +-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): ++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): + """Retrieve the certificate from the server at the specified address, + and return it as a PEM-encoded string. + If 'ca_certs' is specified, validate the server cert against it. +diff -r -u ../Python-3.3.6.orig/Modules/_ssl.c ./Modules/_ssl.c +--- ../Python-3.3.6.orig/Modules/_ssl.c 2014-10-12 07:03:53.000000000 +0000 ++++ ./Modules/_ssl.c 2015-12-18 12:41:01.706137147 +0000 +@@ -1746,8 +1746,10 @@ + PySSL_BEGIN_ALLOW_THREADS + if (proto_version == PY_SSL_VERSION_TLS1) + ctx = SSL_CTX_new(TLSv1_method()); ++#ifndef OPENSSL_NO_SSL3 + else if (proto_version == PY_SSL_VERSION_SSL3) + ctx = SSL_CTX_new(SSLv3_method()); ++#endif + #ifndef OPENSSL_NO_SSL2 + else if (proto_version == PY_SSL_VERSION_SSL2) + ctx = SSL_CTX_new(SSLv2_method()); +@@ -2842,8 +2844,10 @@ + PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", + PY_SSL_VERSION_SSL2); + #endif ++#ifndef OPENSSL_NO_SSL3 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", + PY_SSL_VERSION_SSL3); ++#endif + PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", + PY_SSL_VERSION_SSL23); + PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", diff --git a/plugins/python-build/share/python-build/patches/3.3.6/Python-3.3.6/010_ssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/3.3.6/Python-3.3.6/010_ssl_no_ssl3.patch new file mode 100644 index 00000000..5860b307 --- /dev/null +++ b/plugins/python-build/share/python-build/patches/3.3.6/Python-3.3.6/010_ssl_no_ssl3.patch @@ -0,0 +1,108 @@ +diff -r -u ../Python-3.3.6.orig/Lib/ssl.py ./Lib/ssl.py +--- ../Python-3.3.6.orig/Lib/ssl.py 2014-10-12 07:03:53.000000000 +0000 ++++ ./Lib/ssl.py 2015-12-18 12:49:03.860983039 +0000 +@@ -66,40 +66,27 @@ + SSLSyscallError, SSLEOFError, + ) + from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED +-from _ssl import ( +- OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1, +- OP_CIPHER_SERVER_PREFERENCE, OP_SINGLE_DH_USE +- ) +-try: +- from _ssl import OP_NO_COMPRESSION +-except ImportError: +- pass ++from _ssl import RAND_status, RAND_add, RAND_bytes, RAND_pseudo_bytes + try: +- from _ssl import OP_SINGLE_ECDH_USE ++ from _ssl import RAND_egd + except ImportError: ++ # LibreSSL does not provide RAND_egd + pass +-from _ssl import RAND_status, RAND_egd, RAND_add, RAND_bytes, RAND_pseudo_bytes +-from _ssl import ( +- SSL_ERROR_ZERO_RETURN, +- SSL_ERROR_WANT_READ, +- SSL_ERROR_WANT_WRITE, +- SSL_ERROR_WANT_X509_LOOKUP, +- SSL_ERROR_SYSCALL, +- SSL_ERROR_SSL, +- SSL_ERROR_WANT_CONNECT, +- SSL_ERROR_EOF, +- SSL_ERROR_INVALID_ERROR_CODE, +- ) ++ ++def _import_symbols(prefix): ++ for n in dir(_ssl): ++ if n.startswith(prefix): ++ globals()[n] = getattr(_ssl, n) ++ ++_import_symbols('OP_') ++_import_symbols('SSL_ERROR_') ++_import_symbols('PROTOCOL_') ++ + from _ssl import HAS_SNI, HAS_ECDH, HAS_NPN +-from _ssl import (PROTOCOL_SSLv3, PROTOCOL_SSLv23, +- PROTOCOL_TLSv1) ++ + from _ssl import _OPENSSL_API_VERSION + +-_PROTOCOL_NAMES = { +- PROTOCOL_TLSv1: "TLSv1", +- PROTOCOL_SSLv23: "SSLv23", +- PROTOCOL_SSLv3: "SSLv3", +-} ++_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} + try: + from _ssl import PROTOCOL_SSLv2 + _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 +@@ -108,6 +95,14 @@ + else: + _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" + ++try: ++ from _ssl import PROTOCOL_TLSv1_1, PROTOCOL_TLSv1_2 ++except ImportError: ++ pass ++else: ++ _PROTOCOL_NAMES[PROTOCOL_TLSv1_1] = "TLSv1.1" ++ _PROTOCOL_NAMES[PROTOCOL_TLSv1_2] = "TLSv1.2" ++ + from socket import getnameinfo as _getnameinfo + from socket import error as socket_error + from socket import socket, AF_INET, SOCK_STREAM, create_connection +@@ -664,7 +659,7 @@ + d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] + return base64.decodebytes(d.encode('ASCII', 'strict')) + +-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): ++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): + """Retrieve the certificate from the server at the specified address, + and return it as a PEM-encoded string. + If 'ca_certs' is specified, validate the server cert against it. +diff -r -u ../Python-3.3.6.orig/Modules/_ssl.c ./Modules/_ssl.c +--- ../Python-3.3.6.orig/Modules/_ssl.c 2014-10-12 07:03:53.000000000 +0000 ++++ ./Modules/_ssl.c 2015-12-18 12:41:01.706137147 +0000 +@@ -1746,8 +1746,10 @@ + PySSL_BEGIN_ALLOW_THREADS + if (proto_version == PY_SSL_VERSION_TLS1) + ctx = SSL_CTX_new(TLSv1_method()); ++#ifndef OPENSSL_NO_SSL3 + else if (proto_version == PY_SSL_VERSION_SSL3) + ctx = SSL_CTX_new(SSLv3_method()); ++#endif + #ifndef OPENSSL_NO_SSL2 + else if (proto_version == PY_SSL_VERSION_SSL2) + ctx = SSL_CTX_new(SSLv2_method()); +@@ -2842,8 +2844,10 @@ + PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", + PY_SSL_VERSION_SSL2); + #endif ++#ifndef OPENSSL_NO_SSL3 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", + PY_SSL_VERSION_SSL3); ++#endif + PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", + PY_SSL_VERSION_SSL23); + PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", From bc322b0238348e6223b0d9ed0c03f2321f2cb351 Mon Sep 17 00:00:00 2001 From: "Yamashita, Yuu" Date: Fri, 18 Dec 2015 14:10:34 +0000 Subject: [PATCH 3/8] Add `OPENSSL_NO_SSL3` patch for 2.7.9 --- .../2.7.9/Python-2.7.9/010_ssl_no_ssl3.patch | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 plugins/python-build/share/python-build/patches/2.7.9/Python-2.7.9/010_ssl_no_ssl3.patch diff --git a/plugins/python-build/share/python-build/patches/2.7.9/Python-2.7.9/010_ssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/2.7.9/Python-2.7.9/010_ssl_no_ssl3.patch new file mode 100644 index 00000000..11156bbd --- /dev/null +++ b/plugins/python-build/share/python-build/patches/2.7.9/Python-2.7.9/010_ssl_no_ssl3.patch @@ -0,0 +1,17 @@ +diff -r -u ../Python-2.7.9.orig/Lib/ssl.py ./Lib/ssl.py +--- ../Python-2.7.9.orig/Lib/ssl.py 2014-12-10 15:59:40.000000000 +0000 ++++ ./Lib/ssl.py 2015-12-18 14:09:51.218138658 +0000 +@@ -106,7 +106,12 @@ + from _ssl import (VERIFY_DEFAULT, VERIFY_CRL_CHECK_LEAF, VERIFY_CRL_CHECK_CHAIN, + VERIFY_X509_STRICT) + from _ssl import txt2obj as _txt2obj, nid2obj as _nid2obj +-from _ssl import RAND_status, RAND_egd, RAND_add ++from _ssl import RAND_status, RAND_add ++try: ++ from _ssl import RAND_egd ++except ImportError: ++ # LibreSSL does not provide RAND_egd ++ pass + + def _import_symbols(prefix): + for n in dir(_ssl): From 5f0056886a82d39f5005cdfe6ac08bafd1008968 Mon Sep 17 00:00:00 2001 From: "Yamashita, Yuu" Date: Fri, 18 Dec 2015 13:14:27 +0000 Subject: [PATCH 4/8] Add `OPENSSL_NO_SSL3` patch for 2.7.3 .. 2.7.8 --- .../Python-2.7.3/004_openssl_no_ssl3.patch | 13 --- .../2.7.3/Python-2.7.3/010_ssl_no_ssl3.patch | 98 +++++++++++++++++++ .../Python-2.7.4/004_openssl_no_ssl3.patch | 13 --- .../2.7.4/Python-2.7.4/010_ssl_no_ssl3.patch | 98 +++++++++++++++++++ .../Python-2.7.5/004_openssl_no_ssl3.patch | 13 --- .../2.7.5/Python-2.7.5/010_ssl_no_ssl3.patch | 98 +++++++++++++++++++ .../Python-2.7.6/004_openssl_no_ssl3.patch | 13 --- .../2.7.6/Python-2.7.6/010_ssl_no_ssl3.patch | 98 +++++++++++++++++++ .../Python-2.7.7/004_openssl_no_ssl3.patch | 13 --- .../2.7.7/Python-2.7.7/010_ssl_no_ssl3.patch | 98 +++++++++++++++++++ .../Python-2.7.8/004_openssl_no_ssl3.patch | 13 --- .../2.7.8/Python-2.7.8/010_ssl_no_ssl3.patch | 98 +++++++++++++++++++ 12 files changed, 588 insertions(+), 78 deletions(-) delete mode 100644 plugins/python-build/share/python-build/patches/2.7.3/Python-2.7.3/004_openssl_no_ssl3.patch create mode 100644 plugins/python-build/share/python-build/patches/2.7.3/Python-2.7.3/010_ssl_no_ssl3.patch delete mode 100644 plugins/python-build/share/python-build/patches/2.7.4/Python-2.7.4/004_openssl_no_ssl3.patch create mode 100644 plugins/python-build/share/python-build/patches/2.7.4/Python-2.7.4/010_ssl_no_ssl3.patch delete mode 100644 plugins/python-build/share/python-build/patches/2.7.5/Python-2.7.5/004_openssl_no_ssl3.patch create mode 100644 plugins/python-build/share/python-build/patches/2.7.5/Python-2.7.5/010_ssl_no_ssl3.patch delete mode 100644 plugins/python-build/share/python-build/patches/2.7.6/Python-2.7.6/004_openssl_no_ssl3.patch create mode 100644 plugins/python-build/share/python-build/patches/2.7.6/Python-2.7.6/010_ssl_no_ssl3.patch delete mode 100644 plugins/python-build/share/python-build/patches/2.7.7/Python-2.7.7/004_openssl_no_ssl3.patch create mode 100644 plugins/python-build/share/python-build/patches/2.7.7/Python-2.7.7/010_ssl_no_ssl3.patch delete mode 100644 plugins/python-build/share/python-build/patches/2.7.8/Python-2.7.8/004_openssl_no_ssl3.patch create mode 100644 plugins/python-build/share/python-build/patches/2.7.8/Python-2.7.8/010_ssl_no_ssl3.patch diff --git a/plugins/python-build/share/python-build/patches/2.7.3/Python-2.7.3/004_openssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/2.7.3/Python-2.7.3/004_openssl_no_ssl3.patch deleted file mode 100644 index 3212d281..00000000 --- a/plugins/python-build/share/python-build/patches/2.7.3/Python-2.7.3/004_openssl_no_ssl3.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- Modules/_ssl.c.orig 2015-12-06 09:38:40.581734108 -0500 -+++ Modules/_ssl.c 2015-12-06 09:40:29.953991951 -0500 -@@ -302,8 +302,10 @@ - PySSL_BEGIN_ALLOW_THREADS - if (proto_version == PY_SSL_VERSION_TLS1) - self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ -+#ifndef OPENSSL_NO_SSL3 - else if (proto_version == PY_SSL_VERSION_SSL3) - self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ -+#endif - #ifndef OPENSSL_NO_SSL2 - else if (proto_version == PY_SSL_VERSION_SSL2) - self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ diff --git a/plugins/python-build/share/python-build/patches/2.7.3/Python-2.7.3/010_ssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/2.7.3/Python-2.7.3/010_ssl_no_ssl3.patch new file mode 100644 index 00000000..8845e45d --- /dev/null +++ b/plugins/python-build/share/python-build/patches/2.7.3/Python-2.7.3/010_ssl_no_ssl3.patch @@ -0,0 +1,98 @@ +diff -r -u ../Python-2.7.8.orig/Lib/ssl.py ./Lib/ssl.py +--- ../Python-2.7.8.orig/Lib/ssl.py 2014-06-30 02:05:31.000000000 +0000 ++++ ./Lib/ssl.py 2015-12-18 14:04:15.266072550 +0000 +@@ -62,30 +62,29 @@ + from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION + from _ssl import SSLError + from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED +-from _ssl import RAND_status, RAND_egd, RAND_add +-from _ssl import \ +- SSL_ERROR_ZERO_RETURN, \ +- SSL_ERROR_WANT_READ, \ +- SSL_ERROR_WANT_WRITE, \ +- SSL_ERROR_WANT_X509_LOOKUP, \ +- SSL_ERROR_SYSCALL, \ +- SSL_ERROR_SSL, \ +- SSL_ERROR_WANT_CONNECT, \ +- SSL_ERROR_EOF, \ +- SSL_ERROR_INVALID_ERROR_CODE +-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 +-_PROTOCOL_NAMES = { +- PROTOCOL_TLSv1: "TLSv1", +- PROTOCOL_SSLv23: "SSLv23", +- PROTOCOL_SSLv3: "SSLv3", +-} ++from _ssl import RAND_status, RAND_add + try: +- from _ssl import PROTOCOL_SSLv2 +- _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 ++ from _ssl import RAND_egd + except ImportError: ++ # LibreSSL does not provide RAND_egd ++ pass ++ ++def _import_symbols(prefix): ++ for n in dir(_ssl): ++ if n.startswith(prefix): ++ globals()[n] = getattr(_ssl, n) ++ ++_import_symbols('OP_') ++_import_symbols('ALERT_DESCRIPTION_') ++_import_symbols('SSL_ERROR_') ++_import_symbols('PROTOCOL_') ++ ++_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} ++ ++try: ++ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 ++except NameError: + _SSLv2_IF_EXISTS = None +-else: +- _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" + + from socket import socket, _fileobject, _delegate_methods, error as socket_error + from socket import getnameinfo as _getnameinfo +@@ -436,7 +435,7 @@ + d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] + return base64.decodestring(d) + +-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): ++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): + + """Retrieve the certificate from the server at the specified address, + and return it as a PEM-encoded string. +diff -r -u ../Python-2.7.8.orig/Modules/_ssl.c ./Modules/_ssl.c +--- ../Python-2.7.8.orig/Modules/_ssl.c 2014-06-30 02:05:42.000000000 +0000 ++++ ./Modules/_ssl.c 2015-12-18 14:02:42.618029896 +0000 +@@ -67,7 +67,9 @@ + #ifndef OPENSSL_NO_SSL2 + PY_SSL_VERSION_SSL2, + #endif ++#ifndef OPENSSL_NO_SSL3 + PY_SSL_VERSION_SSL3=1, ++#endif + PY_SSL_VERSION_SSL23, + PY_SSL_VERSION_TLS1 + }; +@@ -306,8 +308,10 @@ + PySSL_BEGIN_ALLOW_THREADS + if (proto_version == PY_SSL_VERSION_TLS1) + self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ ++#ifndef OPENSSL_NO_SSL3 + else if (proto_version == PY_SSL_VERSION_SSL3) + self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ ++#endif + #ifndef OPENSSL_NO_SSL2 + else if (proto_version == PY_SSL_VERSION_SSL2) + self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ +@@ -1808,8 +1812,10 @@ + PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", + PY_SSL_VERSION_SSL2); + #endif ++#ifndef OPENSSL_NO_SSL3 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", + PY_SSL_VERSION_SSL3); ++#endif + PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", + PY_SSL_VERSION_SSL23); + PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", diff --git a/plugins/python-build/share/python-build/patches/2.7.4/Python-2.7.4/004_openssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/2.7.4/Python-2.7.4/004_openssl_no_ssl3.patch deleted file mode 100644 index 3212d281..00000000 --- a/plugins/python-build/share/python-build/patches/2.7.4/Python-2.7.4/004_openssl_no_ssl3.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- Modules/_ssl.c.orig 2015-12-06 09:38:40.581734108 -0500 -+++ Modules/_ssl.c 2015-12-06 09:40:29.953991951 -0500 -@@ -302,8 +302,10 @@ - PySSL_BEGIN_ALLOW_THREADS - if (proto_version == PY_SSL_VERSION_TLS1) - self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ -+#ifndef OPENSSL_NO_SSL3 - else if (proto_version == PY_SSL_VERSION_SSL3) - self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ -+#endif - #ifndef OPENSSL_NO_SSL2 - else if (proto_version == PY_SSL_VERSION_SSL2) - self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ diff --git a/plugins/python-build/share/python-build/patches/2.7.4/Python-2.7.4/010_ssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/2.7.4/Python-2.7.4/010_ssl_no_ssl3.patch new file mode 100644 index 00000000..8845e45d --- /dev/null +++ b/plugins/python-build/share/python-build/patches/2.7.4/Python-2.7.4/010_ssl_no_ssl3.patch @@ -0,0 +1,98 @@ +diff -r -u ../Python-2.7.8.orig/Lib/ssl.py ./Lib/ssl.py +--- ../Python-2.7.8.orig/Lib/ssl.py 2014-06-30 02:05:31.000000000 +0000 ++++ ./Lib/ssl.py 2015-12-18 14:04:15.266072550 +0000 +@@ -62,30 +62,29 @@ + from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION + from _ssl import SSLError + from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED +-from _ssl import RAND_status, RAND_egd, RAND_add +-from _ssl import \ +- SSL_ERROR_ZERO_RETURN, \ +- SSL_ERROR_WANT_READ, \ +- SSL_ERROR_WANT_WRITE, \ +- SSL_ERROR_WANT_X509_LOOKUP, \ +- SSL_ERROR_SYSCALL, \ +- SSL_ERROR_SSL, \ +- SSL_ERROR_WANT_CONNECT, \ +- SSL_ERROR_EOF, \ +- SSL_ERROR_INVALID_ERROR_CODE +-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 +-_PROTOCOL_NAMES = { +- PROTOCOL_TLSv1: "TLSv1", +- PROTOCOL_SSLv23: "SSLv23", +- PROTOCOL_SSLv3: "SSLv3", +-} ++from _ssl import RAND_status, RAND_add + try: +- from _ssl import PROTOCOL_SSLv2 +- _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 ++ from _ssl import RAND_egd + except ImportError: ++ # LibreSSL does not provide RAND_egd ++ pass ++ ++def _import_symbols(prefix): ++ for n in dir(_ssl): ++ if n.startswith(prefix): ++ globals()[n] = getattr(_ssl, n) ++ ++_import_symbols('OP_') ++_import_symbols('ALERT_DESCRIPTION_') ++_import_symbols('SSL_ERROR_') ++_import_symbols('PROTOCOL_') ++ ++_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} ++ ++try: ++ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 ++except NameError: + _SSLv2_IF_EXISTS = None +-else: +- _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" + + from socket import socket, _fileobject, _delegate_methods, error as socket_error + from socket import getnameinfo as _getnameinfo +@@ -436,7 +435,7 @@ + d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] + return base64.decodestring(d) + +-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): ++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): + + """Retrieve the certificate from the server at the specified address, + and return it as a PEM-encoded string. +diff -r -u ../Python-2.7.8.orig/Modules/_ssl.c ./Modules/_ssl.c +--- ../Python-2.7.8.orig/Modules/_ssl.c 2014-06-30 02:05:42.000000000 +0000 ++++ ./Modules/_ssl.c 2015-12-18 14:02:42.618029896 +0000 +@@ -67,7 +67,9 @@ + #ifndef OPENSSL_NO_SSL2 + PY_SSL_VERSION_SSL2, + #endif ++#ifndef OPENSSL_NO_SSL3 + PY_SSL_VERSION_SSL3=1, ++#endif + PY_SSL_VERSION_SSL23, + PY_SSL_VERSION_TLS1 + }; +@@ -306,8 +308,10 @@ + PySSL_BEGIN_ALLOW_THREADS + if (proto_version == PY_SSL_VERSION_TLS1) + self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ ++#ifndef OPENSSL_NO_SSL3 + else if (proto_version == PY_SSL_VERSION_SSL3) + self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ ++#endif + #ifndef OPENSSL_NO_SSL2 + else if (proto_version == PY_SSL_VERSION_SSL2) + self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ +@@ -1808,8 +1812,10 @@ + PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", + PY_SSL_VERSION_SSL2); + #endif ++#ifndef OPENSSL_NO_SSL3 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", + PY_SSL_VERSION_SSL3); ++#endif + PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", + PY_SSL_VERSION_SSL23); + PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", diff --git a/plugins/python-build/share/python-build/patches/2.7.5/Python-2.7.5/004_openssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/2.7.5/Python-2.7.5/004_openssl_no_ssl3.patch deleted file mode 100644 index 3212d281..00000000 --- a/plugins/python-build/share/python-build/patches/2.7.5/Python-2.7.5/004_openssl_no_ssl3.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- Modules/_ssl.c.orig 2015-12-06 09:38:40.581734108 -0500 -+++ Modules/_ssl.c 2015-12-06 09:40:29.953991951 -0500 -@@ -302,8 +302,10 @@ - PySSL_BEGIN_ALLOW_THREADS - if (proto_version == PY_SSL_VERSION_TLS1) - self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ -+#ifndef OPENSSL_NO_SSL3 - else if (proto_version == PY_SSL_VERSION_SSL3) - self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ -+#endif - #ifndef OPENSSL_NO_SSL2 - else if (proto_version == PY_SSL_VERSION_SSL2) - self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ diff --git a/plugins/python-build/share/python-build/patches/2.7.5/Python-2.7.5/010_ssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/2.7.5/Python-2.7.5/010_ssl_no_ssl3.patch new file mode 100644 index 00000000..8845e45d --- /dev/null +++ b/plugins/python-build/share/python-build/patches/2.7.5/Python-2.7.5/010_ssl_no_ssl3.patch @@ -0,0 +1,98 @@ +diff -r -u ../Python-2.7.8.orig/Lib/ssl.py ./Lib/ssl.py +--- ../Python-2.7.8.orig/Lib/ssl.py 2014-06-30 02:05:31.000000000 +0000 ++++ ./Lib/ssl.py 2015-12-18 14:04:15.266072550 +0000 +@@ -62,30 +62,29 @@ + from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION + from _ssl import SSLError + from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED +-from _ssl import RAND_status, RAND_egd, RAND_add +-from _ssl import \ +- SSL_ERROR_ZERO_RETURN, \ +- SSL_ERROR_WANT_READ, \ +- SSL_ERROR_WANT_WRITE, \ +- SSL_ERROR_WANT_X509_LOOKUP, \ +- SSL_ERROR_SYSCALL, \ +- SSL_ERROR_SSL, \ +- SSL_ERROR_WANT_CONNECT, \ +- SSL_ERROR_EOF, \ +- SSL_ERROR_INVALID_ERROR_CODE +-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 +-_PROTOCOL_NAMES = { +- PROTOCOL_TLSv1: "TLSv1", +- PROTOCOL_SSLv23: "SSLv23", +- PROTOCOL_SSLv3: "SSLv3", +-} ++from _ssl import RAND_status, RAND_add + try: +- from _ssl import PROTOCOL_SSLv2 +- _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 ++ from _ssl import RAND_egd + except ImportError: ++ # LibreSSL does not provide RAND_egd ++ pass ++ ++def _import_symbols(prefix): ++ for n in dir(_ssl): ++ if n.startswith(prefix): ++ globals()[n] = getattr(_ssl, n) ++ ++_import_symbols('OP_') ++_import_symbols('ALERT_DESCRIPTION_') ++_import_symbols('SSL_ERROR_') ++_import_symbols('PROTOCOL_') ++ ++_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} ++ ++try: ++ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 ++except NameError: + _SSLv2_IF_EXISTS = None +-else: +- _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" + + from socket import socket, _fileobject, _delegate_methods, error as socket_error + from socket import getnameinfo as _getnameinfo +@@ -436,7 +435,7 @@ + d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] + return base64.decodestring(d) + +-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): ++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): + + """Retrieve the certificate from the server at the specified address, + and return it as a PEM-encoded string. +diff -r -u ../Python-2.7.8.orig/Modules/_ssl.c ./Modules/_ssl.c +--- ../Python-2.7.8.orig/Modules/_ssl.c 2014-06-30 02:05:42.000000000 +0000 ++++ ./Modules/_ssl.c 2015-12-18 14:02:42.618029896 +0000 +@@ -67,7 +67,9 @@ + #ifndef OPENSSL_NO_SSL2 + PY_SSL_VERSION_SSL2, + #endif ++#ifndef OPENSSL_NO_SSL3 + PY_SSL_VERSION_SSL3=1, ++#endif + PY_SSL_VERSION_SSL23, + PY_SSL_VERSION_TLS1 + }; +@@ -306,8 +308,10 @@ + PySSL_BEGIN_ALLOW_THREADS + if (proto_version == PY_SSL_VERSION_TLS1) + self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ ++#ifndef OPENSSL_NO_SSL3 + else if (proto_version == PY_SSL_VERSION_SSL3) + self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ ++#endif + #ifndef OPENSSL_NO_SSL2 + else if (proto_version == PY_SSL_VERSION_SSL2) + self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ +@@ -1808,8 +1812,10 @@ + PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", + PY_SSL_VERSION_SSL2); + #endif ++#ifndef OPENSSL_NO_SSL3 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", + PY_SSL_VERSION_SSL3); ++#endif + PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", + PY_SSL_VERSION_SSL23); + PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", diff --git a/plugins/python-build/share/python-build/patches/2.7.6/Python-2.7.6/004_openssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/2.7.6/Python-2.7.6/004_openssl_no_ssl3.patch deleted file mode 100644 index 3212d281..00000000 --- a/plugins/python-build/share/python-build/patches/2.7.6/Python-2.7.6/004_openssl_no_ssl3.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- Modules/_ssl.c.orig 2015-12-06 09:38:40.581734108 -0500 -+++ Modules/_ssl.c 2015-12-06 09:40:29.953991951 -0500 -@@ -302,8 +302,10 @@ - PySSL_BEGIN_ALLOW_THREADS - if (proto_version == PY_SSL_VERSION_TLS1) - self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ -+#ifndef OPENSSL_NO_SSL3 - else if (proto_version == PY_SSL_VERSION_SSL3) - self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ -+#endif - #ifndef OPENSSL_NO_SSL2 - else if (proto_version == PY_SSL_VERSION_SSL2) - self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ diff --git a/plugins/python-build/share/python-build/patches/2.7.6/Python-2.7.6/010_ssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/2.7.6/Python-2.7.6/010_ssl_no_ssl3.patch new file mode 100644 index 00000000..8845e45d --- /dev/null +++ b/plugins/python-build/share/python-build/patches/2.7.6/Python-2.7.6/010_ssl_no_ssl3.patch @@ -0,0 +1,98 @@ +diff -r -u ../Python-2.7.8.orig/Lib/ssl.py ./Lib/ssl.py +--- ../Python-2.7.8.orig/Lib/ssl.py 2014-06-30 02:05:31.000000000 +0000 ++++ ./Lib/ssl.py 2015-12-18 14:04:15.266072550 +0000 +@@ -62,30 +62,29 @@ + from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION + from _ssl import SSLError + from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED +-from _ssl import RAND_status, RAND_egd, RAND_add +-from _ssl import \ +- SSL_ERROR_ZERO_RETURN, \ +- SSL_ERROR_WANT_READ, \ +- SSL_ERROR_WANT_WRITE, \ +- SSL_ERROR_WANT_X509_LOOKUP, \ +- SSL_ERROR_SYSCALL, \ +- SSL_ERROR_SSL, \ +- SSL_ERROR_WANT_CONNECT, \ +- SSL_ERROR_EOF, \ +- SSL_ERROR_INVALID_ERROR_CODE +-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 +-_PROTOCOL_NAMES = { +- PROTOCOL_TLSv1: "TLSv1", +- PROTOCOL_SSLv23: "SSLv23", +- PROTOCOL_SSLv3: "SSLv3", +-} ++from _ssl import RAND_status, RAND_add + try: +- from _ssl import PROTOCOL_SSLv2 +- _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 ++ from _ssl import RAND_egd + except ImportError: ++ # LibreSSL does not provide RAND_egd ++ pass ++ ++def _import_symbols(prefix): ++ for n in dir(_ssl): ++ if n.startswith(prefix): ++ globals()[n] = getattr(_ssl, n) ++ ++_import_symbols('OP_') ++_import_symbols('ALERT_DESCRIPTION_') ++_import_symbols('SSL_ERROR_') ++_import_symbols('PROTOCOL_') ++ ++_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} ++ ++try: ++ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 ++except NameError: + _SSLv2_IF_EXISTS = None +-else: +- _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" + + from socket import socket, _fileobject, _delegate_methods, error as socket_error + from socket import getnameinfo as _getnameinfo +@@ -436,7 +435,7 @@ + d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] + return base64.decodestring(d) + +-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): ++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): + + """Retrieve the certificate from the server at the specified address, + and return it as a PEM-encoded string. +diff -r -u ../Python-2.7.8.orig/Modules/_ssl.c ./Modules/_ssl.c +--- ../Python-2.7.8.orig/Modules/_ssl.c 2014-06-30 02:05:42.000000000 +0000 ++++ ./Modules/_ssl.c 2015-12-18 14:02:42.618029896 +0000 +@@ -67,7 +67,9 @@ + #ifndef OPENSSL_NO_SSL2 + PY_SSL_VERSION_SSL2, + #endif ++#ifndef OPENSSL_NO_SSL3 + PY_SSL_VERSION_SSL3=1, ++#endif + PY_SSL_VERSION_SSL23, + PY_SSL_VERSION_TLS1 + }; +@@ -306,8 +308,10 @@ + PySSL_BEGIN_ALLOW_THREADS + if (proto_version == PY_SSL_VERSION_TLS1) + self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ ++#ifndef OPENSSL_NO_SSL3 + else if (proto_version == PY_SSL_VERSION_SSL3) + self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ ++#endif + #ifndef OPENSSL_NO_SSL2 + else if (proto_version == PY_SSL_VERSION_SSL2) + self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ +@@ -1808,8 +1812,10 @@ + PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", + PY_SSL_VERSION_SSL2); + #endif ++#ifndef OPENSSL_NO_SSL3 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", + PY_SSL_VERSION_SSL3); ++#endif + PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", + PY_SSL_VERSION_SSL23); + PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", diff --git a/plugins/python-build/share/python-build/patches/2.7.7/Python-2.7.7/004_openssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/2.7.7/Python-2.7.7/004_openssl_no_ssl3.patch deleted file mode 100644 index 3212d281..00000000 --- a/plugins/python-build/share/python-build/patches/2.7.7/Python-2.7.7/004_openssl_no_ssl3.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- Modules/_ssl.c.orig 2015-12-06 09:38:40.581734108 -0500 -+++ Modules/_ssl.c 2015-12-06 09:40:29.953991951 -0500 -@@ -302,8 +302,10 @@ - PySSL_BEGIN_ALLOW_THREADS - if (proto_version == PY_SSL_VERSION_TLS1) - self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ -+#ifndef OPENSSL_NO_SSL3 - else if (proto_version == PY_SSL_VERSION_SSL3) - self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ -+#endif - #ifndef OPENSSL_NO_SSL2 - else if (proto_version == PY_SSL_VERSION_SSL2) - self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ diff --git a/plugins/python-build/share/python-build/patches/2.7.7/Python-2.7.7/010_ssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/2.7.7/Python-2.7.7/010_ssl_no_ssl3.patch new file mode 100644 index 00000000..8845e45d --- /dev/null +++ b/plugins/python-build/share/python-build/patches/2.7.7/Python-2.7.7/010_ssl_no_ssl3.patch @@ -0,0 +1,98 @@ +diff -r -u ../Python-2.7.8.orig/Lib/ssl.py ./Lib/ssl.py +--- ../Python-2.7.8.orig/Lib/ssl.py 2014-06-30 02:05:31.000000000 +0000 ++++ ./Lib/ssl.py 2015-12-18 14:04:15.266072550 +0000 +@@ -62,30 +62,29 @@ + from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION + from _ssl import SSLError + from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED +-from _ssl import RAND_status, RAND_egd, RAND_add +-from _ssl import \ +- SSL_ERROR_ZERO_RETURN, \ +- SSL_ERROR_WANT_READ, \ +- SSL_ERROR_WANT_WRITE, \ +- SSL_ERROR_WANT_X509_LOOKUP, \ +- SSL_ERROR_SYSCALL, \ +- SSL_ERROR_SSL, \ +- SSL_ERROR_WANT_CONNECT, \ +- SSL_ERROR_EOF, \ +- SSL_ERROR_INVALID_ERROR_CODE +-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 +-_PROTOCOL_NAMES = { +- PROTOCOL_TLSv1: "TLSv1", +- PROTOCOL_SSLv23: "SSLv23", +- PROTOCOL_SSLv3: "SSLv3", +-} ++from _ssl import RAND_status, RAND_add + try: +- from _ssl import PROTOCOL_SSLv2 +- _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 ++ from _ssl import RAND_egd + except ImportError: ++ # LibreSSL does not provide RAND_egd ++ pass ++ ++def _import_symbols(prefix): ++ for n in dir(_ssl): ++ if n.startswith(prefix): ++ globals()[n] = getattr(_ssl, n) ++ ++_import_symbols('OP_') ++_import_symbols('ALERT_DESCRIPTION_') ++_import_symbols('SSL_ERROR_') ++_import_symbols('PROTOCOL_') ++ ++_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} ++ ++try: ++ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 ++except NameError: + _SSLv2_IF_EXISTS = None +-else: +- _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" + + from socket import socket, _fileobject, _delegate_methods, error as socket_error + from socket import getnameinfo as _getnameinfo +@@ -436,7 +435,7 @@ + d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] + return base64.decodestring(d) + +-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): ++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): + + """Retrieve the certificate from the server at the specified address, + and return it as a PEM-encoded string. +diff -r -u ../Python-2.7.8.orig/Modules/_ssl.c ./Modules/_ssl.c +--- ../Python-2.7.8.orig/Modules/_ssl.c 2014-06-30 02:05:42.000000000 +0000 ++++ ./Modules/_ssl.c 2015-12-18 14:02:42.618029896 +0000 +@@ -67,7 +67,9 @@ + #ifndef OPENSSL_NO_SSL2 + PY_SSL_VERSION_SSL2, + #endif ++#ifndef OPENSSL_NO_SSL3 + PY_SSL_VERSION_SSL3=1, ++#endif + PY_SSL_VERSION_SSL23, + PY_SSL_VERSION_TLS1 + }; +@@ -306,8 +308,10 @@ + PySSL_BEGIN_ALLOW_THREADS + if (proto_version == PY_SSL_VERSION_TLS1) + self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ ++#ifndef OPENSSL_NO_SSL3 + else if (proto_version == PY_SSL_VERSION_SSL3) + self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ ++#endif + #ifndef OPENSSL_NO_SSL2 + else if (proto_version == PY_SSL_VERSION_SSL2) + self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ +@@ -1808,8 +1812,10 @@ + PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", + PY_SSL_VERSION_SSL2); + #endif ++#ifndef OPENSSL_NO_SSL3 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", + PY_SSL_VERSION_SSL3); ++#endif + PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", + PY_SSL_VERSION_SSL23); + PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", diff --git a/plugins/python-build/share/python-build/patches/2.7.8/Python-2.7.8/004_openssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/2.7.8/Python-2.7.8/004_openssl_no_ssl3.patch deleted file mode 100644 index 3212d281..00000000 --- a/plugins/python-build/share/python-build/patches/2.7.8/Python-2.7.8/004_openssl_no_ssl3.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- Modules/_ssl.c.orig 2015-12-06 09:38:40.581734108 -0500 -+++ Modules/_ssl.c 2015-12-06 09:40:29.953991951 -0500 -@@ -302,8 +302,10 @@ - PySSL_BEGIN_ALLOW_THREADS - if (proto_version == PY_SSL_VERSION_TLS1) - self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ -+#ifndef OPENSSL_NO_SSL3 - else if (proto_version == PY_SSL_VERSION_SSL3) - self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ -+#endif - #ifndef OPENSSL_NO_SSL2 - else if (proto_version == PY_SSL_VERSION_SSL2) - self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ diff --git a/plugins/python-build/share/python-build/patches/2.7.8/Python-2.7.8/010_ssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/2.7.8/Python-2.7.8/010_ssl_no_ssl3.patch new file mode 100644 index 00000000..8845e45d --- /dev/null +++ b/plugins/python-build/share/python-build/patches/2.7.8/Python-2.7.8/010_ssl_no_ssl3.patch @@ -0,0 +1,98 @@ +diff -r -u ../Python-2.7.8.orig/Lib/ssl.py ./Lib/ssl.py +--- ../Python-2.7.8.orig/Lib/ssl.py 2014-06-30 02:05:31.000000000 +0000 ++++ ./Lib/ssl.py 2015-12-18 14:04:15.266072550 +0000 +@@ -62,30 +62,29 @@ + from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION + from _ssl import SSLError + from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED +-from _ssl import RAND_status, RAND_egd, RAND_add +-from _ssl import \ +- SSL_ERROR_ZERO_RETURN, \ +- SSL_ERROR_WANT_READ, \ +- SSL_ERROR_WANT_WRITE, \ +- SSL_ERROR_WANT_X509_LOOKUP, \ +- SSL_ERROR_SYSCALL, \ +- SSL_ERROR_SSL, \ +- SSL_ERROR_WANT_CONNECT, \ +- SSL_ERROR_EOF, \ +- SSL_ERROR_INVALID_ERROR_CODE +-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 +-_PROTOCOL_NAMES = { +- PROTOCOL_TLSv1: "TLSv1", +- PROTOCOL_SSLv23: "SSLv23", +- PROTOCOL_SSLv3: "SSLv3", +-} ++from _ssl import RAND_status, RAND_add + try: +- from _ssl import PROTOCOL_SSLv2 +- _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 ++ from _ssl import RAND_egd + except ImportError: ++ # LibreSSL does not provide RAND_egd ++ pass ++ ++def _import_symbols(prefix): ++ for n in dir(_ssl): ++ if n.startswith(prefix): ++ globals()[n] = getattr(_ssl, n) ++ ++_import_symbols('OP_') ++_import_symbols('ALERT_DESCRIPTION_') ++_import_symbols('SSL_ERROR_') ++_import_symbols('PROTOCOL_') ++ ++_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} ++ ++try: ++ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 ++except NameError: + _SSLv2_IF_EXISTS = None +-else: +- _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" + + from socket import socket, _fileobject, _delegate_methods, error as socket_error + from socket import getnameinfo as _getnameinfo +@@ -436,7 +435,7 @@ + d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] + return base64.decodestring(d) + +-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): ++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): + + """Retrieve the certificate from the server at the specified address, + and return it as a PEM-encoded string. +diff -r -u ../Python-2.7.8.orig/Modules/_ssl.c ./Modules/_ssl.c +--- ../Python-2.7.8.orig/Modules/_ssl.c 2014-06-30 02:05:42.000000000 +0000 ++++ ./Modules/_ssl.c 2015-12-18 14:02:42.618029896 +0000 +@@ -67,7 +67,9 @@ + #ifndef OPENSSL_NO_SSL2 + PY_SSL_VERSION_SSL2, + #endif ++#ifndef OPENSSL_NO_SSL3 + PY_SSL_VERSION_SSL3=1, ++#endif + PY_SSL_VERSION_SSL23, + PY_SSL_VERSION_TLS1 + }; +@@ -306,8 +308,10 @@ + PySSL_BEGIN_ALLOW_THREADS + if (proto_version == PY_SSL_VERSION_TLS1) + self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ ++#ifndef OPENSSL_NO_SSL3 + else if (proto_version == PY_SSL_VERSION_SSL3) + self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ ++#endif + #ifndef OPENSSL_NO_SSL2 + else if (proto_version == PY_SSL_VERSION_SSL2) + self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ +@@ -1808,8 +1812,10 @@ + PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", + PY_SSL_VERSION_SSL2); + #endif ++#ifndef OPENSSL_NO_SSL3 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", + PY_SSL_VERSION_SSL3); ++#endif + PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", + PY_SSL_VERSION_SSL23); + PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", From 659e5327016863c743e35c60b18cc3b972417912 Mon Sep 17 00:00:00 2001 From: "Yamashita, Yuu" Date: Fri, 18 Dec 2015 14:01:09 +0000 Subject: [PATCH 5/8] Add `OPENSSL_NO_SSL3` patch for 2.7.2 --- .../Python-2.7.2/004_openssl_no_ssl3.patch | 13 --- .../2.7.2/Python-2.7.2/010_ssl_no_ssl3.patch | 98 +++++++++++++++++++ 2 files changed, 98 insertions(+), 13 deletions(-) delete mode 100644 plugins/python-build/share/python-build/patches/2.7.2/Python-2.7.2/004_openssl_no_ssl3.patch create mode 100644 plugins/python-build/share/python-build/patches/2.7.2/Python-2.7.2/010_ssl_no_ssl3.patch diff --git a/plugins/python-build/share/python-build/patches/2.7.2/Python-2.7.2/004_openssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/2.7.2/Python-2.7.2/004_openssl_no_ssl3.patch deleted file mode 100644 index 3212d281..00000000 --- a/plugins/python-build/share/python-build/patches/2.7.2/Python-2.7.2/004_openssl_no_ssl3.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- Modules/_ssl.c.orig 2015-12-06 09:38:40.581734108 -0500 -+++ Modules/_ssl.c 2015-12-06 09:40:29.953991951 -0500 -@@ -302,8 +302,10 @@ - PySSL_BEGIN_ALLOW_THREADS - if (proto_version == PY_SSL_VERSION_TLS1) - self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ -+#ifndef OPENSSL_NO_SSL3 - else if (proto_version == PY_SSL_VERSION_SSL3) - self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ -+#endif - #ifndef OPENSSL_NO_SSL2 - else if (proto_version == PY_SSL_VERSION_SSL2) - self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ diff --git a/plugins/python-build/share/python-build/patches/2.7.2/Python-2.7.2/010_ssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/2.7.2/Python-2.7.2/010_ssl_no_ssl3.patch new file mode 100644 index 00000000..028cfd4d --- /dev/null +++ b/plugins/python-build/share/python-build/patches/2.7.2/Python-2.7.2/010_ssl_no_ssl3.patch @@ -0,0 +1,98 @@ +diff -r -u ../Python-2.7.2.orig/Lib/ssl.py ./Lib/ssl.py +--- ../Python-2.7.2.orig/Lib/ssl.py 2011-06-11 15:46:25.000000000 +0000 ++++ ./Lib/ssl.py 2015-12-18 13:55:37.444270735 +0000 +@@ -62,29 +62,29 @@ + from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION + from _ssl import SSLError + from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED +-from _ssl import RAND_status, RAND_egd, RAND_add +-from _ssl import \ +- SSL_ERROR_ZERO_RETURN, \ +- SSL_ERROR_WANT_READ, \ +- SSL_ERROR_WANT_WRITE, \ +- SSL_ERROR_WANT_X509_LOOKUP, \ +- SSL_ERROR_SYSCALL, \ +- SSL_ERROR_SSL, \ +- SSL_ERROR_WANT_CONNECT, \ +- SSL_ERROR_EOF, \ +- SSL_ERROR_INVALID_ERROR_CODE +-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 +-_PROTOCOL_NAMES = { +- PROTOCOL_TLSv1: "TLSv1", +- PROTOCOL_SSLv23: "SSLv23", +- PROTOCOL_SSLv3: "SSLv3", +-} ++from _ssl import RAND_status, RAND_add + try: +- from _ssl import PROTOCOL_SSLv2 ++ from _ssl import RAND_egd + except ImportError: ++ # LibreSSL does not provide RAND_egd + pass +-else: +- _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" ++ ++def _import_symbols(prefix): ++ for n in dir(_ssl): ++ if n.startswith(prefix): ++ globals()[n] = getattr(_ssl, n) ++ ++_import_symbols('OP_') ++_import_symbols('ALERT_DESCRIPTION_') ++_import_symbols('SSL_ERROR_') ++_import_symbols('PROTOCOL_') ++ ++_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} ++ ++try: ++ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 ++except NameError: ++ _SSLv2_IF_EXISTS = None + + from socket import socket, _fileobject, _delegate_methods, error as socket_error + from socket import getnameinfo as _getnameinfo +@@ -416,7 +416,7 @@ + d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] + return base64.decodestring(d) + +-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): ++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): + + """Retrieve the certificate from the server at the specified address, + and return it as a PEM-encoded string. +diff -r -u ../Python-2.7.2.orig/Modules/_ssl.c ./Modules/_ssl.c +--- ../Python-2.7.2.orig/Modules/_ssl.c 2011-06-11 15:46:27.000000000 +0000 ++++ ./Modules/_ssl.c 2015-12-18 13:49:22.254728756 +0000 +@@ -65,7 +65,9 @@ + #ifndef OPENSSL_NO_SSL2 + PY_SSL_VERSION_SSL2, + #endif ++#ifndef OPENSSL_NO_SSL3 + PY_SSL_VERSION_SSL3=1, ++#endif + PY_SSL_VERSION_SSL23, + PY_SSL_VERSION_TLS1 + }; +@@ -302,8 +304,10 @@ + PySSL_BEGIN_ALLOW_THREADS + if (proto_version == PY_SSL_VERSION_TLS1) + self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ ++#ifndef OPENSSL_NO_SSL3 + else if (proto_version == PY_SSL_VERSION_SSL3) + self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ ++#endif + #ifndef OPENSSL_NO_SSL2 + else if (proto_version == PY_SSL_VERSION_SSL2) + self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ +@@ -1716,8 +1720,10 @@ + PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", + PY_SSL_VERSION_SSL2); + #endif ++#ifndef OPENSSL_NO_SSL3 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", + PY_SSL_VERSION_SSL3); ++#endif + PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", + PY_SSL_VERSION_SSL23); + PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", +Only in ./Modules: _ssl.c.orig From 8c968974959b554ce859ab6c35454d809eb8aeb5 Mon Sep 17 00:00:00 2001 From: "Yamashita, Yuu" Date: Fri, 18 Dec 2015 14:19:28 +0000 Subject: [PATCH 6/8] Add `OPENSSL_NO_SSL2` & `OPENSSL_NO_SSL3` patch for 2.7 .. 2.7.1 --- .../Python-2.7.1/001_openssl_no_ssl2.patch | 77 -------------- .../Python-2.7.1/004_openssl_no_ssl3.patch | 13 --- .../010_ssl_no_ssl2_no_ssl3.patch | 100 ++++++++++++++++++ .../2.7/Python-2.7/001_openssl_no_ssl2.patch | 77 -------------- .../2.7/Python-2.7/004_openssl_no_ssl3.patch | 13 --- .../Python-2.7/010_ssl_no_ssl2_no_ssl3.patch | 100 ++++++++++++++++++ 6 files changed, 200 insertions(+), 180 deletions(-) delete mode 100644 plugins/python-build/share/python-build/patches/2.7.1/Python-2.7.1/001_openssl_no_ssl2.patch delete mode 100644 plugins/python-build/share/python-build/patches/2.7.1/Python-2.7.1/004_openssl_no_ssl3.patch create mode 100644 plugins/python-build/share/python-build/patches/2.7.1/Python-2.7.1/010_ssl_no_ssl2_no_ssl3.patch delete mode 100644 plugins/python-build/share/python-build/patches/2.7/Python-2.7/001_openssl_no_ssl2.patch delete mode 100644 plugins/python-build/share/python-build/patches/2.7/Python-2.7/004_openssl_no_ssl3.patch create mode 100644 plugins/python-build/share/python-build/patches/2.7/Python-2.7/010_ssl_no_ssl2_no_ssl3.patch diff --git a/plugins/python-build/share/python-build/patches/2.7.1/Python-2.7.1/001_openssl_no_ssl2.patch b/plugins/python-build/share/python-build/patches/2.7.1/Python-2.7.1/001_openssl_no_ssl2.patch deleted file mode 100644 index 7304deb4..00000000 --- a/plugins/python-build/share/python-build/patches/2.7.1/Python-2.7.1/001_openssl_no_ssl2.patch +++ /dev/null @@ -1,77 +0,0 @@ -diff -r -u ./Lib/ssl.py ../Python-2.6.8/Lib/ssl.py ---- ./Lib/ssl.py 2012-04-11 00:32:06.000000000 +0900 -+++ ../Python-2.6.8/Lib/ssl.py 2013-05-08 19:44:49.000000000 +0900 -@@ -61,7 +61,19 @@ - - from _ssl import SSLError - from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED --from _ssl import PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 -+from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 -+_PROTOCOL_NAMES = { -+ PROTOCOL_TLSv1: "TLSv1", -+ PROTOCOL_SSLv23: "SSLv23", -+ PROTOCOL_SSLv3: "SSLv3", -+} -+try: -+ from _ssl import PROTOCOL_SSLv2 -+ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 -+except ImportError: -+ _SSLv2_IF_EXISTS = None -+else: -+ _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" - from _ssl import RAND_status, RAND_egd, RAND_add - from _ssl import \ - SSL_ERROR_ZERO_RETURN, \ -@@ -402,16 +414,7 @@ - return DER_cert_to_PEM_cert(dercert) - - def get_protocol_name(protocol_code): -- if protocol_code == PROTOCOL_TLSv1: -- return "TLSv1" -- elif protocol_code == PROTOCOL_SSLv23: -- return "SSLv23" -- elif protocol_code == PROTOCOL_SSLv2: -- return "SSLv2" -- elif protocol_code == PROTOCOL_SSLv3: -- return "SSLv3" -- else: -- return "" -+ return _PROTOCOL_NAMES.get(protocol_code, '') - - - # a replacement for the old socket.ssl function -diff -r -u ./Modules/_ssl.c ../Python-2.6.8/Modules/_ssl.c ---- ./Modules/_ssl.c 2012-04-11 00:32:09.000000000 +0900 -+++ ../Python-2.6.8/Modules/_ssl.c 2013-05-08 17:34:38.000000000 +0900 -@@ -62,7 +62,9 @@ - }; - - enum py_ssl_version { -+#ifndef OPENSSL_NO_SSL2 - PY_SSL_VERSION_SSL2, -+#endif - PY_SSL_VERSION_SSL3, - PY_SSL_VERSION_SSL23, - PY_SSL_VERSION_TLS1 -@@ -302,8 +304,10 @@ - self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ - else if (proto_version == PY_SSL_VERSION_SSL3) - self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ -+#ifndef OPENSSL_NO_SSL2 - else if (proto_version == PY_SSL_VERSION_SSL2) - self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ -+#endif - else if (proto_version == PY_SSL_VERSION_SSL23) - self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */ - PySSL_END_ALLOW_THREADS -@@ -1688,8 +1692,10 @@ - PY_SSL_CERT_REQUIRED); - - /* protocol versions */ -+#ifndef OPENSSL_NO_SSL2 - PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", - PY_SSL_VERSION_SSL2); -+#endif - PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", - PY_SSL_VERSION_SSL3); - PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", diff --git a/plugins/python-build/share/python-build/patches/2.7.1/Python-2.7.1/004_openssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/2.7.1/Python-2.7.1/004_openssl_no_ssl3.patch deleted file mode 100644 index 3212d281..00000000 --- a/plugins/python-build/share/python-build/patches/2.7.1/Python-2.7.1/004_openssl_no_ssl3.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- Modules/_ssl.c.orig 2015-12-06 09:38:40.581734108 -0500 -+++ Modules/_ssl.c 2015-12-06 09:40:29.953991951 -0500 -@@ -302,8 +302,10 @@ - PySSL_BEGIN_ALLOW_THREADS - if (proto_version == PY_SSL_VERSION_TLS1) - self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ -+#ifndef OPENSSL_NO_SSL3 - else if (proto_version == PY_SSL_VERSION_SSL3) - self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ -+#endif - #ifndef OPENSSL_NO_SSL2 - else if (proto_version == PY_SSL_VERSION_SSL2) - self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ diff --git a/plugins/python-build/share/python-build/patches/2.7.1/Python-2.7.1/010_ssl_no_ssl2_no_ssl3.patch b/plugins/python-build/share/python-build/patches/2.7.1/Python-2.7.1/010_ssl_no_ssl2_no_ssl3.patch new file mode 100644 index 00000000..dbfa9fb7 --- /dev/null +++ b/plugins/python-build/share/python-build/patches/2.7.1/Python-2.7.1/010_ssl_no_ssl2_no_ssl3.patch @@ -0,0 +1,100 @@ +diff -r -u ../Python-2.7.1.orig/Lib/ssl.py ./Lib/ssl.py +--- ../Python-2.7.1.orig/Lib/ssl.py 2010-09-14 14:37:18.000000000 +0000 ++++ ./Lib/ssl.py 2015-12-18 14:14:39.089679248 +0000 +@@ -62,18 +62,29 @@ + from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION + from _ssl import SSLError + from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED +-from _ssl import PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 +-from _ssl import RAND_status, RAND_egd, RAND_add +-from _ssl import \ +- SSL_ERROR_ZERO_RETURN, \ +- SSL_ERROR_WANT_READ, \ +- SSL_ERROR_WANT_WRITE, \ +- SSL_ERROR_WANT_X509_LOOKUP, \ +- SSL_ERROR_SYSCALL, \ +- SSL_ERROR_SSL, \ +- SSL_ERROR_WANT_CONNECT, \ +- SSL_ERROR_EOF, \ +- SSL_ERROR_INVALID_ERROR_CODE ++from _ssl import RAND_status, RAND_add ++try: ++ from _ssl import RAND_egd ++except ImportError: ++ # LibreSSL does not provide RAND_egd ++ pass ++ ++def _import_symbols(prefix): ++ for n in dir(_ssl): ++ if n.startswith(prefix): ++ globals()[n] = getattr(_ssl, n) ++ ++_import_symbols('OP_') ++_import_symbols('ALERT_DESCRIPTION_') ++_import_symbols('SSL_ERROR_') ++_import_symbols('PROTOCOL_') ++ ++_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} ++ ++try: ++ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 ++except NameError: ++ _SSLv2_IF_EXISTS = None + + from socket import socket, _fileobject, _delegate_methods, error as socket_error + from socket import getnameinfo as _getnameinfo +@@ -388,7 +399,7 @@ + d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] + return base64.decodestring(d) + +-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): ++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): + + """Retrieve the certificate from the server at the specified address, + and return it as a PEM-encoded string. +diff -r -u ../Python-2.7.1.orig/Modules/_ssl.c ./Modules/_ssl.c +--- ../Python-2.7.1.orig/Modules/_ssl.c 2010-10-13 22:10:31.000000000 +0000 ++++ ./Modules/_ssl.c 2015-12-18 14:18:21.612222848 +0000 +@@ -62,8 +62,12 @@ + }; + + enum py_ssl_version { ++#ifndef OPENSSL_NO_SSL2 + PY_SSL_VERSION_SSL2, ++#endif ++#ifndef OPENSSL_NO_SSL3 + PY_SSL_VERSION_SSL3, ++#endif + PY_SSL_VERSION_SSL23, + PY_SSL_VERSION_TLS1 + }; +@@ -300,10 +304,14 @@ + PySSL_BEGIN_ALLOW_THREADS + if (proto_version == PY_SSL_VERSION_TLS1) + self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ ++#ifndef OPENSSL_NO_SSL3 + else if (proto_version == PY_SSL_VERSION_SSL3) + self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ ++#endif ++#ifndef OPENSSL_NO_SSL2 + else if (proto_version == PY_SSL_VERSION_SSL2) + self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ ++#endif + else if (proto_version == PY_SSL_VERSION_SSL23) + self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */ + PySSL_END_ALLOW_THREADS +@@ -1706,10 +1714,14 @@ + PY_SSL_CERT_REQUIRED); + + /* protocol versions */ ++#ifndef OPENSSL_NO_SSL2 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", + PY_SSL_VERSION_SSL2); ++#endif ++#ifndef OPENSSL_NO_SSL3 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", + PY_SSL_VERSION_SSL3); ++#endif + PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", + PY_SSL_VERSION_SSL23); + PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", diff --git a/plugins/python-build/share/python-build/patches/2.7/Python-2.7/001_openssl_no_ssl2.patch b/plugins/python-build/share/python-build/patches/2.7/Python-2.7/001_openssl_no_ssl2.patch deleted file mode 100644 index 7304deb4..00000000 --- a/plugins/python-build/share/python-build/patches/2.7/Python-2.7/001_openssl_no_ssl2.patch +++ /dev/null @@ -1,77 +0,0 @@ -diff -r -u ./Lib/ssl.py ../Python-2.6.8/Lib/ssl.py ---- ./Lib/ssl.py 2012-04-11 00:32:06.000000000 +0900 -+++ ../Python-2.6.8/Lib/ssl.py 2013-05-08 19:44:49.000000000 +0900 -@@ -61,7 +61,19 @@ - - from _ssl import SSLError - from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED --from _ssl import PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 -+from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 -+_PROTOCOL_NAMES = { -+ PROTOCOL_TLSv1: "TLSv1", -+ PROTOCOL_SSLv23: "SSLv23", -+ PROTOCOL_SSLv3: "SSLv3", -+} -+try: -+ from _ssl import PROTOCOL_SSLv2 -+ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 -+except ImportError: -+ _SSLv2_IF_EXISTS = None -+else: -+ _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" - from _ssl import RAND_status, RAND_egd, RAND_add - from _ssl import \ - SSL_ERROR_ZERO_RETURN, \ -@@ -402,16 +414,7 @@ - return DER_cert_to_PEM_cert(dercert) - - def get_protocol_name(protocol_code): -- if protocol_code == PROTOCOL_TLSv1: -- return "TLSv1" -- elif protocol_code == PROTOCOL_SSLv23: -- return "SSLv23" -- elif protocol_code == PROTOCOL_SSLv2: -- return "SSLv2" -- elif protocol_code == PROTOCOL_SSLv3: -- return "SSLv3" -- else: -- return "" -+ return _PROTOCOL_NAMES.get(protocol_code, '') - - - # a replacement for the old socket.ssl function -diff -r -u ./Modules/_ssl.c ../Python-2.6.8/Modules/_ssl.c ---- ./Modules/_ssl.c 2012-04-11 00:32:09.000000000 +0900 -+++ ../Python-2.6.8/Modules/_ssl.c 2013-05-08 17:34:38.000000000 +0900 -@@ -62,7 +62,9 @@ - }; - - enum py_ssl_version { -+#ifndef OPENSSL_NO_SSL2 - PY_SSL_VERSION_SSL2, -+#endif - PY_SSL_VERSION_SSL3, - PY_SSL_VERSION_SSL23, - PY_SSL_VERSION_TLS1 -@@ -302,8 +304,10 @@ - self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ - else if (proto_version == PY_SSL_VERSION_SSL3) - self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ -+#ifndef OPENSSL_NO_SSL2 - else if (proto_version == PY_SSL_VERSION_SSL2) - self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ -+#endif - else if (proto_version == PY_SSL_VERSION_SSL23) - self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */ - PySSL_END_ALLOW_THREADS -@@ -1688,8 +1692,10 @@ - PY_SSL_CERT_REQUIRED); - - /* protocol versions */ -+#ifndef OPENSSL_NO_SSL2 - PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", - PY_SSL_VERSION_SSL2); -+#endif - PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", - PY_SSL_VERSION_SSL3); - PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", diff --git a/plugins/python-build/share/python-build/patches/2.7/Python-2.7/004_openssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/2.7/Python-2.7/004_openssl_no_ssl3.patch deleted file mode 100644 index 3212d281..00000000 --- a/plugins/python-build/share/python-build/patches/2.7/Python-2.7/004_openssl_no_ssl3.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- Modules/_ssl.c.orig 2015-12-06 09:38:40.581734108 -0500 -+++ Modules/_ssl.c 2015-12-06 09:40:29.953991951 -0500 -@@ -302,8 +302,10 @@ - PySSL_BEGIN_ALLOW_THREADS - if (proto_version == PY_SSL_VERSION_TLS1) - self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ -+#ifndef OPENSSL_NO_SSL3 - else if (proto_version == PY_SSL_VERSION_SSL3) - self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ -+#endif - #ifndef OPENSSL_NO_SSL2 - else if (proto_version == PY_SSL_VERSION_SSL2) - self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ diff --git a/plugins/python-build/share/python-build/patches/2.7/Python-2.7/010_ssl_no_ssl2_no_ssl3.patch b/plugins/python-build/share/python-build/patches/2.7/Python-2.7/010_ssl_no_ssl2_no_ssl3.patch new file mode 100644 index 00000000..dbfa9fb7 --- /dev/null +++ b/plugins/python-build/share/python-build/patches/2.7/Python-2.7/010_ssl_no_ssl2_no_ssl3.patch @@ -0,0 +1,100 @@ +diff -r -u ../Python-2.7.1.orig/Lib/ssl.py ./Lib/ssl.py +--- ../Python-2.7.1.orig/Lib/ssl.py 2010-09-14 14:37:18.000000000 +0000 ++++ ./Lib/ssl.py 2015-12-18 14:14:39.089679248 +0000 +@@ -62,18 +62,29 @@ + from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION + from _ssl import SSLError + from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED +-from _ssl import PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 +-from _ssl import RAND_status, RAND_egd, RAND_add +-from _ssl import \ +- SSL_ERROR_ZERO_RETURN, \ +- SSL_ERROR_WANT_READ, \ +- SSL_ERROR_WANT_WRITE, \ +- SSL_ERROR_WANT_X509_LOOKUP, \ +- SSL_ERROR_SYSCALL, \ +- SSL_ERROR_SSL, \ +- SSL_ERROR_WANT_CONNECT, \ +- SSL_ERROR_EOF, \ +- SSL_ERROR_INVALID_ERROR_CODE ++from _ssl import RAND_status, RAND_add ++try: ++ from _ssl import RAND_egd ++except ImportError: ++ # LibreSSL does not provide RAND_egd ++ pass ++ ++def _import_symbols(prefix): ++ for n in dir(_ssl): ++ if n.startswith(prefix): ++ globals()[n] = getattr(_ssl, n) ++ ++_import_symbols('OP_') ++_import_symbols('ALERT_DESCRIPTION_') ++_import_symbols('SSL_ERROR_') ++_import_symbols('PROTOCOL_') ++ ++_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} ++ ++try: ++ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 ++except NameError: ++ _SSLv2_IF_EXISTS = None + + from socket import socket, _fileobject, _delegate_methods, error as socket_error + from socket import getnameinfo as _getnameinfo +@@ -388,7 +399,7 @@ + d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] + return base64.decodestring(d) + +-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): ++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): + + """Retrieve the certificate from the server at the specified address, + and return it as a PEM-encoded string. +diff -r -u ../Python-2.7.1.orig/Modules/_ssl.c ./Modules/_ssl.c +--- ../Python-2.7.1.orig/Modules/_ssl.c 2010-10-13 22:10:31.000000000 +0000 ++++ ./Modules/_ssl.c 2015-12-18 14:18:21.612222848 +0000 +@@ -62,8 +62,12 @@ + }; + + enum py_ssl_version { ++#ifndef OPENSSL_NO_SSL2 + PY_SSL_VERSION_SSL2, ++#endif ++#ifndef OPENSSL_NO_SSL3 + PY_SSL_VERSION_SSL3, ++#endif + PY_SSL_VERSION_SSL23, + PY_SSL_VERSION_TLS1 + }; +@@ -300,10 +304,14 @@ + PySSL_BEGIN_ALLOW_THREADS + if (proto_version == PY_SSL_VERSION_TLS1) + self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ ++#ifndef OPENSSL_NO_SSL3 + else if (proto_version == PY_SSL_VERSION_SSL3) + self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ ++#endif ++#ifndef OPENSSL_NO_SSL2 + else if (proto_version == PY_SSL_VERSION_SSL2) + self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ ++#endif + else if (proto_version == PY_SSL_VERSION_SSL23) + self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */ + PySSL_END_ALLOW_THREADS +@@ -1706,10 +1714,14 @@ + PY_SSL_CERT_REQUIRED); + + /* protocol versions */ ++#ifndef OPENSSL_NO_SSL2 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", + PY_SSL_VERSION_SSL2); ++#endif ++#ifndef OPENSSL_NO_SSL3 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", + PY_SSL_VERSION_SSL3); ++#endif + PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", + PY_SSL_VERSION_SSL23); + PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", From f2288258794750c0a6240e47f391875e6fea2376 Mon Sep 17 00:00:00 2001 From: "Yamashita, Yuu" Date: Fri, 18 Dec 2015 14:36:38 +0000 Subject: [PATCH 7/8] Add `OPENSSL_NO_SSL2` & `OPENSSL_NO_SSL3` patch for 2.6.9 --- .../010_ssl_no_ssl2_no_ssl3.patch | 91 +++++++++++++++++++ 1 file changed, 91 insertions(+) create mode 100644 plugins/python-build/share/python-build/patches/2.6.9/Python-2.6.9/010_ssl_no_ssl2_no_ssl3.patch diff --git a/plugins/python-build/share/python-build/patches/2.6.9/Python-2.6.9/010_ssl_no_ssl2_no_ssl3.patch b/plugins/python-build/share/python-build/patches/2.6.9/Python-2.6.9/010_ssl_no_ssl2_no_ssl3.patch new file mode 100644 index 00000000..c49ee2d6 --- /dev/null +++ b/plugins/python-build/share/python-build/patches/2.6.9/Python-2.6.9/010_ssl_no_ssl2_no_ssl3.patch @@ -0,0 +1,91 @@ +diff -r -u ../Python-2.6.9.orig/Lib/ssl.py ./Lib/ssl.py +--- ../Python-2.6.9.orig/Lib/ssl.py 2013-10-29 15:04:37.000000000 +0000 ++++ ./Lib/ssl.py 2015-12-18 14:39:22.213215077 +0000 +@@ -61,18 +61,24 @@ + + from _ssl import SSLError + from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED +-from _ssl import PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 +-from _ssl import RAND_status, RAND_egd, RAND_add +-from _ssl import \ +- SSL_ERROR_ZERO_RETURN, \ +- SSL_ERROR_WANT_READ, \ +- SSL_ERROR_WANT_WRITE, \ +- SSL_ERROR_WANT_X509_LOOKUP, \ +- SSL_ERROR_SYSCALL, \ +- SSL_ERROR_SSL, \ +- SSL_ERROR_WANT_CONNECT, \ +- SSL_ERROR_EOF, \ +- SSL_ERROR_INVALID_ERROR_CODE ++from _ssl import RAND_status, RAND_add ++try: ++ from _ssl import RAND_egd ++except ImportError: ++ # LibreSSL does not provide RAND_egd ++ pass ++ ++def _import_symbols(prefix): ++ for n in dir(_ssl): ++ if n.startswith(prefix): ++ globals()[n] = getattr(_ssl, n) ++ ++_import_symbols('OP_') ++_import_symbols('ALERT_DESCRIPTION_') ++_import_symbols('SSL_ERROR_') ++_import_symbols('PROTOCOL_') ++ ++_PROTOCOL_NAMES = dict([(value, name) for name, value in globals().items() if name.startswith('PROTOCOL_')]) + + from socket import socket, _fileobject, _delegate_methods + from socket import error as socket_error +@@ -382,7 +388,7 @@ + d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] + return base64.decodestring(d) + +-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): ++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): + + """Retrieve the certificate from the server at the specified address, + and return it as a PEM-encoded string. +diff -r -u ../Python-2.6.9.orig/Modules/_ssl.c ./Modules/_ssl.c +--- ../Python-2.6.9.orig/Modules/_ssl.c 2013-10-29 15:04:38.000000000 +0000 ++++ ./Modules/_ssl.c 2015-12-18 14:32:08.051962468 +0000 +@@ -62,8 +62,12 @@ + }; + + enum py_ssl_version { ++#ifndef OPENSSL_NO_SSL2 + PY_SSL_VERSION_SSL2, ++#endif ++#ifndef OPENSSL_NO_SSL3 + PY_SSL_VERSION_SSL3, ++#endif + PY_SSL_VERSION_SSL23, + PY_SSL_VERSION_TLS1 + }; +@@ -300,8 +304,10 @@ + PySSL_BEGIN_ALLOW_THREADS + if (proto_version == PY_SSL_VERSION_TLS1) + self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ ++#ifndef OPENSSL_NO_SSL3 + else if (proto_version == PY_SSL_VERSION_SSL3) + self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ ++#endif + #ifndef OPENSSL_NO_SSL2 + else if (proto_version == PY_SSL_VERSION_SSL2) + self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ +@@ -1746,10 +1752,14 @@ + PY_SSL_CERT_REQUIRED); + + /* protocol versions */ ++#ifndef OPENSSL_NO_SSL2 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", + PY_SSL_VERSION_SSL2); ++#endif ++#ifndef OPENSSL_NO_SSL3 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", + PY_SSL_VERSION_SSL3); ++#endif + PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", + PY_SSL_VERSION_SSL23); + PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", From 471fa24531472f13b493523c7d7fb5783b2037b4 Mon Sep 17 00:00:00 2001 From: "Yamashita, Yuu" Date: Fri, 18 Dec 2015 14:50:17 +0000 Subject: [PATCH 8/8] Add `OPENSSL_NO_SSL2` & `OPENSSL_NO_SSL3` patch for 2.6.6 .. 2.6.8 --- .../Python-2.6.6/001_openssl_no_ssl2.patch | 77 --------------- .../010_ssl_no_ssl2_no_ssl3.patch | 95 +++++++++++++++++++ .../Python-2.6.7/001_openssl_no_ssl2.patch | 77 --------------- .../010_ssl_no_ssl2_no_ssl3.patch | 95 +++++++++++++++++++ .../Python-2.6.8/001_openssl_no_ssl2.patch | 77 --------------- .../010_ssl_no_ssl2_no_ssl3.patch | 95 +++++++++++++++++++ 6 files changed, 285 insertions(+), 231 deletions(-) delete mode 100644 plugins/python-build/share/python-build/patches/2.6.6/Python-2.6.6/001_openssl_no_ssl2.patch create mode 100644 plugins/python-build/share/python-build/patches/2.6.6/Python-2.6.6/010_ssl_no_ssl2_no_ssl3.patch delete mode 100644 plugins/python-build/share/python-build/patches/2.6.7/Python-2.6.7/001_openssl_no_ssl2.patch create mode 100644 plugins/python-build/share/python-build/patches/2.6.7/Python-2.6.7/010_ssl_no_ssl2_no_ssl3.patch delete mode 100644 plugins/python-build/share/python-build/patches/2.6.8/Python-2.6.8/001_openssl_no_ssl2.patch create mode 100644 plugins/python-build/share/python-build/patches/2.6.8/Python-2.6.8/010_ssl_no_ssl2_no_ssl3.patch diff --git a/plugins/python-build/share/python-build/patches/2.6.6/Python-2.6.6/001_openssl_no_ssl2.patch b/plugins/python-build/share/python-build/patches/2.6.6/Python-2.6.6/001_openssl_no_ssl2.patch deleted file mode 100644 index 7304deb4..00000000 --- a/plugins/python-build/share/python-build/patches/2.6.6/Python-2.6.6/001_openssl_no_ssl2.patch +++ /dev/null @@ -1,77 +0,0 @@ -diff -r -u ./Lib/ssl.py ../Python-2.6.8/Lib/ssl.py ---- ./Lib/ssl.py 2012-04-11 00:32:06.000000000 +0900 -+++ ../Python-2.6.8/Lib/ssl.py 2013-05-08 19:44:49.000000000 +0900 -@@ -61,7 +61,19 @@ - - from _ssl import SSLError - from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED --from _ssl import PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 -+from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 -+_PROTOCOL_NAMES = { -+ PROTOCOL_TLSv1: "TLSv1", -+ PROTOCOL_SSLv23: "SSLv23", -+ PROTOCOL_SSLv3: "SSLv3", -+} -+try: -+ from _ssl import PROTOCOL_SSLv2 -+ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 -+except ImportError: -+ _SSLv2_IF_EXISTS = None -+else: -+ _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" - from _ssl import RAND_status, RAND_egd, RAND_add - from _ssl import \ - SSL_ERROR_ZERO_RETURN, \ -@@ -402,16 +414,7 @@ - return DER_cert_to_PEM_cert(dercert) - - def get_protocol_name(protocol_code): -- if protocol_code == PROTOCOL_TLSv1: -- return "TLSv1" -- elif protocol_code == PROTOCOL_SSLv23: -- return "SSLv23" -- elif protocol_code == PROTOCOL_SSLv2: -- return "SSLv2" -- elif protocol_code == PROTOCOL_SSLv3: -- return "SSLv3" -- else: -- return "" -+ return _PROTOCOL_NAMES.get(protocol_code, '') - - - # a replacement for the old socket.ssl function -diff -r -u ./Modules/_ssl.c ../Python-2.6.8/Modules/_ssl.c ---- ./Modules/_ssl.c 2012-04-11 00:32:09.000000000 +0900 -+++ ../Python-2.6.8/Modules/_ssl.c 2013-05-08 17:34:38.000000000 +0900 -@@ -62,7 +62,9 @@ - }; - - enum py_ssl_version { -+#ifndef OPENSSL_NO_SSL2 - PY_SSL_VERSION_SSL2, -+#endif - PY_SSL_VERSION_SSL3, - PY_SSL_VERSION_SSL23, - PY_SSL_VERSION_TLS1 -@@ -302,8 +304,10 @@ - self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ - else if (proto_version == PY_SSL_VERSION_SSL3) - self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ -+#ifndef OPENSSL_NO_SSL2 - else if (proto_version == PY_SSL_VERSION_SSL2) - self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ -+#endif - else if (proto_version == PY_SSL_VERSION_SSL23) - self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */ - PySSL_END_ALLOW_THREADS -@@ -1688,8 +1692,10 @@ - PY_SSL_CERT_REQUIRED); - - /* protocol versions */ -+#ifndef OPENSSL_NO_SSL2 - PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", - PY_SSL_VERSION_SSL2); -+#endif - PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", - PY_SSL_VERSION_SSL3); - PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", diff --git a/plugins/python-build/share/python-build/patches/2.6.6/Python-2.6.6/010_ssl_no_ssl2_no_ssl3.patch b/plugins/python-build/share/python-build/patches/2.6.6/Python-2.6.6/010_ssl_no_ssl2_no_ssl3.patch new file mode 100644 index 00000000..eb028754 --- /dev/null +++ b/plugins/python-build/share/python-build/patches/2.6.6/Python-2.6.6/010_ssl_no_ssl2_no_ssl3.patch @@ -0,0 +1,95 @@ +diff -r -u ../Python-2.6.8.orig/Lib/ssl.py ./Lib/ssl.py +--- ../Python-2.6.8.orig/Lib/ssl.py 2012-04-10 15:32:06.000000000 +0000 ++++ ./Lib/ssl.py 2015-12-18 14:46:36.487188331 +0000 +@@ -61,18 +61,24 @@ + + from _ssl import SSLError + from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED +-from _ssl import PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 +-from _ssl import RAND_status, RAND_egd, RAND_add +-from _ssl import \ +- SSL_ERROR_ZERO_RETURN, \ +- SSL_ERROR_WANT_READ, \ +- SSL_ERROR_WANT_WRITE, \ +- SSL_ERROR_WANT_X509_LOOKUP, \ +- SSL_ERROR_SYSCALL, \ +- SSL_ERROR_SSL, \ +- SSL_ERROR_WANT_CONNECT, \ +- SSL_ERROR_EOF, \ +- SSL_ERROR_INVALID_ERROR_CODE ++from _ssl import RAND_status, RAND_add ++try: ++ from _ssl import RAND_egd ++except ImportError: ++ # LibreSSL does not provide RAND_egd ++ pass ++ ++def _import_symbols(prefix): ++ for n in dir(_ssl): ++ if n.startswith(prefix): ++ globals()[n] = getattr(_ssl, n) ++ ++_import_symbols('OP_') ++_import_symbols('ALERT_DESCRIPTION_') ++_import_symbols('SSL_ERROR_') ++_import_symbols('PROTOCOL_') ++ ++_PROTOCOL_NAMES = dict([(value, name) for name, value in globals().items() if name.startswith('PROTOCOL_')]) + + from socket import socket, _fileobject, _delegate_methods + from socket import error as socket_error +@@ -382,7 +388,7 @@ + d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] + return base64.decodestring(d) + +-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): ++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): + + """Retrieve the certificate from the server at the specified address, + and return it as a PEM-encoded string. +diff -r -u ../Python-2.6.8.orig/Modules/_ssl.c ./Modules/_ssl.c +--- ../Python-2.6.8.orig/Modules/_ssl.c 2012-04-10 15:32:09.000000000 +0000 ++++ ./Modules/_ssl.c 2015-12-18 14:45:30.419597074 +0000 +@@ -62,8 +62,12 @@ + }; + + enum py_ssl_version { ++#ifndef OPENSSL_NO_SSL2 + PY_SSL_VERSION_SSL2, ++#endif ++#ifndef OPENSSL_NO_SSL3 + PY_SSL_VERSION_SSL3, ++#endif + PY_SSL_VERSION_SSL23, + PY_SSL_VERSION_TLS1 + }; +@@ -300,10 +304,14 @@ + PySSL_BEGIN_ALLOW_THREADS + if (proto_version == PY_SSL_VERSION_TLS1) + self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ ++#ifndef OPENSSL_NO_SSL3 + else if (proto_version == PY_SSL_VERSION_SSL3) + self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ ++#endif ++#ifndef OPENSSL_NO_SSL2 + else if (proto_version == PY_SSL_VERSION_SSL2) + self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ ++#endif + else if (proto_version == PY_SSL_VERSION_SSL23) + self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */ + PySSL_END_ALLOW_THREADS +@@ -1688,10 +1696,14 @@ + PY_SSL_CERT_REQUIRED); + + /* protocol versions */ ++#ifndef OPENSSL_NO_SSL2 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", + PY_SSL_VERSION_SSL2); ++#endif ++#ifndef OPENSSL_NO_SSL3 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", + PY_SSL_VERSION_SSL3); ++#endif + PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", + PY_SSL_VERSION_SSL23); + PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", diff --git a/plugins/python-build/share/python-build/patches/2.6.7/Python-2.6.7/001_openssl_no_ssl2.patch b/plugins/python-build/share/python-build/patches/2.6.7/Python-2.6.7/001_openssl_no_ssl2.patch deleted file mode 100644 index 7304deb4..00000000 --- a/plugins/python-build/share/python-build/patches/2.6.7/Python-2.6.7/001_openssl_no_ssl2.patch +++ /dev/null @@ -1,77 +0,0 @@ -diff -r -u ./Lib/ssl.py ../Python-2.6.8/Lib/ssl.py ---- ./Lib/ssl.py 2012-04-11 00:32:06.000000000 +0900 -+++ ../Python-2.6.8/Lib/ssl.py 2013-05-08 19:44:49.000000000 +0900 -@@ -61,7 +61,19 @@ - - from _ssl import SSLError - from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED --from _ssl import PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 -+from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 -+_PROTOCOL_NAMES = { -+ PROTOCOL_TLSv1: "TLSv1", -+ PROTOCOL_SSLv23: "SSLv23", -+ PROTOCOL_SSLv3: "SSLv3", -+} -+try: -+ from _ssl import PROTOCOL_SSLv2 -+ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 -+except ImportError: -+ _SSLv2_IF_EXISTS = None -+else: -+ _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" - from _ssl import RAND_status, RAND_egd, RAND_add - from _ssl import \ - SSL_ERROR_ZERO_RETURN, \ -@@ -402,16 +414,7 @@ - return DER_cert_to_PEM_cert(dercert) - - def get_protocol_name(protocol_code): -- if protocol_code == PROTOCOL_TLSv1: -- return "TLSv1" -- elif protocol_code == PROTOCOL_SSLv23: -- return "SSLv23" -- elif protocol_code == PROTOCOL_SSLv2: -- return "SSLv2" -- elif protocol_code == PROTOCOL_SSLv3: -- return "SSLv3" -- else: -- return "" -+ return _PROTOCOL_NAMES.get(protocol_code, '') - - - # a replacement for the old socket.ssl function -diff -r -u ./Modules/_ssl.c ../Python-2.6.8/Modules/_ssl.c ---- ./Modules/_ssl.c 2012-04-11 00:32:09.000000000 +0900 -+++ ../Python-2.6.8/Modules/_ssl.c 2013-05-08 17:34:38.000000000 +0900 -@@ -62,7 +62,9 @@ - }; - - enum py_ssl_version { -+#ifndef OPENSSL_NO_SSL2 - PY_SSL_VERSION_SSL2, -+#endif - PY_SSL_VERSION_SSL3, - PY_SSL_VERSION_SSL23, - PY_SSL_VERSION_TLS1 -@@ -302,8 +304,10 @@ - self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ - else if (proto_version == PY_SSL_VERSION_SSL3) - self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ -+#ifndef OPENSSL_NO_SSL2 - else if (proto_version == PY_SSL_VERSION_SSL2) - self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ -+#endif - else if (proto_version == PY_SSL_VERSION_SSL23) - self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */ - PySSL_END_ALLOW_THREADS -@@ -1688,8 +1692,10 @@ - PY_SSL_CERT_REQUIRED); - - /* protocol versions */ -+#ifndef OPENSSL_NO_SSL2 - PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", - PY_SSL_VERSION_SSL2); -+#endif - PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", - PY_SSL_VERSION_SSL3); - PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", diff --git a/plugins/python-build/share/python-build/patches/2.6.7/Python-2.6.7/010_ssl_no_ssl2_no_ssl3.patch b/plugins/python-build/share/python-build/patches/2.6.7/Python-2.6.7/010_ssl_no_ssl2_no_ssl3.patch new file mode 100644 index 00000000..eb028754 --- /dev/null +++ b/plugins/python-build/share/python-build/patches/2.6.7/Python-2.6.7/010_ssl_no_ssl2_no_ssl3.patch @@ -0,0 +1,95 @@ +diff -r -u ../Python-2.6.8.orig/Lib/ssl.py ./Lib/ssl.py +--- ../Python-2.6.8.orig/Lib/ssl.py 2012-04-10 15:32:06.000000000 +0000 ++++ ./Lib/ssl.py 2015-12-18 14:46:36.487188331 +0000 +@@ -61,18 +61,24 @@ + + from _ssl import SSLError + from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED +-from _ssl import PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 +-from _ssl import RAND_status, RAND_egd, RAND_add +-from _ssl import \ +- SSL_ERROR_ZERO_RETURN, \ +- SSL_ERROR_WANT_READ, \ +- SSL_ERROR_WANT_WRITE, \ +- SSL_ERROR_WANT_X509_LOOKUP, \ +- SSL_ERROR_SYSCALL, \ +- SSL_ERROR_SSL, \ +- SSL_ERROR_WANT_CONNECT, \ +- SSL_ERROR_EOF, \ +- SSL_ERROR_INVALID_ERROR_CODE ++from _ssl import RAND_status, RAND_add ++try: ++ from _ssl import RAND_egd ++except ImportError: ++ # LibreSSL does not provide RAND_egd ++ pass ++ ++def _import_symbols(prefix): ++ for n in dir(_ssl): ++ if n.startswith(prefix): ++ globals()[n] = getattr(_ssl, n) ++ ++_import_symbols('OP_') ++_import_symbols('ALERT_DESCRIPTION_') ++_import_symbols('SSL_ERROR_') ++_import_symbols('PROTOCOL_') ++ ++_PROTOCOL_NAMES = dict([(value, name) for name, value in globals().items() if name.startswith('PROTOCOL_')]) + + from socket import socket, _fileobject, _delegate_methods + from socket import error as socket_error +@@ -382,7 +388,7 @@ + d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] + return base64.decodestring(d) + +-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): ++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): + + """Retrieve the certificate from the server at the specified address, + and return it as a PEM-encoded string. +diff -r -u ../Python-2.6.8.orig/Modules/_ssl.c ./Modules/_ssl.c +--- ../Python-2.6.8.orig/Modules/_ssl.c 2012-04-10 15:32:09.000000000 +0000 ++++ ./Modules/_ssl.c 2015-12-18 14:45:30.419597074 +0000 +@@ -62,8 +62,12 @@ + }; + + enum py_ssl_version { ++#ifndef OPENSSL_NO_SSL2 + PY_SSL_VERSION_SSL2, ++#endif ++#ifndef OPENSSL_NO_SSL3 + PY_SSL_VERSION_SSL3, ++#endif + PY_SSL_VERSION_SSL23, + PY_SSL_VERSION_TLS1 + }; +@@ -300,10 +304,14 @@ + PySSL_BEGIN_ALLOW_THREADS + if (proto_version == PY_SSL_VERSION_TLS1) + self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ ++#ifndef OPENSSL_NO_SSL3 + else if (proto_version == PY_SSL_VERSION_SSL3) + self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ ++#endif ++#ifndef OPENSSL_NO_SSL2 + else if (proto_version == PY_SSL_VERSION_SSL2) + self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ ++#endif + else if (proto_version == PY_SSL_VERSION_SSL23) + self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */ + PySSL_END_ALLOW_THREADS +@@ -1688,10 +1696,14 @@ + PY_SSL_CERT_REQUIRED); + + /* protocol versions */ ++#ifndef OPENSSL_NO_SSL2 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", + PY_SSL_VERSION_SSL2); ++#endif ++#ifndef OPENSSL_NO_SSL3 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", + PY_SSL_VERSION_SSL3); ++#endif + PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", + PY_SSL_VERSION_SSL23); + PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", diff --git a/plugins/python-build/share/python-build/patches/2.6.8/Python-2.6.8/001_openssl_no_ssl2.patch b/plugins/python-build/share/python-build/patches/2.6.8/Python-2.6.8/001_openssl_no_ssl2.patch deleted file mode 100644 index 7304deb4..00000000 --- a/plugins/python-build/share/python-build/patches/2.6.8/Python-2.6.8/001_openssl_no_ssl2.patch +++ /dev/null @@ -1,77 +0,0 @@ -diff -r -u ./Lib/ssl.py ../Python-2.6.8/Lib/ssl.py ---- ./Lib/ssl.py 2012-04-11 00:32:06.000000000 +0900 -+++ ../Python-2.6.8/Lib/ssl.py 2013-05-08 19:44:49.000000000 +0900 -@@ -61,7 +61,19 @@ - - from _ssl import SSLError - from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED --from _ssl import PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 -+from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 -+_PROTOCOL_NAMES = { -+ PROTOCOL_TLSv1: "TLSv1", -+ PROTOCOL_SSLv23: "SSLv23", -+ PROTOCOL_SSLv3: "SSLv3", -+} -+try: -+ from _ssl import PROTOCOL_SSLv2 -+ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 -+except ImportError: -+ _SSLv2_IF_EXISTS = None -+else: -+ _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" - from _ssl import RAND_status, RAND_egd, RAND_add - from _ssl import \ - SSL_ERROR_ZERO_RETURN, \ -@@ -402,16 +414,7 @@ - return DER_cert_to_PEM_cert(dercert) - - def get_protocol_name(protocol_code): -- if protocol_code == PROTOCOL_TLSv1: -- return "TLSv1" -- elif protocol_code == PROTOCOL_SSLv23: -- return "SSLv23" -- elif protocol_code == PROTOCOL_SSLv2: -- return "SSLv2" -- elif protocol_code == PROTOCOL_SSLv3: -- return "SSLv3" -- else: -- return "" -+ return _PROTOCOL_NAMES.get(protocol_code, '') - - - # a replacement for the old socket.ssl function -diff -r -u ./Modules/_ssl.c ../Python-2.6.8/Modules/_ssl.c ---- ./Modules/_ssl.c 2012-04-11 00:32:09.000000000 +0900 -+++ ../Python-2.6.8/Modules/_ssl.c 2013-05-08 17:34:38.000000000 +0900 -@@ -62,7 +62,9 @@ - }; - - enum py_ssl_version { -+#ifndef OPENSSL_NO_SSL2 - PY_SSL_VERSION_SSL2, -+#endif - PY_SSL_VERSION_SSL3, - PY_SSL_VERSION_SSL23, - PY_SSL_VERSION_TLS1 -@@ -302,8 +304,10 @@ - self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ - else if (proto_version == PY_SSL_VERSION_SSL3) - self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ -+#ifndef OPENSSL_NO_SSL2 - else if (proto_version == PY_SSL_VERSION_SSL2) - self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ -+#endif - else if (proto_version == PY_SSL_VERSION_SSL23) - self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */ - PySSL_END_ALLOW_THREADS -@@ -1688,8 +1692,10 @@ - PY_SSL_CERT_REQUIRED); - - /* protocol versions */ -+#ifndef OPENSSL_NO_SSL2 - PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", - PY_SSL_VERSION_SSL2); -+#endif - PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", - PY_SSL_VERSION_SSL3); - PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", diff --git a/plugins/python-build/share/python-build/patches/2.6.8/Python-2.6.8/010_ssl_no_ssl2_no_ssl3.patch b/plugins/python-build/share/python-build/patches/2.6.8/Python-2.6.8/010_ssl_no_ssl2_no_ssl3.patch new file mode 100644 index 00000000..eb028754 --- /dev/null +++ b/plugins/python-build/share/python-build/patches/2.6.8/Python-2.6.8/010_ssl_no_ssl2_no_ssl3.patch @@ -0,0 +1,95 @@ +diff -r -u ../Python-2.6.8.orig/Lib/ssl.py ./Lib/ssl.py +--- ../Python-2.6.8.orig/Lib/ssl.py 2012-04-10 15:32:06.000000000 +0000 ++++ ./Lib/ssl.py 2015-12-18 14:46:36.487188331 +0000 +@@ -61,18 +61,24 @@ + + from _ssl import SSLError + from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED +-from _ssl import PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 +-from _ssl import RAND_status, RAND_egd, RAND_add +-from _ssl import \ +- SSL_ERROR_ZERO_RETURN, \ +- SSL_ERROR_WANT_READ, \ +- SSL_ERROR_WANT_WRITE, \ +- SSL_ERROR_WANT_X509_LOOKUP, \ +- SSL_ERROR_SYSCALL, \ +- SSL_ERROR_SSL, \ +- SSL_ERROR_WANT_CONNECT, \ +- SSL_ERROR_EOF, \ +- SSL_ERROR_INVALID_ERROR_CODE ++from _ssl import RAND_status, RAND_add ++try: ++ from _ssl import RAND_egd ++except ImportError: ++ # LibreSSL does not provide RAND_egd ++ pass ++ ++def _import_symbols(prefix): ++ for n in dir(_ssl): ++ if n.startswith(prefix): ++ globals()[n] = getattr(_ssl, n) ++ ++_import_symbols('OP_') ++_import_symbols('ALERT_DESCRIPTION_') ++_import_symbols('SSL_ERROR_') ++_import_symbols('PROTOCOL_') ++ ++_PROTOCOL_NAMES = dict([(value, name) for name, value in globals().items() if name.startswith('PROTOCOL_')]) + + from socket import socket, _fileobject, _delegate_methods + from socket import error as socket_error +@@ -382,7 +388,7 @@ + d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] + return base64.decodestring(d) + +-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): ++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): + + """Retrieve the certificate from the server at the specified address, + and return it as a PEM-encoded string. +diff -r -u ../Python-2.6.8.orig/Modules/_ssl.c ./Modules/_ssl.c +--- ../Python-2.6.8.orig/Modules/_ssl.c 2012-04-10 15:32:09.000000000 +0000 ++++ ./Modules/_ssl.c 2015-12-18 14:45:30.419597074 +0000 +@@ -62,8 +62,12 @@ + }; + + enum py_ssl_version { ++#ifndef OPENSSL_NO_SSL2 + PY_SSL_VERSION_SSL2, ++#endif ++#ifndef OPENSSL_NO_SSL3 + PY_SSL_VERSION_SSL3, ++#endif + PY_SSL_VERSION_SSL23, + PY_SSL_VERSION_TLS1 + }; +@@ -300,10 +304,14 @@ + PySSL_BEGIN_ALLOW_THREADS + if (proto_version == PY_SSL_VERSION_TLS1) + self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ ++#ifndef OPENSSL_NO_SSL3 + else if (proto_version == PY_SSL_VERSION_SSL3) + self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ ++#endif ++#ifndef OPENSSL_NO_SSL2 + else if (proto_version == PY_SSL_VERSION_SSL2) + self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ ++#endif + else if (proto_version == PY_SSL_VERSION_SSL23) + self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */ + PySSL_END_ALLOW_THREADS +@@ -1688,10 +1696,14 @@ + PY_SSL_CERT_REQUIRED); + + /* protocol versions */ ++#ifndef OPENSSL_NO_SSL2 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", + PY_SSL_VERSION_SSL2); ++#endif ++#ifndef OPENSSL_NO_SSL3 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", + PY_SSL_VERSION_SSL3); ++#endif + PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", + PY_SSL_VERSION_SSL23); + PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",