diff --git a/httplib2-use-system-certs.patch b/httplib2-use-system-certs.patch index f8b4ff3..9e6443d 100644 --- a/httplib2-use-system-certs.patch +++ b/httplib2-use-system-certs.patch @@ -1,8 +1,41 @@ -Index: httplib2-0.9.2/python2/httplib2/__init__.py +Index: httplib2-0.10.3/python2/httplib2/__init__.py =================================================================== ---- httplib2-0.9.2.orig/python2/httplib2/__init__.py -+++ httplib2-0.9.2/python2/httplib2/__init__.py -@@ -184,15 +184,8 @@ class CertificateHostnameMismatch(SSLHan +--- httplib2-0.10.3.orig/python2/httplib2/__init__.py ++++ httplib2-0.10.3/python2/httplib2/__init__.py +@@ -83,11 +83,18 @@ def _ssl_wrap_socket(sock, key_file, cer + cert_reqs = ssl.CERT_NONE + else: + cert_reqs = ssl.CERT_REQUIRED +- if ssl_version is None: +- ssl_version = ssl.PROTOCOL_SSLv23 +- + if hasattr(ssl, 'SSLContext'): # Python 2.7.9 +- context = ssl.SSLContext(ssl_version) ++ cafile = ca_certs ++ capath = None ++ if cafile is not None and os.path.isdir(cafile): ++ cafile = None ++ capath = ca_certs ++ ++ if ssl_version is None: ++ context = ssl.create_default_context(cafile=cafile, capath=capath) ++ else: ++ context = ssl.SSLContext(ssl_version) ++ + context.verify_mode = cert_reqs + context.check_hostname = (cert_reqs != ssl.CERT_NONE) + if cert_file: +@@ -96,6 +103,9 @@ def _ssl_wrap_socket(sock, key_file, cer + context.load_verify_locations(ca_certs) + return context.wrap_socket(sock, server_hostname=hostname) + else: ++ if ssl_version is None: ++ ssl_version = ssl.PROTOCOL_SSLv23 ++ + return ssl.wrap_socket(sock, keyfile=key_file, certfile=cert_file, + cert_reqs=cert_reqs, ca_certs=ca_certs, + ssl_version=ssl_version) +@@ -210,15 +220,8 @@ class NotRunningAppEngineEnvironment(Htt # requesting that URI again. DEFAULT_MAX_REDIRECTS = 5 @@ -20,7 +53,7 @@ Index: httplib2-0.9.2/python2/httplib2/__init__.py # Which headers are hop-by-hop headers by default HOP_BY_HOP = ['connection', 'keep-alive', 'proxy-authenticate', 'proxy-authorization', 'te', 'trailers', 'transfer-encoding', 'upgrade'] -@@ -944,8 +937,6 @@ class HTTPSConnectionWithTimeout(httplib +@@ -975,8 +978,6 @@ class HTTPSConnectionWithTimeout(httplib cert_file=cert_file, strict=strict) self.timeout = timeout self.proxy_info = proxy_info @@ -29,10 +62,10 @@ Index: httplib2-0.9.2/python2/httplib2/__init__.py self.ca_certs = ca_certs self.disable_ssl_certificate_validation = \ disable_ssl_certificate_validation -Index: httplib2-0.9.2/python3/httplib2/__init__.py +Index: httplib2-0.10.3/python3/httplib2/__init__.py =================================================================== ---- httplib2-0.9.2.orig/python3/httplib2/__init__.py -+++ httplib2-0.9.2/python3/httplib2/__init__.py +--- httplib2-0.10.3.orig/python3/httplib2/__init__.py ++++ httplib2-0.10.3/python3/httplib2/__init__.py @@ -124,8 +124,7 @@ DEFAULT_MAX_REDIRECTS = 5 HOP_BY_HOP = ['connection', 'keep-alive', 'proxy-authenticate', 'proxy-authorization', 'te', 'trailers', 'transfer-encoding', 'upgrade'] @@ -43,7 +76,7 @@ Index: httplib2-0.9.2/python3/httplib2/__init__.py def _get_end2end_headers(response): hopbyhop = list(HOP_BY_HOP) -@@ -838,16 +837,17 @@ +@@ -838,16 +837,17 @@ class HTTPSConnectionWithTimeout(http.cl # TODO: implement proxy_info self.proxy_info = proxy_info context = None @@ -69,10 +102,10 @@ Index: httplib2-0.9.2/python3/httplib2/__init__.py if cert_file: context.load_cert_chain(cert_file, key_file) if ca_certs: -Index: httplib2-0.9.2/setup.py +Index: httplib2-0.10.3/setup.py =================================================================== ---- httplib2-0.9.2.orig/setup.py -+++ httplib2-0.9.2/setup.py +--- httplib2-0.10.3.orig/setup.py ++++ httplib2-0.10.3/setup.py @@ -61,7 +61,6 @@ A comprehensive HTTP client library, ``h """, package_dir=pkgdir, diff --git a/python-httplib2.changes b/python-httplib2.changes index 225543f..71df1fd 100644 --- a/python-httplib2.changes +++ b/python-httplib2.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Wed Jan 10 07:47:54 UTC 2018 - dmueller@suse.com + +- update httplib2-use-system-certs.patch: handle + the case with ssl_version being None correctly + +------------------------------------------------------------------- +Tue Jan 9 11:04:53 UTC 2018 - dmueller@suse.com + +- update httplib2-use-system-certs.patch: Also use + ssl.create_default_context in the python2 case so that + the system wide certificates are loaded as trusted again. + ------------------------------------------------------------------- Wed Apr 19 22:13:57 UTC 2017 - toddrme2178@gmail.com diff --git a/python-httplib2.spec b/python-httplib2.spec index 3e4581d..919af52 100644 --- a/python-httplib2.spec +++ b/python-httplib2.spec @@ -1,7 +1,7 @@ # # spec file for package python-httplib2 # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,6 +15,7 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # + # Tests require network connection %bcond_with tests @@ -24,7 +25,7 @@ Version: 0.10.3 Release: 0 Url: https://github.com/httplib2/httplib2 Summary: A Python HTTP client library -License: MIT and Apache-2.0 and (MPL-1.1 or GPL-2.0+ or LGPL-2.1+) +License: MIT AND Apache-2.0 AND (MPL-1.1 OR GPL-2.0+ OR LGPL-2.1+) Group: Development/Libraries/Python Source: https://files.pythonhosted.org/packages/source/h/httplib2/httplib2-%{version}.tar.gz # PATCH-FIX-OPENSUSE: Don't ship private copy of Mozilla NSS certs, use system certs instead (bnc#761162)