python/python-2.7.3-ssl_ca_path.patch

Index: Python-2.7.5/Modules/_ssl.c
===================================================================
--- Python-2.7.5.orig/Modules/_ssl.c
+++ Python-2.7.5/Modules/_ssl.c
@@ -271,6 +271,7 @@ newPySSLObject(PySocketSockObject *Sock,
     char *errstr = NULL;
     int ret;
     int verification_mode;
+    struct stat stat_buf;
 
     self = PyObject_New(PySSLObject, &PySSL_Type); /* Create new object */
     if (self == NULL)
@@ -327,20 +328,32 @@ newPySSLObject(PySocketSockObject *Sock,
 
     if (certreq != PY_SSL_CERT_NONE) {
         if (cacerts_file == NULL) {
-            errstr = ERRSTR("No root certificates specified for "
-                            "verification of other-side certificates.");
-            goto fail;
-        } else {
             PySSL_BEGIN_ALLOW_THREADS
-            ret = SSL_CTX_load_verify_locations(self->ctx,
-                                                cacerts_file,
-                                                NULL);
+            ret = SSL_CTX_set_default_verify_paths(self->ctx);
             PySSL_END_ALLOW_THREADS
-            if (ret != 1) {
-                _setSSLError(NULL, 0, __FILE__, __LINE__);
-                goto fail;
+        } else {
+            /* If cacerts_file is a directory-based cert store, pass it as the
+               third parameter, CApath, instead
+            */
+            if (stat(cacerts_file, &stat_buf) == 0 && S_ISDIR(stat_buf.st_mode)) {
+                PySSL_BEGIN_ALLOW_THREADS
+                ret = SSL_CTX_load_verify_locations(self->ctx,
+                                                    NULL,
+                                                    cacerts_file);
+                PySSL_END_ALLOW_THREADS
+            } else {
+                PySSL_BEGIN_ALLOW_THREADS
+                ret = SSL_CTX_load_verify_locations(self->ctx,
+                                                    cacerts_file,
+                                                    NULL);
+                PySSL_END_ALLOW_THREADS
             }
         }
+
+        if (ret != 1) {
+            _setSSLError(NULL, 0, __FILE__, __LINE__);
+            goto fail;
+        }
     }
     if (key_file) {
         PySSL_BEGIN_ALLOW_THREADS
Accepting request 196445 from home:lnussel:branches:devel:languages:python:Factory - update python-2.7.3-ssl_ca_path.patch patch to load default verify locations if no ca_certs file is specified (bnc#827982, bnc#836739) OBS-URL: https://build.opensuse.org/request/show/196445 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=149 2013-08-26 15:45:18 +00:00			`Index: Python-2.7.5/Modules/_ssl.c`
			`===================================================================`
			`--- Python-2.7.5.orig/Modules/_ssl.c`
			`+++ Python-2.7.5/Modules/_ssl.c`
			`@@ -271,6 +271,7 @@ newPySSLObject(PySocketSockObject *Sock,`
Accepting request 121341 from home:jimfunk:branches:devel:languages:python:Factory Part of proposed fix for bnc#761501 - Add support for loading directory-based certificate stores in ssl module OBS-URL: https://build.opensuse.org/request/show/121341 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=122 2012-05-18 12:22:20 +00:00			`char *errstr = NULL;`
			`int ret;`
			`int verification_mode;`
			`+ struct stat stat_buf;`

			`self = PyObject_New(PySSLObject, &PySSL_Type); /* Create new object */`
			`if (self == NULL)`
Accepting request 196445 from home:lnussel:branches:devel:languages:python:Factory - update python-2.7.3-ssl_ca_path.patch patch to load default verify locations if no ca_certs file is specified (bnc#827982, bnc#836739) OBS-URL: https://build.opensuse.org/request/show/196445 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=149 2013-08-26 15:45:18 +00:00			`@@ -327,20 +328,32 @@ newPySSLObject(PySocketSockObject *Sock,`

			`if (certreq != PY_SSL_CERT_NONE) {`
			`if (cacerts_file == NULL) {`
			`- errstr = ERRSTR("No root certificates specified for "`
			`- "verification of other-side certificates.");`
			`- goto fail;`
			`- } else {`
			`PySSL_BEGIN_ALLOW_THREADS`
Accepting request 121341 from home:jimfunk:branches:devel:languages:python:Factory Part of proposed fix for bnc#761501 - Add support for loading directory-based certificate stores in ssl module OBS-URL: https://build.opensuse.org/request/show/121341 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=122 2012-05-18 12:22:20 +00:00			`- ret = SSL_CTX_load_verify_locations(self->ctx,`
			`- cacerts_file,`
			`- NULL);`
Accepting request 196445 from home:lnussel:branches:devel:languages:python:Factory - update python-2.7.3-ssl_ca_path.patch patch to load default verify locations if no ca_certs file is specified (bnc#827982, bnc#836739) OBS-URL: https://build.opensuse.org/request/show/196445 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=149 2013-08-26 15:45:18 +00:00			`+ ret = SSL_CTX_set_default_verify_paths(self->ctx);`
			`PySSL_END_ALLOW_THREADS`
			`- if (ret != 1) {`
			`- _setSSLError(NULL, 0, __FILE__, __LINE__);`
			`- goto fail;`
			`+ } else {`
Accepting request 121341 from home:jimfunk:branches:devel:languages:python:Factory Part of proposed fix for bnc#761501 - Add support for loading directory-based certificate stores in ssl module OBS-URL: https://build.opensuse.org/request/show/121341 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=122 2012-05-18 12:22:20 +00:00			`+ /* If cacerts_file is a directory-based cert store, pass it as the`
			`+ third parameter, CApath, instead`
			`+ */`
			`+ if (stat(cacerts_file, &stat_buf) == 0 && S_ISDIR(stat_buf.st_mode)) {`
			`+ PySSL_BEGIN_ALLOW_THREADS`
			`+ ret = SSL_CTX_load_verify_locations(self->ctx,`
			`+ NULL,`
			`+ cacerts_file);`
			`+ PySSL_END_ALLOW_THREADS`
			`+ } else {`
			`+ PySSL_BEGIN_ALLOW_THREADS`
			`+ ret = SSL_CTX_load_verify_locations(self->ctx,`
			`+ cacerts_file,`
			`+ NULL);`
			`+ PySSL_END_ALLOW_THREADS`
Accepting request 196445 from home:lnussel:branches:devel:languages:python:Factory - update python-2.7.3-ssl_ca_path.patch patch to load default verify locations if no ca_certs file is specified (bnc#827982, bnc#836739) OBS-URL: https://build.opensuse.org/request/show/196445 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=149 2013-08-26 15:45:18 +00:00			`}`
			`}`
Accepting request 121341 from home:jimfunk:branches:devel:languages:python:Factory Part of proposed fix for bnc#761501 - Add support for loading directory-based certificate stores in ssl module OBS-URL: https://build.opensuse.org/request/show/121341 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=122 2012-05-18 12:22:20 +00:00			`+`
Accepting request 196445 from home:lnussel:branches:devel:languages:python:Factory - update python-2.7.3-ssl_ca_path.patch patch to load default verify locations if no ca_certs file is specified (bnc#827982, bnc#836739) OBS-URL: https://build.opensuse.org/request/show/196445 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=149 2013-08-26 15:45:18 +00:00			`+ if (ret != 1) {`
			`+ _setSSLError(NULL, 0, __FILE__, __LINE__);`
			`+ goto fail;`
			`+ }`
			`}`
			`if (key_file) {`
			`PySSL_BEGIN_ALLOW_THREADS`