python/python-2.7.3-ssl_ca_path.patch

Index: Python-2.7.7/Modules/_ssl.c
===================================================================
--- Python-2.7.7.orig/Modules/_ssl.c	2014-06-20 14:34:28.157656595 +0200
+++ Python-2.7.7/Modules/_ssl.c	2014-06-20 14:35:20.092929774 +0200
@@ -273,6 +273,7 @@
     char *errstr = NULL;
     int ret;
     int verification_mode;
+    struct stat stat_buf;
     long options;
 
     self = PyObject_New(PySSLObject, &PySSL_Type); /* Create new object */
@@ -331,20 +332,32 @@
 
     if (certreq != PY_SSL_CERT_NONE) {
         if (cacerts_file == NULL) {
-            errstr = ERRSTR("No root certificates specified for "
-                            "verification of other-side certificates.");
-            goto fail;
-        } else {
             PySSL_BEGIN_ALLOW_THREADS
-            ret = SSL_CTX_load_verify_locations(self->ctx,
-                                                cacerts_file,
-                                                NULL);
+            ret = SSL_CTX_set_default_verify_paths(self->ctx);
             PySSL_END_ALLOW_THREADS
-            if (ret != 1) {
-                _setSSLError(NULL, 0, __FILE__, __LINE__);
-                goto fail;
+        } else {
+            /* If cacerts_file is a directory-based cert store, pass it as the
+               third parameter, CApath, instead
+            */
+            if (stat(cacerts_file, &stat_buf) == 0 && S_ISDIR(stat_buf.st_mode)) {
+                PySSL_BEGIN_ALLOW_THREADS
+                ret = SSL_CTX_load_verify_locations(self->ctx,
+                                                    NULL,
+                                                    cacerts_file);
+                PySSL_END_ALLOW_THREADS
+            } else {
+                PySSL_BEGIN_ALLOW_THREADS
+                ret = SSL_CTX_load_verify_locations(self->ctx,
+                                                    cacerts_file,
+                                                    NULL);
+                PySSL_END_ALLOW_THREADS
             }
         }
+
+        if (ret != 1) {
+            _setSSLError(NULL, 0, __FILE__, __LINE__);
+            goto fail;
+        }
     }
     if (key_file) {
         PySSL_BEGIN_ALLOW_THREADS
- update to 2.7.7 * bugfix-only release, over a hundred bugs fixed * backported hmac.compare_digest from python3, first step of PEP 466 - drop upstreamed patches: * CVE-2014-1912-recvfrom_into.patch * python-2.7.4-no-REUSEPORT.patch * python-2.7.6-bdist-rpm.patch * python-2.7.6-imaplib.patch * python-2.7.6-sqlite-3.8.4-tests.patch - refresh patches: * python-2.7.3-ssl_ca_path.patch * python-2.7.4-canonicalize2.patch * xmlrpc_gzip_27.patch - added python keyring and signature for the main tarball - update to 2.7.7 - update to 2.7.7 * bugfix-only release, over a hundred bugs fixed OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=165 2014-06-20 13:47:06 +00:00			`Index: Python-2.7.7/Modules/_ssl.c`
Accepting request 196445 from home:lnussel:branches:devel:languages:python:Factory - update python-2.7.3-ssl_ca_path.patch patch to load default verify locations if no ca_certs file is specified (bnc#827982, bnc#836739) OBS-URL: https://build.opensuse.org/request/show/196445 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=149 2013-08-26 15:45:18 +00:00			`===================================================================`
- update to 2.7.7 * bugfix-only release, over a hundred bugs fixed * backported hmac.compare_digest from python3, first step of PEP 466 - drop upstreamed patches: * CVE-2014-1912-recvfrom_into.patch * python-2.7.4-no-REUSEPORT.patch * python-2.7.6-bdist-rpm.patch * python-2.7.6-imaplib.patch * python-2.7.6-sqlite-3.8.4-tests.patch - refresh patches: * python-2.7.3-ssl_ca_path.patch * python-2.7.4-canonicalize2.patch * xmlrpc_gzip_27.patch - added python keyring and signature for the main tarball - update to 2.7.7 - update to 2.7.7 * bugfix-only release, over a hundred bugs fixed OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=165 2014-06-20 13:47:06 +00:00			`--- Python-2.7.7.orig/Modules/_ssl.c 2014-06-20 14:34:28.157656595 +0200`
			`+++ Python-2.7.7/Modules/_ssl.c 2014-06-20 14:35:20.092929774 +0200`
			`@@ -273,6 +273,7 @@`
Accepting request 121341 from home:jimfunk:branches:devel:languages:python:Factory Part of proposed fix for bnc#761501 - Add support for loading directory-based certificate stores in ssl module OBS-URL: https://build.opensuse.org/request/show/121341 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=122 2012-05-18 12:22:20 +00:00			`char *errstr = NULL;`
			`int ret;`
			`int verification_mode;`
			`+ struct stat stat_buf;`
- update to 2.7.7 * bugfix-only release, over a hundred bugs fixed * backported hmac.compare_digest from python3, first step of PEP 466 - drop upstreamed patches: * CVE-2014-1912-recvfrom_into.patch * python-2.7.4-no-REUSEPORT.patch * python-2.7.6-bdist-rpm.patch * python-2.7.6-imaplib.patch * python-2.7.6-sqlite-3.8.4-tests.patch - refresh patches: * python-2.7.3-ssl_ca_path.patch * python-2.7.4-canonicalize2.patch * xmlrpc_gzip_27.patch - added python keyring and signature for the main tarball - update to 2.7.7 - update to 2.7.7 * bugfix-only release, over a hundred bugs fixed OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=165 2014-06-20 13:47:06 +00:00			`long options;`
Accepting request 121341 from home:jimfunk:branches:devel:languages:python:Factory Part of proposed fix for bnc#761501 - Add support for loading directory-based certificate stores in ssl module OBS-URL: https://build.opensuse.org/request/show/121341 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=122 2012-05-18 12:22:20 +00:00
			`self = PyObject_New(PySSLObject, &PySSL_Type); /* Create new object */`
- update to 2.7.7 * bugfix-only release, over a hundred bugs fixed * backported hmac.compare_digest from python3, first step of PEP 466 - drop upstreamed patches: * CVE-2014-1912-recvfrom_into.patch * python-2.7.4-no-REUSEPORT.patch * python-2.7.6-bdist-rpm.patch * python-2.7.6-imaplib.patch * python-2.7.6-sqlite-3.8.4-tests.patch - refresh patches: * python-2.7.3-ssl_ca_path.patch * python-2.7.4-canonicalize2.patch * xmlrpc_gzip_27.patch - added python keyring and signature for the main tarball - update to 2.7.7 - update to 2.7.7 * bugfix-only release, over a hundred bugs fixed OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=165 2014-06-20 13:47:06 +00:00			`@@ -331,20 +332,32 @@`
Accepting request 196445 from home:lnussel:branches:devel:languages:python:Factory - update python-2.7.3-ssl_ca_path.patch patch to load default verify locations if no ca_certs file is specified (bnc#827982, bnc#836739) OBS-URL: https://build.opensuse.org/request/show/196445 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=149 2013-08-26 15:45:18 +00:00
			`if (certreq != PY_SSL_CERT_NONE) {`
			`if (cacerts_file == NULL) {`
			`- errstr = ERRSTR("No root certificates specified for "`
			`- "verification of other-side certificates.");`
			`- goto fail;`
			`- } else {`
			`PySSL_BEGIN_ALLOW_THREADS`
Accepting request 121341 from home:jimfunk:branches:devel:languages:python:Factory Part of proposed fix for bnc#761501 - Add support for loading directory-based certificate stores in ssl module OBS-URL: https://build.opensuse.org/request/show/121341 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=122 2012-05-18 12:22:20 +00:00			`- ret = SSL_CTX_load_verify_locations(self->ctx,`
			`- cacerts_file,`
			`- NULL);`
Accepting request 196445 from home:lnussel:branches:devel:languages:python:Factory - update python-2.7.3-ssl_ca_path.patch patch to load default verify locations if no ca_certs file is specified (bnc#827982, bnc#836739) OBS-URL: https://build.opensuse.org/request/show/196445 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=149 2013-08-26 15:45:18 +00:00			`+ ret = SSL_CTX_set_default_verify_paths(self->ctx);`
			`PySSL_END_ALLOW_THREADS`
			`- if (ret != 1) {`
			`- _setSSLError(NULL, 0, __FILE__, __LINE__);`
			`- goto fail;`
			`+ } else {`
Accepting request 121341 from home:jimfunk:branches:devel:languages:python:Factory Part of proposed fix for bnc#761501 - Add support for loading directory-based certificate stores in ssl module OBS-URL: https://build.opensuse.org/request/show/121341 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=122 2012-05-18 12:22:20 +00:00			`+ /* If cacerts_file is a directory-based cert store, pass it as the`
			`+ third parameter, CApath, instead`
			`+ */`
			`+ if (stat(cacerts_file, &stat_buf) == 0 && S_ISDIR(stat_buf.st_mode)) {`
			`+ PySSL_BEGIN_ALLOW_THREADS`
			`+ ret = SSL_CTX_load_verify_locations(self->ctx,`
			`+ NULL,`
			`+ cacerts_file);`
			`+ PySSL_END_ALLOW_THREADS`
			`+ } else {`
			`+ PySSL_BEGIN_ALLOW_THREADS`
			`+ ret = SSL_CTX_load_verify_locations(self->ctx,`
			`+ cacerts_file,`
			`+ NULL);`
			`+ PySSL_END_ALLOW_THREADS`
Accepting request 196445 from home:lnussel:branches:devel:languages:python:Factory - update python-2.7.3-ssl_ca_path.patch patch to load default verify locations if no ca_certs file is specified (bnc#827982, bnc#836739) OBS-URL: https://build.opensuse.org/request/show/196445 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=149 2013-08-26 15:45:18 +00:00			`}`
			`}`
Accepting request 121341 from home:jimfunk:branches:devel:languages:python:Factory Part of proposed fix for bnc#761501 - Add support for loading directory-based certificate stores in ssl module OBS-URL: https://build.opensuse.org/request/show/121341 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=122 2012-05-18 12:22:20 +00:00			`+`
Accepting request 196445 from home:lnussel:branches:devel:languages:python:Factory - update python-2.7.3-ssl_ca_path.patch patch to load default verify locations if no ca_certs file is specified (bnc#827982, bnc#836739) OBS-URL: https://build.opensuse.org/request/show/196445 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=149 2013-08-26 15:45:18 +00:00			`+ if (ret != 1) {`
			`+ _setSSLError(NULL, 0, __FILE__, __LINE__);`
			`+ goto fail;`
			`+ }`
			`}`
			`if (key_file) {`
			`PySSL_BEGIN_ALLOW_THREADS`