python/python-2.7.9-sles-disable-verification-by-default.patch

Index: Python-2.7.9/Lib/ssl.py
===================================================================
--- Python-2.7.9.orig/Lib/ssl.py	2015-08-12 15:53:27.419729448 +0200
+++ Python-2.7.9/Lib/ssl.py	2015-08-12 15:58:10.668465183 +0200
@@ -469,7 +469,18 @@
     return context
 
 # Used by http.client if no context is explicitly passed.
-_create_default_https_context = create_default_context
+try:
+    # load the TLS checks policy from separate package
+    import sle_tls_checks_policy as policy
+    if policy.get_policy:
+        _create_default_https_context = policy.get_policy()
+    else:
+        # empty policy file means simply enable strict verification
+        _create_default_https_context = create_default_context
+
+except ImportError:
+    # policy not present, disable verification for backwards compatibility
+    _create_default_https_context = _create_unverified_context
 
 
 # Backwards compatibility alias, even though it's not a public name.
- for SLE 12 SP1, disable SSL verification-by-default for backwards compatibility (python-2.7.9-sles-disable-verification-by-default.patch) OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=178 2015-05-21 13:58:17 +00:00			`Index: Python-2.7.9/Lib/ssl.py`
			`===================================================================`
- copy strict-tls-checks subpackage from SLE to retain future compatibility (not built in openSUSE) - do this properly to fix bnc#945401 - implement python-strict-tls-checks subpackage * when present, Python will perform TLS certificate checking by default. it is possible to remove the package to turn off the checks for compatibility with legacy scripts. * as discussed in fate#318300 * this is not built for openSUSE, but retained here in case we want to build the package for a SLE system OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=188 2015-09-14 15:36:31 +00:00			`--- Python-2.7.9.orig/Lib/ssl.py 2015-08-12 15:53:27.419729448 +0200`
			`+++ Python-2.7.9/Lib/ssl.py 2015-08-12 15:58:10.668465183 +0200`
			`@@ -469,7 +469,18 @@`
- for SLE 12 SP1, disable SSL verification-by-default for backwards compatibility (python-2.7.9-sles-disable-verification-by-default.patch) OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=178 2015-05-21 13:58:17 +00:00			`return context`

			`# Used by http.client if no context is explicitly passed.`
			`-_create_default_https_context = create_default_context`
- copy strict-tls-checks subpackage from SLE to retain future compatibility (not built in openSUSE) - do this properly to fix bnc#945401 - implement python-strict-tls-checks subpackage * when present, Python will perform TLS certificate checking by default. it is possible to remove the package to turn off the checks for compatibility with legacy scripts. * as discussed in fate#318300 * this is not built for openSUSE, but retained here in case we want to build the package for a SLE system OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=188 2015-09-14 15:36:31 +00:00			`+try:`
			`+ # load the TLS checks policy from separate package`
			`+ import sle_tls_checks_policy as policy`
			`+ if policy.get_policy:`
			`+ _create_default_https_context = policy.get_policy()`
			`+ else:`
			`+ # empty policy file means simply enable strict verification`
			`+ _create_default_https_context = create_default_context`
			`+`
			`+except ImportError:`
			`+ # policy not present, disable verification for backwards compatibility`
			`+ _create_default_https_context = _create_unverified_context`
- for SLE 12 SP1, disable SSL verification-by-default for backwards compatibility (python-2.7.9-sles-disable-verification-by-default.patch) OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=178 2015-05-21 13:58:17 +00:00

			`# Backwards compatibility alias, even though it's not a public name.`