python/python-2.7.9-ssl_ca_path.patch

--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@ -537,7 +537,15 @@ class SSLSocket(socket):
             self._context = SSLContext(ssl_version)
             self._context.verify_mode = cert_reqs
             if ca_certs:
-                self._context.load_verify_locations(ca_certs)
+                capath = None
+                cafile = None
+                if os.path.isdir(ca_certs):
+                    capath = ca_certs
+                else:
+                    cafile = ca_certs
+                self._context.load_verify_locations(cafile=cafile, capath=capath)
+            elif cert_reqs != CERT_NONE:
+                self._context.set_default_verify_paths()
             if certfile:
                 self._context.load_cert_chain(certfile, keyfile)
             if npn_protocols:
Accepting request 692400 from home:mcepl:branches:devel:languages:python:Factory - bsc#1130847 (CVE-2019-9948) add CVE-2019-9948-avoid_local-file.patch removing unnecessary (and potentially harmful) URL scheme local-file://. - bsc#1129346: add CVE-2019-9636-netloc-no-decompose-characters.patch Characters in the netloc attribute that decompose under NFKC normalization (as used by the IDNA encoding) into any of ``/``, ``?``, ``#``, ``@``, or ``:`` will raise a ValueError. If the URL is decomposed before parsing, or is not a Unicode string, no error will be raised. Upstream commits e37ef41 and 507bd8c. - Update to 2.7.16: * bugfix-only release: complete list of changes on https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.16rc1.rst * Removed openssl-111.patch and CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch which are fully included in the tarball. * Updated patches to apply cleanly: CVE-2019-5010-null-defer-x509-cert-DOS.patch bpo36160-init-sysconfig_vars.patch do-not-use-non-ascii-in-test_ssl.patch openssl-111-middlebox-compat.patch openssl-111-ssl_options.patch python-2.5.1-sqlite.patch python-2.6-gettext-plurals.patch python-2.7-dirs.patch python-2.7.2-fix_date_time_compiler.patch python-2.7.4-canonicalize2.patch python-2.7.5-multilib.patch python-2.7.9-ssl_ca_path.patch OBS-URL: https://build.opensuse.org/request/show/692400 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=241 2019-04-09 00:40:36 +02:00			`--- a/Lib/ssl.py`
			`+++ b/Lib/ssl.py`
			`@@ -537,7 +537,15 @@ class SSLSocket(socket):`
- python-2.7.9-ssl_ca_path.patch - reintroduce support for CA directory path OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=174 2015-02-25 17:42:06 +01:00			`self._context = SSLContext(ssl_version)`
			`self._context.verify_mode = cert_reqs`
			`if ca_certs:`
			`- self._context.load_verify_locations(ca_certs)`
			`+ capath = None`
			`+ cafile = None`
			`+ if os.path.isdir(ca_certs):`
			`+ capath = ca_certs`
			`+ else:`
			`+ cafile = ca_certs`
			`+ self._context.load_verify_locations(cafile=cafile, capath=capath)`
			`+ elif cert_reqs != CERT_NONE:`
			`+ self._context.set_default_verify_paths()`
			`if certfile:`
			`self._context.load_cert_chain(certfile, keyfile)`
			`if npn_protocols:`