26 lines
951 B
Diff
26 lines
951 B
Diff
|
---
|
||
|
|
Lib/ssl.py | 12 +++++++++++-
|
||
|
|
1 file changed, 11 insertions(+), 1 deletion(-)
|
||
|
|
|
||
|
|
--- a/Lib/ssl.py
|
||
|
|
+++ b/Lib/ssl.py
|
||
|
|
@@ -497,7 +497,17 @@ def _get_https_context_factory():
|
||
|
|
return _create_unverified_context
|
||
|
|
return create_default_context
|
||
|
|
|
||
|
|
-_create_default_https_context = _get_https_context_factory()
|
||
|
|
+try:
|
||
|
|
+ # load the TLS checks policy from separate package
|
||
|
|
+ import sle_tls_checks_policy as policy
|
||
|
|
+ if policy.get_policy:
|
||
|
|
+ _create_default_https_context = policy.get_policy()
|
||
|
|
+ else:
|
||
|
|
+ # empty policy file means simply enable strict verification
|
||
|
|
+ _create_default_https_context = _get_https_context_factory()
|
||
|
|
+except ImportError:
|
||
|
|
+ # policy not present, disable verification for backwards compatibility
|
||
|
|
+ _create_default_https_context = _create_unverified_context
|
||
|
|
|
||
|
|
# PEP 493: "private" API to configure HTTPS defaults without monkeypatching
|
||
|
|
def _https_verify_certificates(enable=True):
|