diff --git a/python-2.7.9-ssl_ca_path.patch b/python-2.7.9-ssl_ca_path.patch new file mode 100644 index 0000000..30bbef0 --- /dev/null +++ b/python-2.7.9-ssl_ca_path.patch @@ -0,0 +1,21 @@ +Index: Python-2.7.9/Lib/ssl.py +=================================================================== +--- Python-2.7.9.orig/Lib/ssl.py 2014-12-10 16:59:40.000000000 +0100 ++++ Python-2.7.9/Lib/ssl.py 2015-02-25 17:28:19.538808314 +0100 +@@ -504,7 +504,15 @@ + self._context = SSLContext(ssl_version) + self._context.verify_mode = cert_reqs + if ca_certs: +- self._context.load_verify_locations(ca_certs) ++ capath = None ++ cafile = None ++ if os.path.isdir(ca_certs): ++ capath = ca_certs ++ else: ++ cafile = ca_certs ++ self._context.load_verify_locations(cafile=cafile, capath=capath) ++ elif cert_reqs != CERT_NONE: ++ self._context.set_default_verify_paths() + if certfile: + self._context.load_cert_chain(certfile, keyfile) + if npn_protocols: diff --git a/python-base.spec b/python-base.spec index 408293e..7583b5b 100644 --- a/python-base.spec +++ b/python-base.spec @@ -52,6 +52,8 @@ Patch24: python-bsddb6.diff Patch31: python-2.7.7-mhlib-linkcount.patch # PATCH-FIX-UPSTREAM remove unconditional "import ssl" from test Patch32: python-2.7-urllib2-localnet-ssl.patch +# PATCH-FIX-UPSTREAM accept directory-based CA paths as well +Patch33: python-2.7.9-ssl_ca_path.patch # COMMON-PATCH-END %define python_version %(echo %{tarversion} | head -c 3) BuildRequires: automake @@ -141,6 +143,7 @@ other applications. %patch24 -p1 %patch31 -p1 %patch32 -p1 +%patch33 -p1 # drop Autoconf version requirement sed -i 's/^version_required/dnl version_required/' configure.ac diff --git a/python-doc.spec b/python-doc.spec index 5eca6c8..dc7ea33 100644 --- a/python-doc.spec +++ b/python-doc.spec @@ -52,6 +52,8 @@ Patch24: python-bsddb6.diff Patch31: python-2.7.7-mhlib-linkcount.patch # PATCH-FIX-UPSTREAM remove unconditional "import ssl" from test Patch32: python-2.7-urllib2-localnet-ssl.patch +# PATCH-FIX-UPSTREAM accept directory-based CA paths as well +Patch33: python-2.7.9-ssl_ca_path.patch # COMMON-PATCH-END Provides: pyth_doc Provides: pyth_ps @@ -95,6 +97,7 @@ Python, and Macintosh Module Reference in PDF format. %patch24 -p1 %patch31 -p1 %patch32 -p1 +%patch33 -p1 # drop Autoconf version requirement sed -i 's/^version_required/dnl version_required/' configure.ac diff --git a/python.changes b/python.changes index bf3858c..8619fd5 100644 --- a/python.changes +++ b/python.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Feb 25 16:31:37 UTC 2015 - jmatejek@suse.com + +- python-2.7.9-ssl_ca_path.patch - reintroduce support for CA directory path + ------------------------------------------------------------------- Fri Dec 12 17:11:51 UTC 2014 - jmatejek@suse.com diff --git a/python.spec b/python.spec index cdb08d0..29cbd9d 100644 --- a/python.spec +++ b/python.spec @@ -56,6 +56,8 @@ Patch24: python-bsddb6.diff Patch31: python-2.7.7-mhlib-linkcount.patch # PATCH-FIX-UPSTREAM remove unconditional "import ssl" from test Patch32: python-2.7-urllib2-localnet-ssl.patch +# PATCH-FIX-UPSTREAM accept directory-based CA paths as well +Patch33: python-2.7.9-ssl_ca_path.patch # COMMON-PATCH-END BuildRequires: automake BuildRequires: db-devel @@ -175,6 +177,7 @@ implementation of the standard Unix DBM databases. %patch24 -p1 %patch31 -p1 %patch32 -p1 +%patch33 -p1 # drop Autoconf version requirement sed -i 's/^version_required/dnl version_required/' configure.ac