diff --git a/python-2.7.9-sles-disable-verification-by-default.patch b/python-2.7.9-sles-disable-verification-by-default.patch deleted file mode 100644 index 1dbea20..0000000 --- a/python-2.7.9-sles-disable-verification-by-default.patch +++ /dev/null @@ -1,21 +0,0 @@ ---- a/Lib/ssl.py -+++ b/Lib/ssl.py -@@ -495,7 +495,17 @@ def _get_https_context_factory(): - config_setting = os.environ.get(_https_verify_envvar) - if config_setting == '0': - return _create_unverified_context -- return create_default_context -+ -+ try: -+ # load the TLS checks policy from separate package -+ import sle_tls_checks_policy as policy -+ if policy.get_policy: -+ return policy.get_policy() -+ else: -+ # empty policy file means simply enable strict verification -+ return create_default_context -+ except ImportError: -+ return create_default_context - - _create_default_https_context = _get_https_context_factory() - diff --git a/python-base.spec b/python-base.spec index fe629e8..4287594 100644 --- a/python-base.spec +++ b/python-base.spec @@ -58,8 +58,6 @@ Patch22: python-2.7-libffi-aarch64.patch Patch24: python-bsddb6.patch # PATCH-FIX-UPSTREAM accept directory-based CA paths as well Patch33: python-2.7.9-ssl_ca_path.patch -# PATCH-FEATURE-SLE disable SSL verification-by-default in http clients -Patch34: python-2.7.9-sles-disable-verification-by-default.patch # PATCH-FIX-UPSTREAM do not use non-ASCII filename in test_ssl.py Patch35: do-not-use-non-ascii-in-test_ssl.patch # PATCH-FIX-UPSTREAM bmwiedemann@suse.de -- allow python packages to build reproducibly @@ -235,9 +233,6 @@ other applications. %patch22 -p1 %patch24 -p1 %patch33 -p1 -%if %{suse_version} == 1315 && !0%{?is_opensuse} -%patch34 -p1 -%endif %patch35 -p1 %patch38 -p1 %ifarch ppc ppc64 ppc64le diff --git a/python-doc.spec b/python-doc.spec index de8e30a..177b2ca 100644 --- a/python-doc.spec +++ b/python-doc.spec @@ -57,8 +57,6 @@ Patch22: python-2.7-libffi-aarch64.patch Patch24: python-bsddb6.patch # PATCH-FIX-UPSTREAM accept directory-based CA paths as well Patch33: python-2.7.9-ssl_ca_path.patch -# PATCH-FEATURE-SLE disable SSL verification-by-default in http clients -Patch34: python-2.7.9-sles-disable-verification-by-default.patch # PATCH-FIX-UPSTREAM do not use non-ASCII filename in test_ssl.py Patch35: do-not-use-non-ascii-in-test_ssl.patch # PATCH-FIX-UPSTREAM bmwiedemann@suse.de -- allow python packages to build reproducibly @@ -172,9 +170,6 @@ Python, and Macintosh Module Reference in PDF format. %patch22 -p1 %patch24 -p1 %patch33 -p1 -%if %{suse_version} == 1315 && !0%{?is_opensuse} -%patch34 -p1 -%endif %patch35 -p1 %patch38 -p1 %ifarch ppc ppc64 ppc64le diff --git a/python.changes b/python.changes index 7361bcc..59555ec 100644 --- a/python.changes +++ b/python.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Fri Mar 18 14:13:25 UTC 2022 - Marcus Meissner + +- python-2.7.9-sles-disable-verification-by-default.patch: remove + as it by default now always does strict enforcement anyway and it + is 2022. + ------------------------------------------------------------------- Sat Feb 26 12:41:42 UTC 2022 - Matej Cepl diff --git a/python.spec b/python.spec index 7a0d03b..ce1454f 100644 --- a/python.spec +++ b/python.spec @@ -57,8 +57,6 @@ Patch22: python-2.7-libffi-aarch64.patch Patch24: python-bsddb6.patch # PATCH-FIX-UPSTREAM accept directory-based CA paths as well Patch33: python-2.7.9-ssl_ca_path.patch -# PATCH-FEATURE-SLE disable SSL verification-by-default in http clients -Patch34: python-2.7.9-sles-disable-verification-by-default.patch # PATCH-FIX-UPSTREAM do not use non-ASCII filename in test_ssl.py Patch35: do-not-use-non-ascii-in-test_ssl.patch # PATCH-FIX-UPSTREAM bmwiedemann@suse.de -- allow python packages to build reproducibly @@ -288,9 +286,6 @@ that rely on earlier non-verification behavior. %patch22 -p1 %patch24 -p1 %patch33 -p1 -%if %{suse_version} == 1315 && !0%{?is_opensuse} -%patch34 -p1 -%endif %patch35 -p1 %patch38 -p1 %ifarch ppc ppc64 ppc64le