Accepting request 196445 from home:lnussel:branches:devel:languages:python:Factory

- update python-2.7.3-ssl_ca_path.patch patch to load default verify locations if no ca_certs file is specified (bnc#827982, bnc#836739) OBS-URL: https://build.opensuse.org/request/show/196445 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=149
2013-08-26 15:45:18 +00:00 · 2013-08-26 15:45:18 +00:00 · 88c9accd0a
commit 88c9accd0a
parent 3b23ea3881
2 changed files with 35 additions and 13 deletions
--- a/python-2.7.3-ssl_ca_path.patch
+++ b/python-2.7.3-ssl_ca_path.patch
@ -1,6 +1,8 @@
--- a/Modules/_ssl.c
-+++ b/Modules/_ssl.c
-@@ -271,6 +271,7 @@
+Index: Python-2.7.5/Modules/_ssl.c
+===================================================================
+--- Python-2.7.5.orig/Modules/_ssl.c
+++ Python-2.7.5/Modules/_ssl.c
+@@ -271,6 +271,7 @@ newPySSLObject(PySocketSockObject *Sock,
     char *errstr = NULL;
     int ret;
     int verification_mode;
@ -8,15 +10,24 @@
 
     self = PyObject_New(PySSLObject, &PySSL_Type); /* Create new object */
     if (self == NULL)
-@@ -331,11 +332,23 @@
-                             "verification of other-side certificates.");
-             goto fail;
-         } else {
-            PySSL_BEGIN_ALLOW_THREADS
+@@ -327,20 +328,32 @@ newPySSLObject(PySocketSockObject *Sock,
+ 
+     if (certreq != PY_SSL_CERT_NONE) {
+         if (cacerts_file == NULL) {
+-            errstr = ERRSTR("No root certificates specified for "
+-                            "verification of other-side certificates.");
+-            goto fail;
+-        } else {
+             PySSL_BEGIN_ALLOW_THREADS
 -            ret = SSL_CTX_load_verify_locations(self->ctx,
 -                                                cacerts_file,
 -                                                NULL);
-            PySSL_END_ALLOW_THREADS
+            ret = SSL_CTX_set_default_verify_paths(self->ctx);
+             PySSL_END_ALLOW_THREADS
+-            if (ret != 1) {
+-                _setSSLError(NULL, 0, __FILE__, __LINE__);
+-                goto fail;
+        } else {
 +            /* If cacerts_file is a directory-based cert store, pass it as the
 +               third parameter, CApath, instead
 +            */
@ -32,8 +43,13 @@
 +                                                    cacerts_file,
 +                                                    NULL);
 +                PySSL_END_ALLOW_THREADS
-+            }
+             }
+         }
 +
-             if (ret != 1) {
-                 _setSSLError(NULL, 0, __FILE__, __LINE__);
-                 goto fail;
+        if (ret != 1) {
+            _setSSLError(NULL, 0, __FILE__, __LINE__);
+            goto fail;
+        }
+     }
+     if (key_file) {
+         PySSL_BEGIN_ALLOW_THREADS
--- a/python.changes
+++ b/python.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Aug 26 13:55:35 UTC 2013 - lnussel@suse.de
+
+- update python-2.7.3-ssl_ca_path.patch patch to load default verify locations
+  if no ca_certs file is specified (bnc#827982, bnc#836739)
+
 -------------------------------------------------------------------
 Fri Aug 16 11:25:49 UTC 2013 - jmatejek@suse.com