pool/python
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 196445 from home:lnussel:branches:devel:languages:python:Factory

Browse Source 
- update python-2.7.3-ssl_ca_path.patch patch to load default verify locations
  if no ca_certs file is specified (bnc#827982, bnc#836739)

OBS-URL: https://build.opensuse.org/request/show/196445
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=149
This commit is contained in:
Jan Matejek 2013-08-26 15:45:18 +00:00 committed by Git OBS Bridge
parent 3b23ea3881
commit 88c9accd0a
2 changed files with 35 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
python-2.7.3-ssl_ca_path.patch
View File

@ -1,6 +1,8 @@
--- a/Modules/_ssl.c Index: Python-2.7.5/Modules/_ssl.c
+++ b/Modules/_ssl.c ===================================================================
@@ -271,6 +271,7 @@ --- Python-2.7.5.orig/Modules/_ssl.c
+++ Python-2.7.5/Modules/_ssl.c
@@ -271,6 +271,7 @@ newPySSLObject(PySocketSockObject *Sock,
char *errstr = NULL; char *errstr = NULL;
int ret; int ret;
int verification_mode; int verification_mode;
@ -8,15 +10,24 @@
self = PyObject_New(PySSLObject, &PySSL_Type); /* Create new object */ self = PyObject_New(PySSLObject, &PySSL_Type); /* Create new object */
if (self == NULL) if (self == NULL)
@@ -331,11 +332,23 @@ @@ -327,20 +328,32 @@ newPySSLObject(PySocketSockObject *Sock,
"verification of other-side certificates.");
goto fail; if (certreq != PY_SSL_CERT_NONE) {
} else { if (cacerts_file == NULL) {
- PySSL_BEGIN_ALLOW_THREADS - errstr = ERRSTR("No root certificates specified for "
- "verification of other-side certificates.");
- goto fail;
- } else {
PySSL_BEGIN_ALLOW_THREADS
- ret = SSL_CTX_load_verify_locations(self->ctx, - ret = SSL_CTX_load_verify_locations(self->ctx,
- cacerts_file, - cacerts_file,
- NULL); - NULL);
- PySSL_END_ALLOW_THREADS + ret = SSL_CTX_set_default_verify_paths(self->ctx);
PySSL_END_ALLOW_THREADS
- if (ret != 1) {
- _setSSLError(NULL, 0, __FILE__, __LINE__);
- goto fail;
+ } else {
+ /* If cacerts_file is a directory-based cert store, pass it as the + /* If cacerts_file is a directory-based cert store, pass it as the
+ third parameter, CApath, instead + third parameter, CApath, instead
+ */ + */
@ -32,8 +43,13 @@
+ cacerts_file, + cacerts_file,
+ NULL); + NULL);
+ PySSL_END_ALLOW_THREADS + PySSL_END_ALLOW_THREADS
+ } }
}
+ +
if (ret != 1) { + if (ret != 1) {
_setSSLError(NULL, 0, __FILE__, __LINE__); + _setSSLError(NULL, 0, __FILE__, __LINE__);
goto fail; + goto fail;
+ }
}
if (key_file) {
PySSL_BEGIN_ALLOW_THREADS

6
python.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Mon Aug 26 13:55:35 UTC 2013 - lnussel@suse.de
- update python-2.7.3-ssl_ca_path.patch patch to load default verify locations
if no ca_certs file is specified (bnc#827982, bnc#836739)
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Aug 16 11:25:49 UTC 2013 - jmatejek@suse.com Fri Aug 16 11:25:49 UTC 2013 - jmatejek@suse.com