pool/python
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 121399 from devel:languages:python:Factory

Browse Source 
Part of proposed fix for bnc#761501 - Add support for loading directory-based certificate stores in ssl module (forwarded request 121341 from jimfunk)

OBS-URL: https://build.opensuse.org/request/show/121399
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python?expand=0&rev=81
This commit is contained in:
Stephan Kulow 2012-05-21 08:02:05 +00:00 committed by Git OBS Bridge
commit 92fe0fcc05
7 changed files with 74 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
python-2.7.3-ssl_ca_path.patch Normal file
View File

@ -0,0 +1,41 @@
Index: Modules/_ssl.c
===================================================================
--- Modules/_ssl.c.orig
+++ Modules/_ssl.c
@@ -271,6 +271,7 @@ newPySSLObject(PySocketSockObject *Sock,
char *errstr = NULL;
int ret;
int verification_mode;
+ struct stat stat_buf;
self = PyObject_New(PySSLObject, &PySSL_Type); /* Create new object */
if (self == NULL)
@@ -331,11 +332,23 @@ newPySSLObject(PySocketSockObject *Sock,
"verification of other-side certificates.");
goto fail;
} else {
- PySSL_BEGIN_ALLOW_THREADS
- ret = SSL_CTX_load_verify_locations(self->ctx,
- cacerts_file,
- NULL);
- PySSL_END_ALLOW_THREADS
+ /* If cacerts_file is a directory-based cert store, pass it as the
+ third parameter, CApath, instead
+ */
+ if (stat(cacerts_file, &stat_buf) == 0 && S_ISDIR(stat_buf.st_mode)) {
+ PySSL_BEGIN_ALLOW_THREADS
+ ret = SSL_CTX_load_verify_locations(self->ctx,
+ NULL,
+ cacerts_file);
+ PySSL_END_ALLOW_THREADS
+ } else {
+ PySSL_BEGIN_ALLOW_THREADS
+ ret = SSL_CTX_load_verify_locations(self->ctx,
+ cacerts_file,
+ NULL);
+ PySSL_END_ALLOW_THREADS
+ }
+
if (ret != 1) {
_setSSLError(NULL, 0, __FILE__, __LINE__);
goto fail;

6
python-base.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Thu May 17 17:49:31 UTC 2012 - jfunk@funktronics.ca
- Support directory-based certificate stores with the ca_certs parameter of SSL
functions [bnc#761501]
-------------------------------------------------------------------
Sat Apr 14 08:57:46 UTC 2012 - dmueller@suse.com

3
python-base.spec
View File

@ -48,6 +48,8 @@ Patch13: python-2.7.2-fix_date_time_compiler.patch
Patch15: python-2.7.2-disable-tests-in-test_io.patch
Patch16: pypirc-secure.diff
Patch17: remove-static-libpython.diff
# PATCH-FIX-OPENSUSE python-2.7.3-ssl_ca_path.patch [bnc#761501] -- Support directory-based certificate stores with the ca_certs parameter of SSL functions
Patch18: python-2.7.3-ssl_ca_path.patch
# COMMON-PATCH-END
%define python_version %(echo %{tarversion} | head -c 3)
BuildRequires: automake
@ -133,6 +135,7 @@ other applications.
%endif
%patch16 -p1
%patch17
%patch18
# COMMON-PREP-END
# drop Autoconf version requirement

6
python-doc.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Thu May 17 17:49:31 UTC 2012 - jfunk@funktronics.ca
- Support directory-based certificate stores with the ca_certs parameter of SSL
functions [bnc#761501]
-------------------------------------------------------------------
Mon Nov 28 09:21:32 UTC 2011 - saschpe@suse.de

3
python-doc.spec
View File

@ -44,6 +44,8 @@ Patch13: python-2.7.2-fix_date_time_compiler.patch
Patch15: python-2.7.2-disable-tests-in-test_io.patch
Patch16: pypirc-secure.diff
Patch17: remove-static-libpython.diff
# PATCH-FIX-OPENSUSE python-2.7.3-ssl_ca_path.patch [bnc#761501] -- Support directory-based certificate stores with the ca_certs parameter of SSL functions
Patch18: python-2.7.3-ssl_ca_path.patch
# COMMON-PATCH-END
Provides: pyth_doc
Provides: pyth_ps
@ -90,6 +92,7 @@ Python, and Macintosh Module Reference in PDF format.
%endif
%patch16 -p1
%patch17
%patch18
# COMMON-PREP-END
%build

11
python.changes
View File

@ -1,3 +1,14 @@
-------------------------------------------------------------------
Thu May 17 17:49:31 UTC 2012 - jfunk@funktronics.ca
- Support directory-based certificate stores with the ca_certs parameter of SSL
functions [bnc#761501]
-------------------------------------------------------------------
Tue May 15 14:17:43 UTC 2012 - jmatejek@suse.com
- enabled some tests
-------------------------------------------------------------------
Thu Dec 8 13:30:29 UTC 2011 - jmatejek@suse.com

5
python.spec
View File

@ -52,6 +52,8 @@ Patch13: python-2.7.2-fix_date_time_compiler.patch
Patch15: python-2.7.2-disable-tests-in-test_io.patch
Patch16: pypirc-secure.diff
Patch17: remove-static-libpython.diff
# PATCH-FIX-OPENSUSE python-2.7.3-ssl_ca_path.patch [bnc#761501] -- Support directory-based certificate stores with the ca_certs parameter of SSL functions
Patch18: python-2.7.3-ssl_ca_path.patch
# COMMON-PATCH-END
BuildRequires: automake
BuildRequires: db-devel
@ -173,6 +175,7 @@ implementation of the standard Unix DBM databases.
%endif
%patch16 -p1
%patch17
%patch18
# COMMON-PREP-END
# drop Autoconf version requirement
@ -210,7 +213,7 @@ make %{?_smp_mflags}
if test $(ulimit -v) = unlimited || test $(ulimit -v) -gt 10000000; then
ulimit -v 10000000 || :
fi
LIST="test_urllib test_ssl test_hashlib test_hmac test_urllib2_localnet test_unicodedata test_tarfile test_sqlite test_tcl test_anydbm test_dumbdbm test_gdbm test_whichdb test_tk test_ttk_textonly test_bsddb test_readline "
LIST="test_urllib test_ssl test_hashlib test_hmac test_urllib2_localnet test_unicodedata test_tarfile test_sqlite test_tcl test_dbm test_anydbm test_dumbdbm test_gdbm test_whichdb test_tk test_ttk_textonly test_bsddb test_bsddb3 test_readline"
make test TESTOPTS="$LIST" TESTPYTHONOPTS="-R"
%endif