71551512cd
* bugfix-only release, over a hundred bugs fixed * backported hmac.compare_digest from python3, first step of PEP 466 - drop upstreamed patches: * CVE-2014-1912-recvfrom_into.patch * python-2.7.4-no-REUSEPORT.patch * python-2.7.6-bdist-rpm.patch * python-2.7.6-imaplib.patch * python-2.7.6-sqlite-3.8.4-tests.patch - refresh patches: * python-2.7.3-ssl_ca_path.patch * python-2.7.4-canonicalize2.patch * xmlrpc_gzip_27.patch - added python keyring and signature for the main tarball - update to 2.7.7 - update to 2.7.7 * bugfix-only release, over a hundred bugs fixed OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=165
56 lines
2.2 KiB
Diff
56 lines
2.2 KiB
Diff
Index: Python-2.7.7/Modules/_ssl.c
|
|
===================================================================
|
|
--- Python-2.7.7.orig/Modules/_ssl.c 2014-06-20 14:34:28.157656595 +0200
|
|
+++ Python-2.7.7/Modules/_ssl.c 2014-06-20 14:35:20.092929774 +0200
|
|
@@ -273,6 +273,7 @@
|
|
char *errstr = NULL;
|
|
int ret;
|
|
int verification_mode;
|
|
+ struct stat stat_buf;
|
|
long options;
|
|
|
|
self = PyObject_New(PySSLObject, &PySSL_Type); /* Create new object */
|
|
@@ -331,20 +332,32 @@
|
|
|
|
if (certreq != PY_SSL_CERT_NONE) {
|
|
if (cacerts_file == NULL) {
|
|
- errstr = ERRSTR("No root certificates specified for "
|
|
- "verification of other-side certificates.");
|
|
- goto fail;
|
|
- } else {
|
|
PySSL_BEGIN_ALLOW_THREADS
|
|
- ret = SSL_CTX_load_verify_locations(self->ctx,
|
|
- cacerts_file,
|
|
- NULL);
|
|
+ ret = SSL_CTX_set_default_verify_paths(self->ctx);
|
|
PySSL_END_ALLOW_THREADS
|
|
- if (ret != 1) {
|
|
- _setSSLError(NULL, 0, __FILE__, __LINE__);
|
|
- goto fail;
|
|
+ } else {
|
|
+ /* If cacerts_file is a directory-based cert store, pass it as the
|
|
+ third parameter, CApath, instead
|
|
+ */
|
|
+ if (stat(cacerts_file, &stat_buf) == 0 && S_ISDIR(stat_buf.st_mode)) {
|
|
+ PySSL_BEGIN_ALLOW_THREADS
|
|
+ ret = SSL_CTX_load_verify_locations(self->ctx,
|
|
+ NULL,
|
|
+ cacerts_file);
|
|
+ PySSL_END_ALLOW_THREADS
|
|
+ } else {
|
|
+ PySSL_BEGIN_ALLOW_THREADS
|
|
+ ret = SSL_CTX_load_verify_locations(self->ctx,
|
|
+ cacerts_file,
|
|
+ NULL);
|
|
+ PySSL_END_ALLOW_THREADS
|
|
}
|
|
}
|
|
+
|
|
+ if (ret != 1) {
|
|
+ _setSSLError(NULL, 0, __FILE__, __LINE__);
|
|
+ goto fail;
|
|
+ }
|
|
}
|
|
if (key_file) {
|
|
PySSL_BEGIN_ALLOW_THREADS
|