From 86253c9ef6b6bddfbc625edbabf51bd9dc67d8b182efbed3c4bb0fca453f0594 Mon Sep 17 00:00:00 2001 From: Jan Matejek Date: Fri, 18 May 2012 12:22:20 +0000 Subject: [PATCH] Accepting request 121341 from home:jimfunk:branches:devel:languages:python:Factory Part of proposed fix for bnc#761501 - Add support for loading directory-based certificate stores in ssl module OBS-URL: https://build.opensuse.org/request/show/121341 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=122 --- python-2.7.3-ssl_ca_path.patch | 41 ++++++++++++++++++++++++++++++++++ python-base.changes | 6 +++++ python-base.spec | 3 +++ python-doc.changes | 6 +++++ python-doc.spec | 3 +++ python.changes | 6 +++++ python.spec | 3 +++ 7 files changed, 68 insertions(+) create mode 100644 python-2.7.3-ssl_ca_path.patch diff --git a/python-2.7.3-ssl_ca_path.patch b/python-2.7.3-ssl_ca_path.patch new file mode 100644 index 0000000..54ba2de --- /dev/null +++ b/python-2.7.3-ssl_ca_path.patch @@ -0,0 +1,41 @@ +Index: Modules/_ssl.c +=================================================================== +--- Modules/_ssl.c.orig ++++ Modules/_ssl.c +@@ -271,6 +271,7 @@ newPySSLObject(PySocketSockObject *Sock, + char *errstr = NULL; + int ret; + int verification_mode; ++ struct stat stat_buf; + + self = PyObject_New(PySSLObject, &PySSL_Type); /* Create new object */ + if (self == NULL) +@@ -331,11 +332,23 @@ newPySSLObject(PySocketSockObject *Sock, + "verification of other-side certificates."); + goto fail; + } else { +- PySSL_BEGIN_ALLOW_THREADS +- ret = SSL_CTX_load_verify_locations(self->ctx, +- cacerts_file, +- NULL); +- PySSL_END_ALLOW_THREADS ++ /* If cacerts_file is a directory-based cert store, pass it as the ++ third parameter, CApath, instead ++ */ ++ if (stat(cacerts_file, &stat_buf) == 0 && S_ISDIR(stat_buf.st_mode)) { ++ PySSL_BEGIN_ALLOW_THREADS ++ ret = SSL_CTX_load_verify_locations(self->ctx, ++ NULL, ++ cacerts_file); ++ PySSL_END_ALLOW_THREADS ++ } else { ++ PySSL_BEGIN_ALLOW_THREADS ++ ret = SSL_CTX_load_verify_locations(self->ctx, ++ cacerts_file, ++ NULL); ++ PySSL_END_ALLOW_THREADS ++ } ++ + if (ret != 1) { + _setSSLError(NULL, 0, __FILE__, __LINE__); + goto fail; diff --git a/python-base.changes b/python-base.changes index 944a1b9..017bd72 100644 --- a/python-base.changes +++ b/python-base.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu May 17 17:49:31 UTC 2012 - jfunk@funktronics.ca + +- Support directory-based certificate stores with the ca_certs parameter of SSL + functions [bnc#761501] + ------------------------------------------------------------------- Sat Apr 14 08:57:46 UTC 2012 - dmueller@suse.com diff --git a/python-base.spec b/python-base.spec index e0e7cf1..0788801 100644 --- a/python-base.spec +++ b/python-base.spec @@ -48,6 +48,8 @@ Patch13: python-2.7.2-fix_date_time_compiler.patch Patch15: python-2.7.2-disable-tests-in-test_io.patch Patch16: pypirc-secure.diff Patch17: remove-static-libpython.diff +# PATCH-FIX-OPENSUSE python-2.7.3-ssl_ca_path.patch [bnc#761501] -- Support directory-based certificate stores with the ca_certs parameter of SSL functions +Patch18: python-2.7.3-ssl_ca_path.patch # COMMON-PATCH-END %define python_version %(echo %{tarversion} | head -c 3) BuildRequires: automake @@ -133,6 +135,7 @@ other applications. %endif %patch16 -p1 %patch17 +%patch18 # COMMON-PREP-END # drop Autoconf version requirement diff --git a/python-doc.changes b/python-doc.changes index 1597f7e..39ef58f 100644 --- a/python-doc.changes +++ b/python-doc.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu May 17 17:49:31 UTC 2012 - jfunk@funktronics.ca + +- Support directory-based certificate stores with the ca_certs parameter of SSL + functions [bnc#761501] + ------------------------------------------------------------------- Mon Nov 28 09:21:32 UTC 2011 - saschpe@suse.de diff --git a/python-doc.spec b/python-doc.spec index a3ed44d..8b14d16 100644 --- a/python-doc.spec +++ b/python-doc.spec @@ -44,6 +44,8 @@ Patch13: python-2.7.2-fix_date_time_compiler.patch Patch15: python-2.7.2-disable-tests-in-test_io.patch Patch16: pypirc-secure.diff Patch17: remove-static-libpython.diff +# PATCH-FIX-OPENSUSE python-2.7.3-ssl_ca_path.patch [bnc#761501] -- Support directory-based certificate stores with the ca_certs parameter of SSL functions +Patch18: python-2.7.3-ssl_ca_path.patch # COMMON-PATCH-END Provides: pyth_doc Provides: pyth_ps @@ -90,6 +92,7 @@ Python, and Macintosh Module Reference in PDF format. %endif %patch16 -p1 %patch17 +%patch18 # COMMON-PREP-END %build diff --git a/python.changes b/python.changes index 2e1e344..67a617d 100644 --- a/python.changes +++ b/python.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu May 17 17:49:31 UTC 2012 - jfunk@funktronics.ca + +- Support directory-based certificate stores with the ca_certs parameter of SSL + functions [bnc#761501] + ------------------------------------------------------------------- Tue May 15 14:17:43 UTC 2012 - jmatejek@suse.com diff --git a/python.spec b/python.spec index 9d38677..b3f965d 100644 --- a/python.spec +++ b/python.spec @@ -52,6 +52,8 @@ Patch13: python-2.7.2-fix_date_time_compiler.patch Patch15: python-2.7.2-disable-tests-in-test_io.patch Patch16: pypirc-secure.diff Patch17: remove-static-libpython.diff +# PATCH-FIX-OPENSUSE python-2.7.3-ssl_ca_path.patch [bnc#761501] -- Support directory-based certificate stores with the ca_certs parameter of SSL functions +Patch18: python-2.7.3-ssl_ca_path.patch # COMMON-PATCH-END BuildRequires: automake BuildRequires: db-devel @@ -173,6 +175,7 @@ implementation of the standard Unix DBM databases. %endif %patch16 -p1 %patch17 +%patch18 # COMMON-PREP-END # drop Autoconf version requirement