Accepting request 121341 from home:jimfunk:branches:devel:languages:python:Factory

Part of proposed fix for bnc#761501 - Add support for loading directory-based certificate stores in ssl module OBS-URL: https://build.opensuse.org/request/show/121341 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=122
2012-05-18 12:22:20 +00:00 · 2012-05-18 12:22:20 +00:00 · 86253c9ef6
commit 86253c9ef6
parent d28ce9563c
7 changed files with 68 additions and 0 deletions
--- a/python-2.7.3-ssl_ca_path.patch
+++ b/python-2.7.3-ssl_ca_path.patch
@ -0,0 +1,41 @@
+Index: Modules/_ssl.c
+===================================================================
+--- Modules/_ssl.c.orig
+++ Modules/_ssl.c
+@@ -271,6 +271,7 @@ newPySSLObject(PySocketSockObject *Sock,
+     char *errstr = NULL;
+     int ret;
+     int verification_mode;
+    struct stat stat_buf;
+ 
+     self = PyObject_New(PySSLObject, &PySSL_Type); /* Create new object */
+     if (self == NULL)
+@@ -331,11 +332,23 @@ newPySSLObject(PySocketSockObject *Sock,
+                             "verification of other-side certificates.");
+             goto fail;
+         } else {
+-            PySSL_BEGIN_ALLOW_THREADS
+-            ret = SSL_CTX_load_verify_locations(self->ctx,
+-                                                cacerts_file,
+-                                                NULL);
+-            PySSL_END_ALLOW_THREADS
+            /* If cacerts_file is a directory-based cert store, pass it as the
+               third parameter, CApath, instead
+            */
+            if (stat(cacerts_file, &stat_buf) == 0 && S_ISDIR(stat_buf.st_mode)) {
+                PySSL_BEGIN_ALLOW_THREADS
+                ret = SSL_CTX_load_verify_locations(self->ctx,
+                                                    NULL,
+                                                    cacerts_file);
+                PySSL_END_ALLOW_THREADS
+            } else {
+                PySSL_BEGIN_ALLOW_THREADS
+                ret = SSL_CTX_load_verify_locations(self->ctx,
+                                                    cacerts_file,
+                                                    NULL);
+                PySSL_END_ALLOW_THREADS
+            }
+
+             if (ret != 1) {
+                 _setSSLError(NULL, 0, __FILE__, __LINE__);
+                 goto fail;
--- a/python-base.changes
+++ b/python-base.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu May 17 17:49:31 UTC 2012 - jfunk@funktronics.ca
+
+- Support directory-based certificate stores with the ca_certs parameter of SSL
+  functions [bnc#761501]
+
 -------------------------------------------------------------------
 Sat Apr 14 08:57:46 UTC 2012 - dmueller@suse.com

--- a/python-base.spec
+++ b/python-base.spec
@ -48,6 +48,8 @@ Patch13:        python-2.7.2-fix_date_time_compiler.patch
 Patch15:        python-2.7.2-disable-tests-in-test_io.patch
 Patch16:        pypirc-secure.diff
 Patch17:        remove-static-libpython.diff
+# PATCH-FIX-OPENSUSE python-2.7.3-ssl_ca_path.patch [bnc#761501] -- Support directory-based certificate stores with the ca_certs parameter of SSL functions
+Patch18:        python-2.7.3-ssl_ca_path.patch
 # COMMON-PATCH-END
 %define         python_version    %(echo %{tarversion} | head -c 3)
 BuildRequires:  automake
@ -133,6 +135,7 @@ other applications.
 %endif
 %patch16 -p1
 %patch17
+%patch18
 # COMMON-PREP-END

 # drop Autoconf version requirement
--- a/python-doc.changes
+++ b/python-doc.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu May 17 17:49:31 UTC 2012 - jfunk@funktronics.ca
+
+- Support directory-based certificate stores with the ca_certs parameter of SSL
+  functions [bnc#761501]
+
 -------------------------------------------------------------------
 Mon Nov 28 09:21:32 UTC 2011 - saschpe@suse.de

--- a/python-doc.spec
+++ b/python-doc.spec
@ -44,6 +44,8 @@ Patch13:        python-2.7.2-fix_date_time_compiler.patch
 Patch15:        python-2.7.2-disable-tests-in-test_io.patch
 Patch16:        pypirc-secure.diff
 Patch17:        remove-static-libpython.diff
+# PATCH-FIX-OPENSUSE python-2.7.3-ssl_ca_path.patch [bnc#761501] -- Support directory-based certificate stores with the ca_certs parameter of SSL functions
+Patch18:        python-2.7.3-ssl_ca_path.patch
 # COMMON-PATCH-END
 Provides:       pyth_doc
 Provides:       pyth_ps
@ -90,6 +92,7 @@ Python, and Macintosh Module Reference in PDF format.
 %endif
 %patch16 -p1
 %patch17
+%patch18
 # COMMON-PREP-END

 %build
--- a/python.changes
+++ b/python.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu May 17 17:49:31 UTC 2012 - jfunk@funktronics.ca
+
+- Support directory-based certificate stores with the ca_certs parameter of SSL
+  functions [bnc#761501]
+
 -------------------------------------------------------------------
 Tue May 15 14:17:43 UTC 2012 - jmatejek@suse.com

--- a/python.spec
+++ b/python.spec
@ -52,6 +52,8 @@ Patch13:        python-2.7.2-fix_date_time_compiler.patch
 Patch15:        python-2.7.2-disable-tests-in-test_io.patch
 Patch16:        pypirc-secure.diff
 Patch17:        remove-static-libpython.diff
+# PATCH-FIX-OPENSUSE python-2.7.3-ssl_ca_path.patch [bnc#761501] -- Support directory-based certificate stores with the ca_certs parameter of SSL functions
+Patch18:        python-2.7.3-ssl_ca_path.patch
 # COMMON-PATCH-END
 BuildRequires:  automake
 BuildRequires:  db-devel
@ -173,6 +175,7 @@ implementation of the standard Unix DBM databases.
 %endif
 %patch16 -p1
 %patch17
+%patch18
 # COMMON-PREP-END

 # drop Autoconf version requirement