isprogram
/
pyenv
mirror of https://github.com/pyenv/pyenv.git
1
0
Fork 0
Code Issues 0 Projects 0 Releases 181 Wiki Activity
Browse Source

Add `OPENSSL_NO_SSL3` patch for 3.2.3 .. 3.2.6

pull/510/head
Yamashita, Yuu 8 years ago
parent
dc4b355aad
commit
58275fc52b
4 changed files with 400 additions and 0 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +100
    -0
      plugins/python-build/share/python-build/patches/3.2.3/Python-3.2.3/010_ssl_no_ssl3.patch
  2. +100
    -0
      plugins/python-build/share/python-build/patches/3.2.4/Python-3.2.4/010_ssl_no_ssl3.patch
  3. +100
    -0
      plugins/python-build/share/python-build/patches/3.2.5/Python-3.2.5/010_ssl_no_ssl3.patch
  4. +100
    -0
      plugins/python-build/share/python-build/patches/3.2.6/Python-3.2.6/010_ssl_no_ssl3.patch

+ 100
- 0
plugins/python-build/share/python-build/patches/3.2.3/Python-3.2.3/010_ssl_no_ssl3.patch View File

@ -0,0 +1,100 @@
diff -r -u ../Python-3.2.6.orig/Lib/ssl.py ./Lib/ssl.py
--- ../Python-3.2.6.orig/Lib/ssl.py 2014-10-12 06:52:02.000000000 +0000
+++ ./Lib/ssl.py 2015-12-20 06:40:11.895384463 +0000
@@ -62,35 +62,30 @@
from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION
from _ssl import _SSLContext, SSLError
from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
-from _ssl import OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1
from _ssl import RAND_status, RAND_egd, RAND_add
-from _ssl import (
- SSL_ERROR_ZERO_RETURN,
- SSL_ERROR_WANT_READ,
- SSL_ERROR_WANT_WRITE,
- SSL_ERROR_WANT_X509_LOOKUP,
- SSL_ERROR_SYSCALL,
- SSL_ERROR_SSL,
- SSL_ERROR_WANT_CONNECT,
- SSL_ERROR_EOF,
- SSL_ERROR_INVALID_ERROR_CODE,
- )
+try:
+ from _ssl import RAND_egd
+except ImportError:
+ # LibreSSL does not provide RAND_egd
+ pass
+
+def _import_symbols(prefix):
+ for n in dir(_ssl):
+ if n.startswith(prefix):
+ globals()[n] = getattr(_ssl, n)
+
+_import_symbols('OP_')
+_import_symbols('SSL_ERROR_')
+_import_symbols('PROTOCOL_')
+
from _ssl import HAS_SNI
-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
from _ssl import _OPENSSL_API_VERSION
-_PROTOCOL_NAMES = {
- PROTOCOL_TLSv1: "TLSv1",
- PROTOCOL_SSLv23: "SSLv23",
- PROTOCOL_SSLv3: "SSLv3",
-}
+_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')}
try:
- from _ssl import PROTOCOL_SSLv2
_SSLv2_IF_EXISTS = PROTOCOL_SSLv2
-except ImportError:
+except NameError:
_SSLv2_IF_EXISTS = None
-else:
- _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2"
from socket import getnameinfo as _getnameinfo
from socket import error as socket_error
@@ -557,7 +552,7 @@
d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
return base64.decodebytes(d.encode('ASCII', 'strict'))
-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
"""Retrieve the certificate from the server at the specified address,
and return it as a PEM-encoded string.
If 'ca_certs' is specified, validate the server cert against it.
diff -r -u ../Python-3.2.6.orig/Modules/_ssl.c ./Modules/_ssl.c
--- ../Python-3.2.6.orig/Modules/_ssl.c 2014-10-12 06:52:03.000000000 +0000
+++ ./Modules/_ssl.c 2015-12-20 06:37:10.124337227 +0000
@@ -66,7 +66,9 @@
#ifndef OPENSSL_NO_SSL2
PY_SSL_VERSION_SSL2,
#endif
+#ifndef OPENSSL_NO_SSL3
PY_SSL_VERSION_SSL3=1,
+#endif
PY_SSL_VERSION_SSL23,
PY_SSL_VERSION_TLS1
};
@@ -1512,8 +1514,10 @@
PySSL_BEGIN_ALLOW_THREADS
if (proto_version == PY_SSL_VERSION_TLS1)
ctx = SSL_CTX_new(TLSv1_method());
+#ifndef OPENSSL_NO_SSL3
else if (proto_version == PY_SSL_VERSION_SSL3)
ctx = SSL_CTX_new(SSLv3_method());
+#endif
#ifndef OPENSSL_NO_SSL2
else if (proto_version == PY_SSL_VERSION_SSL2)
ctx = SSL_CTX_new(SSLv2_method());
@@ -2199,8 +2203,10 @@
PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
PY_SSL_VERSION_SSL2);
#endif
+#ifndef OPENSSL_NO_SSL3
PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
PY_SSL_VERSION_SSL3);
+#endif
PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
PY_SSL_VERSION_SSL23);
PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",

+ 100
- 0
plugins/python-build/share/python-build/patches/3.2.4/Python-3.2.4/010_ssl_no_ssl3.patch View File

@ -0,0 +1,100 @@
diff -r -u ../Python-3.2.6.orig/Lib/ssl.py ./Lib/ssl.py
--- ../Python-3.2.6.orig/Lib/ssl.py 2014-10-12 06:52:02.000000000 +0000
+++ ./Lib/ssl.py 2015-12-20 06:40:11.895384463 +0000
@@ -62,35 +62,30 @@
from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION
from _ssl import _SSLContext, SSLError
from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
-from _ssl import OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1
from _ssl import RAND_status, RAND_egd, RAND_add
-from _ssl import (
- SSL_ERROR_ZERO_RETURN,
- SSL_ERROR_WANT_READ,
- SSL_ERROR_WANT_WRITE,
- SSL_ERROR_WANT_X509_LOOKUP,
- SSL_ERROR_SYSCALL,
- SSL_ERROR_SSL,
- SSL_ERROR_WANT_CONNECT,
- SSL_ERROR_EOF,
- SSL_ERROR_INVALID_ERROR_CODE,
- )
+try:
+ from _ssl import RAND_egd
+except ImportError:
+ # LibreSSL does not provide RAND_egd
+ pass
+
+def _import_symbols(prefix):
+ for n in dir(_ssl):
+ if n.startswith(prefix):
+ globals()[n] = getattr(_ssl, n)
+
+_import_symbols('OP_')
+_import_symbols('SSL_ERROR_')
+_import_symbols('PROTOCOL_')
+
from _ssl import HAS_SNI
-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
from _ssl import _OPENSSL_API_VERSION
-_PROTOCOL_NAMES = {
- PROTOCOL_TLSv1: "TLSv1",
- PROTOCOL_SSLv23: "SSLv23",
- PROTOCOL_SSLv3: "SSLv3",
-}
+_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')}
try:
- from _ssl import PROTOCOL_SSLv2
_SSLv2_IF_EXISTS = PROTOCOL_SSLv2
-except ImportError:
+except NameError:
_SSLv2_IF_EXISTS = None
-else:
- _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2"
from socket import getnameinfo as _getnameinfo
from socket import error as socket_error
@@ -557,7 +552,7 @@
d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
return base64.decodebytes(d.encode('ASCII', 'strict'))
-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
"""Retrieve the certificate from the server at the specified address,
and return it as a PEM-encoded string.
If 'ca_certs' is specified, validate the server cert against it.
diff -r -u ../Python-3.2.6.orig/Modules/_ssl.c ./Modules/_ssl.c
--- ../Python-3.2.6.orig/Modules/_ssl.c 2014-10-12 06:52:03.000000000 +0000
+++ ./Modules/_ssl.c 2015-12-20 06:37:10.124337227 +0000
@@ -66,7 +66,9 @@
#ifndef OPENSSL_NO_SSL2
PY_SSL_VERSION_SSL2,
#endif
+#ifndef OPENSSL_NO_SSL3
PY_SSL_VERSION_SSL3=1,
+#endif
PY_SSL_VERSION_SSL23,
PY_SSL_VERSION_TLS1
};
@@ -1512,8 +1514,10 @@
PySSL_BEGIN_ALLOW_THREADS
if (proto_version == PY_SSL_VERSION_TLS1)
ctx = SSL_CTX_new(TLSv1_method());
+#ifndef OPENSSL_NO_SSL3
else if (proto_version == PY_SSL_VERSION_SSL3)
ctx = SSL_CTX_new(SSLv3_method());
+#endif
#ifndef OPENSSL_NO_SSL2
else if (proto_version == PY_SSL_VERSION_SSL2)
ctx = SSL_CTX_new(SSLv2_method());
@@ -2199,8 +2203,10 @@
PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
PY_SSL_VERSION_SSL2);
#endif
+#ifndef OPENSSL_NO_SSL3
PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
PY_SSL_VERSION_SSL3);
+#endif
PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
PY_SSL_VERSION_SSL23);
PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",

+ 100
- 0
plugins/python-build/share/python-build/patches/3.2.5/Python-3.2.5/010_ssl_no_ssl3.patch View File

@ -0,0 +1,100 @@
diff -r -u ../Python-3.2.6.orig/Lib/ssl.py ./Lib/ssl.py
--- ../Python-3.2.6.orig/Lib/ssl.py 2014-10-12 06:52:02.000000000 +0000
+++ ./Lib/ssl.py 2015-12-20 06:40:11.895384463 +0000
@@ -62,35 +62,30 @@
from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION
from _ssl import _SSLContext, SSLError
from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
-from _ssl import OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1
from _ssl import RAND_status, RAND_egd, RAND_add
-from _ssl import (
- SSL_ERROR_ZERO_RETURN,
- SSL_ERROR_WANT_READ,
- SSL_ERROR_WANT_WRITE,
- SSL_ERROR_WANT_X509_LOOKUP,
- SSL_ERROR_SYSCALL,
- SSL_ERROR_SSL,
- SSL_ERROR_WANT_CONNECT,
- SSL_ERROR_EOF,
- SSL_ERROR_INVALID_ERROR_CODE,
- )
+try:
+ from _ssl import RAND_egd
+except ImportError:
+ # LibreSSL does not provide RAND_egd
+ pass
+
+def _import_symbols(prefix):
+ for n in dir(_ssl):
+ if n.startswith(prefix):
+ globals()[n] = getattr(_ssl, n)
+
+_import_symbols('OP_')
+_import_symbols('SSL_ERROR_')
+_import_symbols('PROTOCOL_')
+
from _ssl import HAS_SNI
-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
from _ssl import _OPENSSL_API_VERSION
-_PROTOCOL_NAMES = {
- PROTOCOL_TLSv1: "TLSv1",
- PROTOCOL_SSLv23: "SSLv23",
- PROTOCOL_SSLv3: "SSLv3",
-}
+_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')}
try:
- from _ssl import PROTOCOL_SSLv2
_SSLv2_IF_EXISTS = PROTOCOL_SSLv2
-except ImportError:
+except NameError:
_SSLv2_IF_EXISTS = None
-else:
- _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2"
from socket import getnameinfo as _getnameinfo
from socket import error as socket_error
@@ -557,7 +552,7 @@
d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
return base64.decodebytes(d.encode('ASCII', 'strict'))
-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
"""Retrieve the certificate from the server at the specified address,
and return it as a PEM-encoded string.
If 'ca_certs' is specified, validate the server cert against it.
diff -r -u ../Python-3.2.6.orig/Modules/_ssl.c ./Modules/_ssl.c
--- ../Python-3.2.6.orig/Modules/_ssl.c 2014-10-12 06:52:03.000000000 +0000
+++ ./Modules/_ssl.c 2015-12-20 06:37:10.124337227 +0000
@@ -66,7 +66,9 @@
#ifndef OPENSSL_NO_SSL2
PY_SSL_VERSION_SSL2,
#endif
+#ifndef OPENSSL_NO_SSL3
PY_SSL_VERSION_SSL3=1,
+#endif
PY_SSL_VERSION_SSL23,
PY_SSL_VERSION_TLS1
};
@@ -1512,8 +1514,10 @@
PySSL_BEGIN_ALLOW_THREADS
if (proto_version == PY_SSL_VERSION_TLS1)
ctx = SSL_CTX_new(TLSv1_method());
+#ifndef OPENSSL_NO_SSL3
else if (proto_version == PY_SSL_VERSION_SSL3)
ctx = SSL_CTX_new(SSLv3_method());
+#endif
#ifndef OPENSSL_NO_SSL2
else if (proto_version == PY_SSL_VERSION_SSL2)
ctx = SSL_CTX_new(SSLv2_method());
@@ -2199,8 +2203,10 @@
PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
PY_SSL_VERSION_SSL2);
#endif
+#ifndef OPENSSL_NO_SSL3
PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
PY_SSL_VERSION_SSL3);
+#endif
PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
PY_SSL_VERSION_SSL23);
PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",

+ 100
- 0
plugins/python-build/share/python-build/patches/3.2.6/Python-3.2.6/010_ssl_no_ssl3.patch View File

@ -0,0 +1,100 @@
diff -r -u ../Python-3.2.6.orig/Lib/ssl.py ./Lib/ssl.py
--- ../Python-3.2.6.orig/Lib/ssl.py 2014-10-12 06:52:02.000000000 +0000
+++ ./Lib/ssl.py 2015-12-20 06:40:11.895384463 +0000
@@ -62,35 +62,30 @@
from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION
from _ssl import _SSLContext, SSLError
from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
-from _ssl import OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1
from _ssl import RAND_status, RAND_egd, RAND_add
-from _ssl import (
- SSL_ERROR_ZERO_RETURN,
- SSL_ERROR_WANT_READ,
- SSL_ERROR_WANT_WRITE,
- SSL_ERROR_WANT_X509_LOOKUP,
- SSL_ERROR_SYSCALL,
- SSL_ERROR_SSL,
- SSL_ERROR_WANT_CONNECT,
- SSL_ERROR_EOF,
- SSL_ERROR_INVALID_ERROR_CODE,
- )
+try:
+ from _ssl import RAND_egd
+except ImportError:
+ # LibreSSL does not provide RAND_egd
+ pass
+
+def _import_symbols(prefix):
+ for n in dir(_ssl):
+ if n.startswith(prefix):
+ globals()[n] = getattr(_ssl, n)
+
+_import_symbols('OP_')
+_import_symbols('SSL_ERROR_')
+_import_symbols('PROTOCOL_')
+
from _ssl import HAS_SNI
-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
from _ssl import _OPENSSL_API_VERSION
-_PROTOCOL_NAMES = {
- PROTOCOL_TLSv1: "TLSv1",
- PROTOCOL_SSLv23: "SSLv23",
- PROTOCOL_SSLv3: "SSLv3",
-}
+_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')}
try:
- from _ssl import PROTOCOL_SSLv2
_SSLv2_IF_EXISTS = PROTOCOL_SSLv2
-except ImportError:
+except NameError:
_SSLv2_IF_EXISTS = None
-else:
- _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2"
from socket import getnameinfo as _getnameinfo
from socket import error as socket_error
@@ -557,7 +552,7 @@
d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
return base64.decodebytes(d.encode('ASCII', 'strict'))
-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
"""Retrieve the certificate from the server at the specified address,
and return it as a PEM-encoded string.
If 'ca_certs' is specified, validate the server cert against it.
diff -r -u ../Python-3.2.6.orig/Modules/_ssl.c ./Modules/_ssl.c
--- ../Python-3.2.6.orig/Modules/_ssl.c 2014-10-12 06:52:03.000000000 +0000
+++ ./Modules/_ssl.c 2015-12-20 06:37:10.124337227 +0000
@@ -66,7 +66,9 @@
#ifndef OPENSSL_NO_SSL2
PY_SSL_VERSION_SSL2,
#endif
+#ifndef OPENSSL_NO_SSL3
PY_SSL_VERSION_SSL3=1,
+#endif
PY_SSL_VERSION_SSL23,
PY_SSL_VERSION_TLS1
};
@@ -1512,8 +1514,10 @@
PySSL_BEGIN_ALLOW_THREADS
if (proto_version == PY_SSL_VERSION_TLS1)
ctx = SSL_CTX_new(TLSv1_method());
+#ifndef OPENSSL_NO_SSL3
else if (proto_version == PY_SSL_VERSION_SSL3)
ctx = SSL_CTX_new(SSLv3_method());
+#endif
#ifndef OPENSSL_NO_SSL2
else if (proto_version == PY_SSL_VERSION_SSL2)
ctx = SSL_CTX_new(SSLv2_method());
@@ -2199,8 +2203,10 @@
PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
PY_SSL_VERSION_SSL2);
#endif
+#ifndef OPENSSL_NO_SSL3
PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
PY_SSL_VERSION_SSL3);
+#endif
PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
PY_SSL_VERSION_SSL23);
PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",

Write Preview
Loading…
Cancel
Save