Yamashita, Yuu
8 years ago
1 changed files with 91 additions and 0 deletions
Split View
Diff Options
-
+91 -0plugins/python-build/share/python-build/patches/2.6.9/Python-2.6.9/010_ssl_no_ssl2_no_ssl3.patch
+ 91
- 0
plugins/python-build/share/python-build/patches/2.6.9/Python-2.6.9/010_ssl_no_ssl2_no_ssl3.patch
View File
| @ -0,0 +1,91 @@ | |||
| diff -r -u ../Python-2.6.9.orig/Lib/ssl.py ./Lib/ssl.py | |||
| --- ../Python-2.6.9.orig/Lib/ssl.py 2013-10-29 15:04:37.000000000 +0000 | |||
| +++ ./Lib/ssl.py 2015-12-18 14:39:22.213215077 +0000 | |||
| @@ -61,18 +61,24 @@ | |||
| from _ssl import SSLError | |||
| from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED | |||
| -from _ssl import PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 | |||
| -from _ssl import RAND_status, RAND_egd, RAND_add | |||
| -from _ssl import \ | |||
| - SSL_ERROR_ZERO_RETURN, \ | |||
| - SSL_ERROR_WANT_READ, \ | |||
| - SSL_ERROR_WANT_WRITE, \ | |||
| - SSL_ERROR_WANT_X509_LOOKUP, \ | |||
| - SSL_ERROR_SYSCALL, \ | |||
| - SSL_ERROR_SSL, \ | |||
| - SSL_ERROR_WANT_CONNECT, \ | |||
| - SSL_ERROR_EOF, \ | |||
| - SSL_ERROR_INVALID_ERROR_CODE | |||
| +from _ssl import RAND_status, RAND_add | |||
| +try: | |||
| + from _ssl import RAND_egd | |||
| +except ImportError: | |||
| + # LibreSSL does not provide RAND_egd | |||
| + pass | |||
| + | |||
| +def _import_symbols(prefix): | |||
| + for n in dir(_ssl): | |||
| + if n.startswith(prefix): | |||
| + globals()[n] = getattr(_ssl, n) | |||
| + | |||
| +_import_symbols('OP_') | |||
| +_import_symbols('ALERT_DESCRIPTION_') | |||
| +_import_symbols('SSL_ERROR_') | |||
| +_import_symbols('PROTOCOL_') | |||
| + | |||
| +_PROTOCOL_NAMES = dict([(value, name) for name, value in globals().items() if name.startswith('PROTOCOL_')]) | |||
| from socket import socket, _fileobject, _delegate_methods | |||
| from socket import error as socket_error | |||
| @@ -382,7 +388,7 @@ | |||
| d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] | |||
| return base64.decodestring(d) | |||
| -def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): | |||
| +def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): | |||
| """Retrieve the certificate from the server at the specified address, | |||
| and return it as a PEM-encoded string. | |||
| diff -r -u ../Python-2.6.9.orig/Modules/_ssl.c ./Modules/_ssl.c | |||
| --- ../Python-2.6.9.orig/Modules/_ssl.c 2013-10-29 15:04:38.000000000 +0000 | |||
| +++ ./Modules/_ssl.c 2015-12-18 14:32:08.051962468 +0000 | |||
| @@ -62,8 +62,12 @@ | |||
| }; | |||
| enum py_ssl_version { | |||
| +#ifndef OPENSSL_NO_SSL2 | |||
| PY_SSL_VERSION_SSL2, | |||
| +#endif | |||
| +#ifndef OPENSSL_NO_SSL3 | |||
| PY_SSL_VERSION_SSL3, | |||
| +#endif | |||
| PY_SSL_VERSION_SSL23, | |||
| PY_SSL_VERSION_TLS1 | |||
| }; | |||
| @@ -300,8 +304,10 @@ | |||
| PySSL_BEGIN_ALLOW_THREADS | |||
| if (proto_version == PY_SSL_VERSION_TLS1) | |||
| self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ | |||
| +#ifndef OPENSSL_NO_SSL3 | |||
| else if (proto_version == PY_SSL_VERSION_SSL3) | |||
| self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ | |||
| +#endif | |||
| #ifndef OPENSSL_NO_SSL2 | |||
| else if (proto_version == PY_SSL_VERSION_SSL2) | |||
| self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ | |||
| @@ -1746,10 +1752,14 @@ | |||
| PY_SSL_CERT_REQUIRED); | |||
| /* protocol versions */ | |||
| +#ifndef OPENSSL_NO_SSL2 | |||
| PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", | |||
| PY_SSL_VERSION_SSL2); | |||
| +#endif | |||
| +#ifndef OPENSSL_NO_SSL3 | |||
| PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", | |||
| PY_SSL_VERSION_SSL3); | |||
| +#endif | |||
| PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", | |||
| PY_SSL_VERSION_SSL23); | |||
| PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", | |||