[python/f21] Enable SSLv2 and SSLv3 when SSLv23_method is used

Robert Kuska rkuska at fedoraproject.org
Fri Jul 18 14:44:16 UTC 2014 

commit e0419e878a0bbf063bed8a8b54509a85196f7f9f
Author: Robert Kuska <rkuska at redhat.com>
Date:   Fri Jul 18 16:44:10 2014 +0200

    Enable SSLv2 and SSLv3 when SSLv23_method is used

 00195-enable-sslv23-in-ssl.patch |   15 +++++++++++++++
 python.spec                      |   12 +++++++++++-
 2 files changed, 26 insertions(+), 1 deletions(-)
---
diff --git a/00195-enable-sslv23-in-ssl.patch b/00195-enable-sslv23-in-ssl.patch
new file mode 100644
index 0000000..fcce84a
--- /dev/null
+++ b/00195-enable-sslv23-in-ssl.patch
@@ -0,0 +1,15 @@
+diff -up Python-2.7.8/Modules/_ssl.c.orig Python-2.7.8/Modules/_ssl.c
+--- Python-2.7.8/Modules/_ssl.c.orig	2014-07-17 14:17:32.584362667 +0200
++++ Python-2.7.8/Modules/_ssl.c	2014-07-17 14:17:38.215405930 +0200
+@@ -312,8 +312,10 @@ newPySSLObject(PySocketSockObject *Sock,
+     else if (proto_version == PY_SSL_VERSION_SSL2)
+         self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
+ #endif
+-    else if (proto_version == PY_SSL_VERSION_SSL23)
++    else if (proto_version == PY_SSL_VERSION_SSL23) {
+         self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
++        self->ctx->options &= ~(SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
++    }
+     PySSL_END_ALLOW_THREADS
+ 
+     if (self->ctx == NULL) {
diff --git a/python.spec b/python.spec
index bccb8be..b11a27c 100644
--- a/python.spec
+++ b/python.spec
@@ -106,7 +106,7 @@ Summary: An interpreted, interactive, object-oriented programming language
 Name: %{python}
 # Remember to also rebase python-docs when changing this:
 Version: 2.7.8
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: Python
 Group: Development/Languages
 Requires: %{python}-libs%{?_isa} = %{version}-%{release}
@@ -877,6 +877,12 @@ Patch193: 00193-enable-loading-sqlite-extensions.patch
 # FIXED UPSTREAM
 #Patch194: 00194-fix-tests-with-sqlite-3.8.4.patch
 
+# Since openssl-1.0.1h-5.fc21 SSLv2 and SSLV3 protocols
+# are disabled by default in openssl, according the comment in openssl
+# patch this affects only SSLv23_method, this patch enables SSLv2
+# and SSLv3 when SSLv23_method is used
+Patch195: 00195-enable-sslv23-in-ssl.patch
+
 # (New patches go here ^^^)
 #
 # When adding new patches to "python" and "python3" in Fedora 17 onwards,
@@ -1233,6 +1239,7 @@ mv Modules/cryptmodule.c Modules/_cryptmodule.c
 # 00192: upstream as of Python 2.7.7
 %patch193 -p1
 # 00194: upstream as of Python 2.7.7
+%patch195 -p1
 
 
 # This shouldn't be necesarry, but is right now (2.2a3)
@@ -2067,6 +2074,9 @@ rm -fr %{buildroot}
 # ======================================================
 
 %changelog
+* Fri Jul 18 2014 Robert Kuska <rkuska at redhat.com> - 2.7.8-2
+- Enable SSLv2 and SSLv3 when SSLv23_method is used in ssl
+
 * Mon Jul 14 2014 Robert Kuska <rkuska at redhat.com> - 2.7.8-1
 - Update to 2.7.8

More information about the scm-commits mailing list