diff options
author | Daniele Tricoli <eriol@mornie.org> | 2012-09-10 12:08:04 +0000 |
---|---|---|
committer | Daniele Tricoli <eriol@mornie.org> | 2012-09-10 12:08:04 +0000 |
commit | 6616f164d890f50458ca024870e3654bb1ed4032 (patch) | |
tree | 83d4bc9051534d6714f13081f33e7d5942ad64c5 | |
parent | 99072e4faa62f54b1f8142ab0df6dffc83455f8d (diff) | |
download | python-urllib3-6616f164d890f50458ca024870e3654bb1ed4032.tar python-urllib3-6616f164d890f50458ca024870e3654bb1ed4032.tar.gz |
Require SSL certificate validation by default by using
CERT_REQUIRED and using the system /etc/ssl/certs/ca-certificates.crt
-rw-r--r-- | debian/changelog | 11 | ||||
-rw-r--r-- | debian/patches/02_require-cert-verification.patch | 19 | ||||
-rw-r--r-- | debian/patches/series | 1 |
3 files changed, 31 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 17e59e1..d888d9e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,14 @@ +python-urllib3 (1.3-3) UNRELEASED; urgency=low + + * debian/patches/02_require-cert-verification.patch + - require SSL certificate validation by default by using + CERT_REQUIRED and using the system + /etc/ssl/certs/ca-certificates.crt. + Thanks to Jamie Strandboge for report and patch. + (Closes: #686872) + + -- Daniele Tricoli <eriol@mornie.org> Fri, 07 Sep 2012 13:20:20 +0200 + python-urllib3 (1.3-2) unstable; urgency=low * debian/control diff --git a/debian/patches/02_require-cert-verification.patch b/debian/patches/02_require-cert-verification.patch new file mode 100644 index 0000000..b4decd9 --- /dev/null +++ b/debian/patches/02_require-cert-verification.patch @@ -0,0 +1,19 @@ +Author: Jamie Strandboge <jamie@canonical.com> +Description: require SSL certificate validation by default by using + CERT_REQUIRED and using the system /etc/ssl/certs/ca-certificates.crt +Bug-Ubuntu: https://launchpad.net/bugs/1047054 +Bug-Debian: http://bugs.debian.org/686872 + +Index: python-urllib3-1.3/urllib3/connectionpool.py +=================================================================== +--- python-urllib3-1.3.orig/urllib3/connectionpool.py 2012-09-06 16:03:50.000000000 -0500 ++++ python-urllib3-1.3/urllib3/connectionpool.py 2012-09-06 16:08:59.000000000 -0500 +@@ -463,7 +463,7 @@ + strict=False, timeout=None, maxsize=1, + block=False, headers=None, + key_file=None, cert_file=None, +- cert_reqs='CERT_NONE', ca_certs=None): ++ cert_reqs='CERT_REQUIRED', ca_certs='/etc/ssl/certs/ca-certificates.crt'): + + super(HTTPSConnectionPool, self).__init__(host, port, + strict, timeout, maxsize, diff --git a/debian/patches/series b/debian/patches/series index 64de581..cb492ff 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1 +1,2 @@ 01_do-not-use-embedded-python-six.patch +02_require-cert-verification.patch |