* debian/patches/02_require-cert-verification.patch

- Refreshed
author: Daniele Tricoli <eriol@mornie.org> 2013-10-16 14:54:10 +0000
committer: Daniele Tricoli <eriol@mornie.org> 2013-10-16 14:54:10 +0000
commit: 7b37ee93558a7d5c3ecca560893f0fa503e1b95b (patch)
tree: 1aef90fb13cb5c85dcc5642962ff59ed6cf4a83a
parent: dc761eb8f77394f65d307d1490555340909482ba (diff)
download: python-urllib3-7b37ee93558a7d5c3ecca560893f0fa503e1b95b.tar
python-urllib3-7b37ee93558a7d5c3ecca560893f0fa503e1b95b.tar.gz
2 files changed, 25 insertions, 6 deletions
diff --git a/debian/changelog b/debian/changelog
index 3c25f34..057413c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,8 +3,10 @@ python-urllib3 (1.7.1-1) UNRELEASED; urgency=low
   * New upstream release
   * debian/patches/01_do-not-use-embedded-python-six.patch
     - Refreshed
+  * debian/patches/02_require-cert-verification.patch
+    - Refreshed
 
- -- Daniele Tricoli <eriol@mornie.org>  Wed, 16 Oct 2013 11:30:49 +0200
+ -- Daniele Tricoli <eriol@mornie.org>  Wed, 16 Oct 2013 16:51:08 +0200
 
 python-urllib3 (1.6-2) unstable; urgency=high
 
diff --git a/debian/patches/02_require-cert-verification.patch b/debian/patches/02_require-cert-verification.patch
index cc2e896..7c3bef1 100644
--- a/debian/patches/02_require-cert-verification.patch
+++ b/debian/patches/02_require-cert-verification.patch
@@ -3,18 +3,35 @@ Description: require SSL certificate validation by default by using
  CERT_REQUIRED and using the system /etc/ssl/certs/ca-certificates.crt
 Bug-Ubuntu: https://launchpad.net/bugs/1047054
 Bug-Debian: http://bugs.debian.org/686872
-Last-Update: 2013-05-07
+Last-Update: 2013-10-16
 
 --- a/urllib3/connectionpool.py
 +++ b/urllib3/connectionpool.py
-@@ -523,8 +523,8 @@
-     def __init__(self, host, port=None,
+@@ -87,12 +87,13 @@
+     Based on httplib.HTTPSConnection but wraps the socket with
+     SSL certification.
+     """
+-    cert_reqs = None
+-    ca_certs = None
++    # On Debian, SSL certificate validation is required by default
++    cert_reqs = 'CERT_REQUIRED'
++    ca_certs = '/etc/ssl/certs/ca-certificates.crt'
+     ssl_version = None
+ 
+     def set_cert(self, key_file=None, cert_file=None,
+-                 cert_reqs=None, ca_certs=None,
++                 cert_reqs='CERT_REQUIRED', ca_certs='/etc/ssl/certs/ca-certificates.crt',
+                  assert_hostname=None, assert_fingerprint=None):
+ 
+         self.key_file = key_file
+@@ -644,8 +645,8 @@
                   strict=False, timeout=None, maxsize=1,
                   block=False, headers=None,
+                  _proxy=None, _proxy_headers=None,
 -                 key_file=None, cert_file=None, cert_reqs=None,
 -                 ca_certs=None, ssl_version=None,
 +                 key_file=None, cert_file=None, cert_reqs='CERT_REQUIRED',
 +                 ca_certs='/etc/ssl/certs/ca-certificates.crt', ssl_version=None,
                   assert_hostname=None, assert_fingerprint=None):
-
-         HTTPConnectionPool.__init__(self, host, port,
+ 
+         HTTPConnectionPool.__init__(self, host, port, strict, timeout, maxsize,
author	Daniele Tricoli <eriol@mornie.org>	2013-10-16 14:54:10 +0000
committer	Daniele Tricoli <eriol@mornie.org>	2013-10-16 14:54:10 +0000
commit	7b37ee93558a7d5c3ecca560893f0fa503e1b95b (patch)
tree	1aef90fb13cb5c85dcc5642962ff59ed6cf4a83a
parent	dc761eb8f77394f65d307d1490555340909482ba (diff)
download	python-urllib3-7b37ee93558a7d5c3ecca560893f0fa503e1b95b.tar python-urllib3-7b37ee93558a7d5c3ecca560893f0fa503e1b95b.tar.gz