diff options
| -rw-r--r-- | debian/changelog | 9 | ||||
| -rw-r--r-- | debian/patches/06_do-not-make-SSLv3-mandatory.patch | 25 | ||||
| -rw-r--r-- | debian/patches/series | 1 |
3 files changed, 33 insertions, 2 deletions
diff --git a/debian/changelog b/debian/changelog index 5436a6f..fd4f27e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,11 +1,16 @@ python-urllib3 (1.9.1-3) UNRELEASED; urgency=medium - * Team upload. + [ Stefano Rivera ] * Replace 05_do-not-use-embedded-ssl-match-hostname.patch with 05_avoid-embedded-ssl-match-hostname.patch. Users may use virtualenv with cPython << 2.7.9 (or Debian python2.7 2.7.8-7). (Closes: 755106, 763389) - -- Stefano Rivera <stefanor@debian.org> Tue, 18 Nov 2014 12:45:49 -0800 + [ Daniele Tricoli ] + * debian/patches/06_do-not-make-SSLv3-mandatory.patch + - Since SSL version 3 is insicure it is supported only if Python + supports it. (Closes: 770246) + + -- Daniele Tricoli <eriol@mornie.org> Thu, 20 Nov 2014 13:17:59 +0100 python-urllib3 (1.9.1-2) unstable; urgency=medium diff --git a/debian/patches/06_do-not-make-SSLv3-mandatory.patch b/debian/patches/06_do-not-make-SSLv3-mandatory.patch new file mode 100644 index 0000000..0ce3f4a --- /dev/null +++ b/debian/patches/06_do-not-make-SSLv3-mandatory.patch @@ -0,0 +1,25 @@ +Description: Since SSL version 3 is insicure it is supported only if Python + supports it. In Debian SSL version 3 is disabled in system Python since + 2.7.8-12. +Author: Daniele Tricoli <eriol@mornie.org> +Forwarded: https://github.com/shazow/urllib3/issues/487#issuecomment-63805742 +Last/Update: 2014-11-20 + +--- a/urllib3/contrib/pyopenssl.py ++++ b/urllib3/contrib/pyopenssl.py +@@ -70,9 +70,14 @@ + # Map from urllib3 to PyOpenSSL compatible parameter-values. + _openssl_versions = { + ssl.PROTOCOL_SSLv23: OpenSSL.SSL.SSLv23_METHOD, +- ssl.PROTOCOL_SSLv3: OpenSSL.SSL.SSLv3_METHOD, + ssl.PROTOCOL_TLSv1: OpenSSL.SSL.TLSv1_METHOD, + } ++ ++try: ++ _openssl_versions.update({ssl.PROTOCOL_SSLv3: OpenSSL.SSL.SSLv3_METHOD}) ++except AttributeError: ++ pass ++ + _openssl_verify = { + ssl.CERT_NONE: OpenSSL.SSL.VERIFY_NONE, + ssl.CERT_OPTIONAL: OpenSSL.SSL.VERIFY_PEER, diff --git a/debian/patches/series b/debian/patches/series index b77d657..30602ad 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -3,3 +3,4 @@ 03_force_setuptools.patch 04_relax_nosetests_options.patch 05_avoid-embedded-ssl-match-hostname.patch +06_do-not-make-SSLv3-mandatory.patch |