1 files changed, 33 insertions, 0 deletions

diff --git a/debian/patches/05_avoid-embedded-ssl-match-hostname.patch b/debian/patches/05_avoid-embedded-ssl-match-hostname.patch
new file mode 100644
index 0000000..1da4d26
--- /dev/null
+++ b/debian/patches/05_avoid-embedded-ssl-match-hostname.patch
@@ -0,0 +1,33 @@
+From 24ae6ba32069ca15f4a163e386964a3accdccf63 Mon Sep 17 00:00:00 2001
+From: Stefano Rivera <stefanor@debian.org>
+Date: Thu, 8 Oct 2015 13:19:51 -0700
+Subject: Do not use embedded copy of ssl.match_hostname, when possible
+
+ The system python has the necessary features backported, since 2.7.8-7 (and
+ 221a1f9155e2, releasing in 2.7.9, upstream). However, alternative python
+ implementations don't, yet, and urllib3 is used by pip in virtualenvs.
+Forwarded: not-needed
+Last-Update: 2014-11-18
+
+Patch-Name: 05_avoid-embedded-ssl-match-hostname.patch
+---
+ urllib3/packages/__init__.py | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/urllib3/packages/__init__.py b/urllib3/packages/__init__.py
+index 170e974..35555ed 100644
+--- a/urllib3/packages/__init__.py
++++ b/urllib3/packages/__init__.py
+@@ -1,5 +1,11 @@
+ from __future__ import absolute_import
+ 
+-from . import ssl_match_hostname
++try:
++    # cPython >= 2.7.9 has ssl features backported from Python3
++    from ssl import CertificateError
++    del CertificateError
++    import ssl as ssl_match_hostname
++except ImportError:
++    from . import ssl_match_hostname
+ 
+ __all__ = ('ssl_match_hostname', )