1 files changed, 32 insertions, 0 deletions

diff --git a/debian/patches/05_avoid-embedded-ssl-match-hostname.patch b/debian/patches/05_avoid-embedded-ssl-match-hostname.patch
new file mode 100644
index 0000000..b440988
--- /dev/null
+++ b/debian/patches/05_avoid-embedded-ssl-match-hostname.patch
@@ -0,0 +1,32 @@
+From 7b1a10be6a3f7b3d3765abce6da5e37bace9a80d Mon Sep 17 00:00:00 2001
+From: Stefano Rivera <stefanor@debian.org>
+Date: Thu, 8 Oct 2015 13:19:51 -0700
+Subject: Do not use embedded copy of ssl.match_hostname, when possible
+
+ The system python has the necessary features backported, since 2.7.8-7 (and
+ 221a1f9155e2, releasing in 2.7.9, upstream). However, alternative python
+ implementations don't, yet, and urllib3 is used by pip in virtualenvs.
+Forwarded: not-needed
+Last-Update: 2014-11-18
+
+Patch-Name: 05_avoid-embedded-ssl-match-hostname.patch
+---
+ urllib3/packages/__init__.py | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/urllib3/packages/__init__.py b/urllib3/packages/__init__.py
+index 37e8351..10a3aa8 100644
+--- a/urllib3/packages/__init__.py
++++ b/urllib3/packages/__init__.py
+@@ -1,4 +1,9 @@
+ from __future__ import absolute_import
+ 
+-from . import ssl_match_hostname
+-
++try:
++    # cPython >= 2.7.9 has ssl features backported from Python3
++    from ssl import CertificateError
++    del CertificateError
++    import ssl as ssl_match_hostname
++except ImportError:
++    from . import ssl_match_hostname