From 8ef89a8dcccd9bbb7d189934385649ba27cd20be Mon Sep 17 00:00:00 2001 From: Daniele Tricoli Date: Thu, 20 Nov 2014 13:28:03 +0000 Subject: * debian/patches/06_do-not-make-SSLv3-mandatory.patch - Since SSL version 3 is insicure it is supported only if Python supports it. (Closes: 770246) --- debian/changelog | 9 ++++++-- .../patches/06_do-not-make-SSLv3-mandatory.patch | 25 ++++++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 33 insertions(+), 2 deletions(-) create mode 100644 debian/patches/06_do-not-make-SSLv3-mandatory.patch diff --git a/debian/changelog b/debian/changelog index 5436a6f..fd4f27e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,11 +1,16 @@ python-urllib3 (1.9.1-3) UNRELEASED; urgency=medium - * Team upload. + [ Stefano Rivera ] * Replace 05_do-not-use-embedded-ssl-match-hostname.patch with 05_avoid-embedded-ssl-match-hostname.patch. Users may use virtualenv with cPython << 2.7.9 (or Debian python2.7 2.7.8-7). (Closes: 755106, 763389) - -- Stefano Rivera Tue, 18 Nov 2014 12:45:49 -0800 + [ Daniele Tricoli ] + * debian/patches/06_do-not-make-SSLv3-mandatory.patch + - Since SSL version 3 is insicure it is supported only if Python + supports it. (Closes: 770246) + + -- Daniele Tricoli Thu, 20 Nov 2014 13:17:59 +0100 python-urllib3 (1.9.1-2) unstable; urgency=medium diff --git a/debian/patches/06_do-not-make-SSLv3-mandatory.patch b/debian/patches/06_do-not-make-SSLv3-mandatory.patch new file mode 100644 index 0000000..0ce3f4a --- /dev/null +++ b/debian/patches/06_do-not-make-SSLv3-mandatory.patch @@ -0,0 +1,25 @@ +Description: Since SSL version 3 is insicure it is supported only if Python + supports it. In Debian SSL version 3 is disabled in system Python since + 2.7.8-12. +Author: Daniele Tricoli +Forwarded: https://github.com/shazow/urllib3/issues/487#issuecomment-63805742 +Last/Update: 2014-11-20 + +--- a/urllib3/contrib/pyopenssl.py ++++ b/urllib3/contrib/pyopenssl.py +@@ -70,9 +70,14 @@ + # Map from urllib3 to PyOpenSSL compatible parameter-values. + _openssl_versions = { + ssl.PROTOCOL_SSLv23: OpenSSL.SSL.SSLv23_METHOD, +- ssl.PROTOCOL_SSLv3: OpenSSL.SSL.SSLv3_METHOD, + ssl.PROTOCOL_TLSv1: OpenSSL.SSL.TLSv1_METHOD, + } ++ ++try: ++ _openssl_versions.update({ssl.PROTOCOL_SSLv3: OpenSSL.SSL.SSLv3_METHOD}) ++except AttributeError: ++ pass ++ + _openssl_verify = { + ssl.CERT_NONE: OpenSSL.SSL.VERIFY_NONE, + ssl.CERT_OPTIONAL: OpenSSL.SSL.VERIFY_PEER, diff --git a/debian/patches/series b/debian/patches/series index b77d657..30602ad 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -3,3 +3,4 @@ 03_force_setuptools.patch 04_relax_nosetests_options.patch 05_avoid-embedded-ssl-match-hostname.patch +06_do-not-make-SSLv3-mandatory.patch -- cgit v1.2.3