From 6616f164d890f50458ca024870e3654bb1ed4032 Mon Sep 17 00:00:00 2001
From: Daniele Tricoli <eriol@mornie.org>
Date: Mon, 10 Sep 2012 12:08:04 +0000
Subject: Require SSL certificate validation by default by using CERT_REQUIRED
 and using the system /etc/ssl/certs/ca-certificates.crt

---
 debian/changelog                                  | 11 +++++++++++
 debian/patches/02_require-cert-verification.patch | 19 +++++++++++++++++++
 debian/patches/series                             |  1 +
 3 files changed, 31 insertions(+)
 create mode 100644 debian/patches/02_require-cert-verification.patch

diff --git a/debian/changelog b/debian/changelog
index 17e59e1..d888d9e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+python-urllib3 (1.3-3) UNRELEASED; urgency=low
+
+  * debian/patches/02_require-cert-verification.patch
+    - require SSL certificate validation by default by using
+      CERT_REQUIRED and using the system
+      /etc/ssl/certs/ca-certificates.crt.
+      Thanks to Jamie Strandboge for report and patch.
+      (Closes: #686872)
+
+ -- Daniele Tricoli <eriol@mornie.org>  Fri, 07 Sep 2012 13:20:20 +0200
+
 python-urllib3 (1.3-2) unstable; urgency=low
 
   * debian/control
diff --git a/debian/patches/02_require-cert-verification.patch b/debian/patches/02_require-cert-verification.patch
new file mode 100644
index 0000000..b4decd9
--- /dev/null
+++ b/debian/patches/02_require-cert-verification.patch
@@ -0,0 +1,19 @@
+Author: Jamie Strandboge <jamie@canonical.com>
+Description: require SSL certificate validation by default by using
+ CERT_REQUIRED and using the system /etc/ssl/certs/ca-certificates.crt
+Bug-Ubuntu: https://launchpad.net/bugs/1047054
+Bug-Debian: http://bugs.debian.org/686872
+
+Index: python-urllib3-1.3/urllib3/connectionpool.py
+===================================================================
+--- python-urllib3-1.3.orig/urllib3/connectionpool.py	2012-09-06 16:03:50.000000000 -0500
++++ python-urllib3-1.3/urllib3/connectionpool.py	2012-09-06 16:08:59.000000000 -0500
+@@ -463,7 +463,7 @@
+                  strict=False, timeout=None, maxsize=1,
+                  block=False, headers=None,
+                  key_file=None, cert_file=None,
+-                 cert_reqs='CERT_NONE', ca_certs=None):
++                 cert_reqs='CERT_REQUIRED', ca_certs='/etc/ssl/certs/ca-certificates.crt'):
+
+         super(HTTPSConnectionPool, self).__init__(host, port,
+                                                   strict, timeout, maxsize,
diff --git a/debian/patches/series b/debian/patches/series
index 64de581..cb492ff 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
 01_do-not-use-embedded-python-six.patch
+02_require-cert-verification.patch
-- 
cgit v1.2.3


From 83ca8ae17b088f18474146dd63d0e14a2583df67 Mon Sep 17 00:00:00 2001
From: Daniele Tricoli <eriol@mornie.org>
Date: Mon, 10 Sep 2012 12:34:30 +0000
Subject: Added ca-certificates to Recommends field

---
 debian/changelog | 6 ++++--
 debian/control   | 4 ++++
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index d888d9e..06ccfdb 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,13 +1,15 @@
 python-urllib3 (1.3-3) UNRELEASED; urgency=low
 
+  * debian/control
+    - Added ca-certificates to Recommends field
   * debian/patches/02_require-cert-verification.patch
     - require SSL certificate validation by default by using
       CERT_REQUIRED and using the system
       /etc/ssl/certs/ca-certificates.crt.
-      Thanks to Jamie Strandboge for report and patch.
+      Thanks to Jamie Strandboge for report and patch
       (Closes: #686872)
 
- -- Daniele Tricoli <eriol@mornie.org>  Fri, 07 Sep 2012 13:20:20 +0200
+ -- Daniele Tricoli <eriol@mornie.org>  Mon, 10 Sep 2012 14:33:35 +0200
 
 python-urllib3 (1.3-2) unstable; urgency=low
 
diff --git a/debian/control b/debian/control
index fc30005..2e522c7 100644
--- a/debian/control
+++ b/debian/control
@@ -25,6 +25,8 @@ Depends:
  ${misc:Depends},
  ${python:Depends},
  python-six
+Recommends:
+ ca-certificates
 Description: HTTP library with thread-safe connection pooling for Python
  urllib3 supports features left out of urllib and urllib2 libraries.
  .
@@ -44,6 +46,8 @@ Depends:
  ${misc:Depends},
  ${python3:Depends},
  python3-six
+Recommends:
+ ca-certificates
 Description: HTTP library with thread-safe connection pooling for Python3
  urllib3 supports features left out of urllib and urllib2 libraries.
  .
-- 
cgit v1.2.3


From 7bdcb812ec3df2858713c45e1d868264a9815267 Mon Sep 17 00:00:00 2001
From: Piotr Ożarowski <piotr@debian.org>
Date: Thu, 13 Sep 2012 17:25:10 +0000
Subject: s/UNRELEASED/unstable/

---
 debian/changelog | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index 06ccfdb..2ac55dd 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-python-urllib3 (1.3-3) UNRELEASED; urgency=low
+python-urllib3 (1.3-3) unstable; urgency=low
 
   * debian/control
     - Added ca-certificates to Recommends field
-- 
cgit v1.2.3