From 7b37ee93558a7d5c3ecca560893f0fa503e1b95b Mon Sep 17 00:00:00 2001
From: Daniele Tricoli <eriol@mornie.org>
Date: Wed, 16 Oct 2013 14:54:10 +0000
Subject: * debian/patches/02_require-cert-verification.patch   - Refreshed

---
 debian/patches/02_require-cert-verification.patch | 27 ++++++++++++++++++-----
 1 file changed, 22 insertions(+), 5 deletions(-)

(limited to 'debian/patches')

diff --git a/debian/patches/02_require-cert-verification.patch b/debian/patches/02_require-cert-verification.patch
index cc2e896..7c3bef1 100644
--- a/debian/patches/02_require-cert-verification.patch
+++ b/debian/patches/02_require-cert-verification.patch
@@ -3,18 +3,35 @@ Description: require SSL certificate validation by default by using
  CERT_REQUIRED and using the system /etc/ssl/certs/ca-certificates.crt
 Bug-Ubuntu: https://launchpad.net/bugs/1047054
 Bug-Debian: http://bugs.debian.org/686872
-Last-Update: 2013-05-07
+Last-Update: 2013-10-16
 
 --- a/urllib3/connectionpool.py
 +++ b/urllib3/connectionpool.py
-@@ -523,8 +523,8 @@
-     def __init__(self, host, port=None,
+@@ -87,12 +87,13 @@
+     Based on httplib.HTTPSConnection but wraps the socket with
+     SSL certification.
+     """
+-    cert_reqs = None
+-    ca_certs = None
++    # On Debian, SSL certificate validation is required by default
++    cert_reqs = 'CERT_REQUIRED'
++    ca_certs = '/etc/ssl/certs/ca-certificates.crt'
+     ssl_version = None
+ 
+     def set_cert(self, key_file=None, cert_file=None,
+-                 cert_reqs=None, ca_certs=None,
++                 cert_reqs='CERT_REQUIRED', ca_certs='/etc/ssl/certs/ca-certificates.crt',
+                  assert_hostname=None, assert_fingerprint=None):
+ 
+         self.key_file = key_file
+@@ -644,8 +645,8 @@
                   strict=False, timeout=None, maxsize=1,
                   block=False, headers=None,
+                  _proxy=None, _proxy_headers=None,
 -                 key_file=None, cert_file=None, cert_reqs=None,
 -                 ca_certs=None, ssl_version=None,
 +                 key_file=None, cert_file=None, cert_reqs='CERT_REQUIRED',
 +                 ca_certs='/etc/ssl/certs/ca-certificates.crt', ssl_version=None,
                   assert_hostname=None, assert_fingerprint=None):
-
-         HTTPConnectionPool.__init__(self, host, port,
+ 
+         HTTPConnectionPool.__init__(self, host, port, strict, timeout, maxsize,
-- 
cgit v1.2.3