upstream/oracle/userland-gate: components/python/python34/patches/20-disable-sslv3.patch@da37433d5103 (annotated)

3790 29f21fba058a 20332546 problem in UTILITY/PYTHON John Beck <John.Beck@Oracle.COM> parents: diff changeset	1	This patch comes from in-house. It has not yet been submitted upstream,
29f21fba058a 20332546 problem in UTILITY/PYTHON John Beck <John.Beck@Oracle.COM> parents: diff changeset	2	but submission is planned.
29f21fba058a 20332546 problem in UTILITY/PYTHON John Beck <John.Beck@Oracle.COM> parents: diff changeset	3
3876 da37433d5103 20605341 update Python to 3.4.3 John Beck <John.Beck@Oracle.COM> parents: 3790 diff changeset	4	--- Python-3.4.3/Modules/_ssl.c.~1~ 2015-02-25 03:27:45.000000000 -0800
da37433d5103 20605341 update Python to 3.4.3 John Beck <John.Beck@Oracle.COM> parents: 3790 diff changeset	5	+++ Python-3.4.3/Modules/_ssl.c 2015-02-25 08:51:04.532103249 -0800
da37433d5103 20605341 update Python to 3.4.3 John Beck <John.Beck@Oracle.COM> parents: 3790 diff changeset	6	@@ -2061,6 +2061,8 @@
3790 29f21fba058a 20332546 problem in UTILITY/PYTHON John Beck <John.Beck@Oracle.COM> parents: diff changeset	7	options = SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
29f21fba058a 20332546 problem in UTILITY/PYTHON John Beck <John.Beck@Oracle.COM> parents: diff changeset	8	if (proto_version != PY_SSL_VERSION_SSL2)
29f21fba058a 20332546 problem in UTILITY/PYTHON John Beck <John.Beck@Oracle.COM> parents: diff changeset	9	options \|= SSL_OP_NO_SSLv2;
29f21fba058a 20332546 problem in UTILITY/PYTHON John Beck <John.Beck@Oracle.COM> parents: diff changeset	10	+ if (proto_version != PY_SSL_VERSION_SSL3)
29f21fba058a 20332546 problem in UTILITY/PYTHON John Beck <John.Beck@Oracle.COM> parents: diff changeset	11	+ options \|= SSL_OP_NO_SSLv3;
29f21fba058a 20332546 problem in UTILITY/PYTHON John Beck <John.Beck@Oracle.COM> parents: diff changeset	12	SSL_CTX_set_options(self->ctx, options);
29f21fba058a 20332546 problem in UTILITY/PYTHON John Beck <John.Beck@Oracle.COM> parents: diff changeset	13
29f21fba058a 20332546 problem in UTILITY/PYTHON John Beck <John.Beck@Oracle.COM> parents: diff changeset	14	#ifndef OPENSSL_NO_ECDH
3876 da37433d5103 20605341 update Python to 3.4.3 John Beck <John.Beck@Oracle.COM> parents: 3790 diff changeset	15	--- Python-3.4.3/Lib/test/test_ssl.py.~1~ 2015-02-25 03:27:45.000000000 -0800
da37433d5103 20605341 update Python to 3.4.3 John Beck <John.Beck@Oracle.COM> parents: 3790 diff changeset	16	+++ Python-3.4.3/Lib/test/test_ssl.py 2015-02-25 08:50:21.079031281 -0800
da37433d5103 20605341 update Python to 3.4.3 John Beck <John.Beck@Oracle.COM> parents: 3790 diff changeset	17	@@ -675,10 +675,7 @@
3790 29f21fba058a 20332546 problem in UTILITY/PYTHON John Beck <John.Beck@Oracle.COM> parents: diff changeset	18	@skip_if_broken_ubuntu_ssl
29f21fba058a 20332546 problem in UTILITY/PYTHON John Beck <John.Beck@Oracle.COM> parents: diff changeset	19	def test_options(self):
29f21fba058a 20332546 problem in UTILITY/PYTHON John Beck <John.Beck@Oracle.COM> parents: diff changeset	20	ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
29f21fba058a 20332546 problem in UTILITY/PYTHON John Beck <John.Beck@Oracle.COM> parents: diff changeset	21	- # OP_ALL \| OP_NO_SSLv2 is the default value
29f21fba058a 20332546 problem in UTILITY/PYTHON John Beck <John.Beck@Oracle.COM> parents: diff changeset	22	- self.assertEqual(ssl.OP_ALL \| ssl.OP_NO_SSLv2,
29f21fba058a 20332546 problem in UTILITY/PYTHON John Beck <John.Beck@Oracle.COM> parents: diff changeset	23	- ctx.options)
29f21fba058a 20332546 problem in UTILITY/PYTHON John Beck <John.Beck@Oracle.COM> parents: diff changeset	24	- ctx.options \|= ssl.OP_NO_SSLv3
29f21fba058a 20332546 problem in UTILITY/PYTHON John Beck <John.Beck@Oracle.COM> parents: diff changeset	25	+ # OP_ALL \| OP_NO_SSLv2 \| OP_NO_SSLv3 is the default value
29f21fba058a 20332546 problem in UTILITY/PYTHON John Beck <John.Beck@Oracle.COM> parents: diff changeset	26	self.assertEqual(ssl.OP_ALL \| ssl.OP_NO_SSLv2 \| ssl.OP_NO_SSLv3,
29f21fba058a 20332546 problem in UTILITY/PYTHON John Beck <John.Beck@Oracle.COM> parents: diff changeset	27	ctx.options)
29f21fba058a 20332546 problem in UTILITY/PYTHON John Beck <John.Beck@Oracle.COM> parents: diff changeset	28	if can_clear_options():
3876 da37433d5103 20605341 update Python to 3.4.3 John Beck <John.Beck@Oracle.COM> parents: 3790 diff changeset	29	@@ -2171,17 +2168,17 @@
3790 29f21fba058a 20332546 problem in UTILITY/PYTHON John Beck <John.Beck@Oracle.COM> parents: diff changeset	30	" SSL2 client to SSL23 server test unexpectedly failed:\n %s\n"
29f21fba058a 20332546 problem in UTILITY/PYTHON John Beck <John.Beck@Oracle.COM> parents: diff changeset	31	% str(x))
3876 da37433d5103 20605341 update Python to 3.4.3 John Beck <John.Beck@Oracle.COM> parents: 3790 diff changeset	32	if hasattr(ssl, 'PROTOCOL_SSLv3'):
da37433d5103 20605341 update Python to 3.4.3 John Beck <John.Beck@Oracle.COM> parents: 3790 diff changeset	33	- try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, True)
da37433d5103 20605341 update Python to 3.4.3 John Beck <John.Beck@Oracle.COM> parents: 3790 diff changeset	34	+ try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, False)
3790 29f21fba058a 20332546 problem in UTILITY/PYTHON John Beck <John.Beck@Oracle.COM> parents: diff changeset	35	try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv23, True)
29f21fba058a 20332546 problem in UTILITY/PYTHON John Beck <John.Beck@Oracle.COM> parents: diff changeset	36	try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1, True)
29f21fba058a 20332546 problem in UTILITY/PYTHON John Beck <John.Beck@Oracle.COM> parents: diff changeset	37
3876 da37433d5103 20605341 update Python to 3.4.3 John Beck <John.Beck@Oracle.COM> parents: 3790 diff changeset	38	if hasattr(ssl, 'PROTOCOL_SSLv3'):
da37433d5103 20605341 update Python to 3.4.3 John Beck <John.Beck@Oracle.COM> parents: 3790 diff changeset	39	- try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, True, ssl.CERT_OPTIONAL)
da37433d5103 20605341 update Python to 3.4.3 John Beck <John.Beck@Oracle.COM> parents: 3790 diff changeset	40	+ try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, False, ssl.CERT_OPTIONAL)
3790 29f21fba058a 20332546 problem in UTILITY/PYTHON John Beck <John.Beck@Oracle.COM> parents: diff changeset	41	try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv23, True, ssl.CERT_OPTIONAL)
29f21fba058a 20332546 problem in UTILITY/PYTHON John Beck <John.Beck@Oracle.COM> parents: diff changeset	42	try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1, True, ssl.CERT_OPTIONAL)
29f21fba058a 20332546 problem in UTILITY/PYTHON John Beck <John.Beck@Oracle.COM> parents: diff changeset	43
3876 da37433d5103 20605341 update Python to 3.4.3 John Beck <John.Beck@Oracle.COM> parents: 3790 diff changeset	44	if hasattr(ssl, 'PROTOCOL_SSLv3'):
da37433d5103 20605341 update Python to 3.4.3 John Beck <John.Beck@Oracle.COM> parents: 3790 diff changeset	45	- try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, True, ssl.CERT_REQUIRED)
da37433d5103 20605341 update Python to 3.4.3 John Beck <John.Beck@Oracle.COM> parents: 3790 diff changeset	46	+ try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, False, ssl.CERT_REQUIRED)
3790 29f21fba058a 20332546 problem in UTILITY/PYTHON John Beck <John.Beck@Oracle.COM> parents: diff changeset	47	try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv23, True, ssl.CERT_REQUIRED)
29f21fba058a 20332546 problem in UTILITY/PYTHON John Beck <John.Beck@Oracle.COM> parents: diff changeset	48	try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1, True, ssl.CERT_REQUIRED)
29f21fba058a 20332546 problem in UTILITY/PYTHON John Beck <John.Beck@Oracle.COM> parents: diff changeset	49
3876 da37433d5103 20605341 update Python to 3.4.3 John Beck <John.Beck@Oracle.COM> parents: 3790 diff changeset	50	@@ -2213,7 +2210,8 @@
3790 29f21fba058a 20332546 problem in UTILITY/PYTHON John Beck <John.Beck@Oracle.COM> parents: diff changeset	51	try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_TLSv1, False)
29f21fba058a 20332546 problem in UTILITY/PYTHON John Beck <John.Beck@Oracle.COM> parents: diff changeset	52	if no_sslv2_implies_sslv3_hello():
29f21fba058a 20332546 problem in UTILITY/PYTHON John Beck <John.Beck@Oracle.COM> parents: diff changeset	53	# No SSLv2 => client will use an SSLv3 hello on recent OpenSSLs
29f21fba058a 20332546 problem in UTILITY/PYTHON John Beck <John.Beck@Oracle.COM> parents: diff changeset	54	- try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv23, True,
29f21fba058a 20332546 problem in UTILITY/PYTHON John Beck <John.Beck@Oracle.COM> parents: diff changeset	55	+ # until we disabled SSLv3 for Poodle
29f21fba058a 20332546 problem in UTILITY/PYTHON John Beck <John.Beck@Oracle.COM> parents: diff changeset	56	+ try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv23, False,
29f21fba058a 20332546 problem in UTILITY/PYTHON John Beck <John.Beck@Oracle.COM> parents: diff changeset	57	client_options=ssl.OP_NO_SSLv2)
29f21fba058a 20332546 problem in UTILITY/PYTHON John Beck <John.Beck@Oracle.COM> parents: diff changeset	58
29f21fba058a 20332546 problem in UTILITY/PYTHON John Beck <John.Beck@Oracle.COM> parents: diff changeset	59	@skip_if_broken_ubuntu_ssl

author	John Beck <John.Beck@Oracle.COM>
	Wed, 25 Feb 2015 20:44:31 -0800
branch	s11-update
changeset 3876	da37433d5103
parent 3790	29f21fba058a
permissions	-rw-r--r--