Mercurial Mercurial > upstream > oracle > userland-gate / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/python/oslo.messaging/patches/01-disable-sslv3.patch
changeset 5405 66fd59fecd68
parent 5404 55e409ba4e72
child 5406 5ac656f02914
equal deleted inserted replaced
5404:55e409ba4e72 5405:66fd59fecd68 
     1 This upstream patch addresses the removal of SSLv3 (Bug# 1395095)
 
       
     2 
       
     3 From https://review.openstack.org/openstack/oslo.messaging
 
       
     4  * branch            refs/changes/78/136278/2 -> FETCH_HEAD
 
       
     5 From 42f55a1dda96d4ceecf8cca5fba9cd723673f6e3 Mon Sep 17 00:00:00 2001
 
       
     6 From: Thomas Goirand <[email protected]>
 
       
     7 Date: Fri, 21 Nov 2014 17:40:46 +0800
 
       
     8 Subject: [PATCH] Remove the use of PROTOCOL_SSLv3
 
       
     9 
       
    10 The PROTOCOL_SSLv3 should not be used, as it can be exploited with
 
       
    11 a protocol downgrade attack. Also, its support has been removed in
 
       
    12 Debian, so it simply doesn't work at all now in Sid.
 
       
    13 
       
    14 This patch removes PROTOCOL_SSLv3 from one of the possible protocols
 
       
    15 used by oslo.messaging.
 
       
    16 
       
    17 Closes-Bug: #1395095
 
       
    18 Change-Id: I2c1977c3bfc1923bcb03744e909f2e70c7fdb14c
 
       
    19 ---
 
       
    20  oslo/messaging/_drivers/impl_rabbit.py |   12 ++++++++----
 
       
    21  1 file changed, 8 insertions(+), 4 deletions(-)
 
       
    22 
       
    23 diff --git a/oslo/messaging/_drivers/impl_rabbit.py b/oslo/messaging/_drivers/impl_rabbit.py
 
       
    24 index 939a3ce..0c786ed 100644
 
       
    25 --- a/oslo/messaging/_drivers/impl_rabbit.py
 
       
    26 +++ b/oslo/messaging/_drivers/impl_rabbit.py
 
       
    27 @@ -41,8 +41,8 @@ rabbit_opts = [
 
       
    28      cfg.StrOpt('kombu_ssl_version',
 
       
    29                 default='',
 
       
    30                 help='SSL version to use (valid only if SSL enabled). '
 
       
    31 -                    'valid values are TLSv1, SSLv23 and SSLv3. SSLv2 may '
 
       
    32 -                    'be available on some distributions.'
 
       
    33 +                    'valid values are TLSv1 and SSLv23. SSLv2 and '
 
       
    34 +                    'SSLv3 may be available on some distributions.'
 
       
    35                 ),
 
       
    36      cfg.StrOpt('kombu_ssl_keyfile',
 
       
    37                 default='',
 
       
    38 @@ -496,8 +496,7 @@ class Connection(object):
 
       
    39      # FIXME(markmc): use oslo sslutils when it is available as a library
 
       
    40      _SSL_PROTOCOLS = {
 
       
    41          "tlsv1": ssl.PROTOCOL_TLSv1,
 
       
    42 -        "sslv23": ssl.PROTOCOL_SSLv23,
 
       
    43 -        "sslv3": ssl.PROTOCOL_SSLv3
 
       
    44 +        "sslv23": ssl.PROTOCOL_SSLv23
 
       
    45      }
 
       
    46  
       
    47      try:
 
       
    48 @@ -505,6 +504,11 @@ class Connection(object):
 
       
    49      except AttributeError:
 
       
    50          pass
 
       
    51  
       
    52 +    try:
 
       
    53 +        _SSL_PROTOCOLS["sslv3"] = ssl.PROTOCOL_SSLv3
 
       
    54 +    except AttributeError:
 
       
    55 +        pass
 
       
    56 +
 
       
    57      @classmethod
upstream/oracle/userland-gate