components/python/python26/patches/Python26-38-disable-sslv3.patch
branchs11-update
changeset 3645 7f9e7408bb02
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/python/python26/patches/Python26-38-disable-sslv3.patch	Fri Jan 09 08:38:55 2015 -0800
@@ -0,0 +1,28 @@
+This patch comes from in-house, and will not be passed upstream, since
+Python 2.6 has been abandoned in favor of later versions.
+
+--- Python-2.6.8/Modules/_ssl.c.~2~	2014-12-16 00:06:40.398956147 -0800
++++ Python-2.6.8/Modules/_ssl.c	2015-01-08 12:43:53.326916627 -0800
[email protected]@ -269,6 +269,7 @@
+     char *errstr = NULL;
+     int ret;
+     int verification_mode;
++    long options;
+ 
+     self = PyObject_New(PySSLObject, &PySSL_Type); /* Create new object */
+     if (self == NULL)
[email protected]@ -359,8 +360,12 @@
+     }
+ 
+     /* ssl compatibility */
+-    SSL_CTX_set_options(self->ctx,
+-                        SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
++    options = SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
++    if (proto_version != PY_SSL_VERSION_SSL2)
++        options |= SSL_OP_NO_SSLv2;
++    if (proto_version != PY_SSL_VERSION_SSL3)
++        options |= SSL_OP_NO_SSLv3;
++    SSL_CTX_set_options(self->ctx, options);
+ 
+     verification_mode = SSL_VERIFY_NONE;
+     if (certreq == PY_SSL_CERT_OPTIONAL)