--- a/components/python/python34/patches/20-disable-sslv3.patch Tue Jan 05 13:35:29 2016 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,59 +0,0 @@
-This patch comes from in-house. It has not yet been submitted upstream,
-but submission is planned.
-
---- Python-3.4.3/Modules/_ssl.c.~1~ 2015-02-25 03:27:45.000000000 -0800
-+++ Python-3.4.3/Modules/_ssl.c 2015-02-25 08:51:04.532103249 -0800
-@@ -2061,6 +2061,8 @@
- options = SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
- if (proto_version != PY_SSL_VERSION_SSL2)
- options |= SSL_OP_NO_SSLv2;
-+ if (proto_version != PY_SSL_VERSION_SSL3)
-+ options |= SSL_OP_NO_SSLv3;
- SSL_CTX_set_options(self->ctx, options);
-
- #ifndef OPENSSL_NO_ECDH
---- Python-3.4.3/Lib/test/test_ssl.py.~1~ 2015-02-25 03:27:45.000000000 -0800
-+++ Python-3.4.3/Lib/test/test_ssl.py 2015-02-25 08:50:21.079031281 -0800
-@@ -675,10 +675,7 @@
- @skip_if_broken_ubuntu_ssl
- def test_options(self):
- ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
-- # OP_ALL | OP_NO_SSLv2 is the default value
-- self.assertEqual(ssl.OP_ALL | ssl.OP_NO_SSLv2,
-- ctx.options)
-- ctx.options |= ssl.OP_NO_SSLv3
-+ # OP_ALL | OP_NO_SSLv2 | OP_NO_SSLv3 is the default value
- self.assertEqual(ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3,
- ctx.options)
- if can_clear_options():
-@@ -2171,17 +2168,17 @@
- " SSL2 client to SSL23 server test unexpectedly failed:\n %s\n"
- % str(x))
- if hasattr(ssl, 'PROTOCOL_SSLv3'):
-- try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, True)
-+ try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, False)
- try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv23, True)
- try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1, True)
-
- if hasattr(ssl, 'PROTOCOL_SSLv3'):
-- try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, True, ssl.CERT_OPTIONAL)
-+ try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, False, ssl.CERT_OPTIONAL)
- try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv23, True, ssl.CERT_OPTIONAL)
- try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1, True, ssl.CERT_OPTIONAL)
-
- if hasattr(ssl, 'PROTOCOL_SSLv3'):
-- try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, True, ssl.CERT_REQUIRED)
-+ try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, False, ssl.CERT_REQUIRED)
- try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv23, True, ssl.CERT_REQUIRED)
- try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1, True, ssl.CERT_REQUIRED)
-
-@@ -2213,7 +2210,8 @@
- try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_TLSv1, False)
- if no_sslv2_implies_sslv3_hello():
- # No SSLv2 => client will use an SSLv3 hello on recent OpenSSLs
-- try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv23, True,
-+ # until we disabled SSLv3 for Poodle
-+ try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv23, False,
- client_options=ssl.OP_NO_SSLv2)
-
- @skip_if_broken_ubuntu_ssl