components/python/python26/patches/Python26-38-disable-sslv3.patch
author John Beck <John.Beck@Oracle.COM>
Fri, 09 Jan 2015 08:38:55 -0800
branchs11-update
changeset 3645 7f9e7408bb02
permissions -rw-r--r--
20231116 problem in UTILITY/PYTHON
This patch comes from in-house, and will not be passed upstream, since
Python 2.6 has been abandoned in favor of later versions.

--- Python-2.6.8/Modules/_ssl.c.~2~	2014-12-16 00:06:40.398956147 -0800
+++ Python-2.6.8/Modules/_ssl.c	2015-01-08 12:43:53.326916627 -0800
@@ -269,6 +269,7 @@
     char *errstr = NULL;
     int ret;
     int verification_mode;
+    long options;
 
     self = PyObject_New(PySSLObject, &PySSL_Type); /* Create new object */
     if (self == NULL)
@@ -359,8 +360,12 @@
     }
 
     /* ssl compatibility */
-    SSL_CTX_set_options(self->ctx,
-                        SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
+    options = SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
+    if (proto_version != PY_SSL_VERSION_SSL2)
+        options |= SSL_OP_NO_SSLv2;
+    if (proto_version != PY_SSL_VERSION_SSL3)
+        options |= SSL_OP_NO_SSLv3;
+    SSL_CTX_set_options(self->ctx, options);
 
     verification_mode = SSL_VERIFY_NONE;
     if (certreq == PY_SSL_CERT_OPTIONAL)