An interpreted, interactive, object-oriented programming language
CentOS Sources
2017-08-01 71084d584ff953f5463757ec6536406320560b4d
commit | author | age
f63228 1 diff -up Python-2.7.5/Lib/ssl.py.cert Python-2.7.5/Lib/ssl.py
CS 2 --- Python-2.7.5/Lib/ssl.py.cert    2015-03-30 14:52:12.172241615 +0200
3 +++ Python-2.7.5/Lib/ssl.py    2015-03-30 15:16:49.168185354 +0200
4 @@ -466,8 +466,27 @@ def _create_unverified_context(protocol=
5  
6      return context
7  
8 +_cert_verification_config = '/etc/python/cert-verification.cfg'
9 +
10 +def _get_verify_status(protocol):
11 +   context_factory = {
12 +       'platform_default': _create_unverified_context,
13 +       'enable': create_default_context,
14 +       'disable': _create_unverified_context
15 +   }
16 +   import ConfigParser
17 +   try:
18 +       config = ConfigParser.RawConfigParser()
19 +       config.read(_cert_verification_config)
20 +       status = config.get(protocol, 'verify')
21 +   except (ConfigParser.NoSectionError, ConfigParser.NoOptionError):
22 +       status = 'platform_default'
23 +   default = context_factory.get('platform_default')
24 +   return context_factory.get(status, default)
25 +
26 +
27  # Used by http.client if no context is explicitly passed.
28 -_create_default_https_context = create_default_context
29 +_create_default_https_context = _get_verify_status('https')
30  
31  
32  # Backwards compatibility alias, even though it's not a public name.
33 diff -up Python-2.7.5/Lib/test/test_httplib.py.cert Python-2.7.5/Lib/test/test_httplib.py
34 --- Python-2.7.5/Lib/test/test_httplib.py.cert    2015-03-30 16:45:30.738794461 +0200
35 +++ Python-2.7.5/Lib/test/test_httplib.py    2015-03-30 16:54:48.065062351 +0200
36 @@ -516,12 +516,24 @@ class HTTPSTest(TestCase):
37          h = httplib.HTTPSConnection(HOST, TimeoutTest.PORT, timeout=30)
38          self.assertEqual(h.timeout, 30)
39  
40 +    def test_networked_default(self):
41 +        # specific to RHEL
42 +        # Default settings: doesnt requires a valid cert from a trusted CA
43 +        test_support.requires('network')
44 +        with test_support.transient_internet('self-signed.pythontest.net'):
45 +            h = httplib.HTTPSConnection('self-signed.pythontest.net', 443)
46 +            h.request('GET', '/')
47 +            resp = h.getresponse()
48 +            self.assertIn('nginx', resp.getheader('server'))
49 +
50 +    # We have to pass safe context to test cert verification
51 +    # RHEL by default disable cert verification
52      def test_networked(self):
53 -        # Default settings: requires a valid cert from a trusted CA
54          import ssl
55          test_support.requires('network')
56          with test_support.transient_internet('self-signed.pythontest.net'):
57 -            h = httplib.HTTPSConnection('self-signed.pythontest.net', 443)
58 +            context = ssl.create_default_context()
59 +            h = httplib.HTTPSConnection('self-signed.pythontest.net', 443, context=context)
60              with self.assertRaises(ssl.SSLError) as exc_info:
61                  h.request('GET', '/')
62              self.assertEqual(exc_info.exception.reason, 'CERTIFICATE_VERIFY_FAILED')
63 @@ -542,8 +554,10 @@ class HTTPSTest(TestCase):
64      def test_networked_trusted_by_default_cert(self):
65          # Default settings: requires a valid cert from a trusted CA
66          test_support.requires('network')
67 +        import ssl
68          with test_support.transient_internet('www.python.org'):
69 -            h = httplib.HTTPSConnection('www.python.org', 443)
70 +            context = ssl.create_default_context()
71 +            h = httplib.HTTPSConnection('www.python.org', 443, context=context)
72              h.request('GET', '/')
73              resp = h.getresponse()
74              content_type = resp.getheader('content-type')
75 @@ -579,7 +592,8 @@ class HTTPSTest(TestCase):
76          # The custom cert isn't known to the default trust bundle
77          import ssl
78          server = self.make_server(CERT_localhost)
79 -        h = httplib.HTTPSConnection('localhost', server.port)
80 +        context = ssl.create_default_context()
81 +        h = httplib.HTTPSConnection('localhost', server.port, context=context)
82          with self.assertRaises(ssl.SSLError) as exc_info:
83              h.request('GET', '/')
84          self.assertEqual(exc_info.exception.reason, 'CERTIFICATE_VERIFY_FAILED')
85 @@ -624,6 +638,9 @@ class HTTPSTest(TestCase):
86          for hp in ("www.python.org:abc", "user:password@www.python.org"):
87              self.assertRaises(httplib.InvalidURL, httplib.HTTPSConnection, hp)
88  
89 +        import ssl
90 +        context = ssl.create_default_context()
91 +
92          for hp, h, p in (("[fe80::207:e9ff:fe9b]:8000",
93                            "fe80::207:e9ff:fe9b", 8000),
94                           ("www.python.org:443", "www.python.org", 443),
95 @@ -632,7 +648,7 @@ class HTTPSTest(TestCase):
96                           ("[fe80::207:e9ff:fe9b]", "fe80::207:e9ff:fe9b", 443),
97                           ("[fe80::207:e9ff:fe9b]:", "fe80::207:e9ff:fe9b",
98                               443)):
99 -            c = httplib.HTTPSConnection(hp)
100 +            c = httplib.HTTPSConnection(hp, context=context)
101              self.assertEqual(h, c.host)
102              self.assertEqual(p, c.port)
103