rpms / python-cryptography

Clone
Source Code
GIT

Blame SOURCES/0001-Fixed-4380-do-not-assume-TLSv1-is-available-in-OpenS.patch

c7 c7-alt c7-beta c8 c8-beta c8-beta-stream-3.8 c8-beta-stream-3.9 c8-stream-3.8 c8-stream-3.9 c8s c8s-stream-3.8 c8s-stream-3.9 c9 c9-beta
  1.   c69fadde5b1f69863550168b700d6910d6976094
  2.   SOURCES
  3.   0001-Fixed-4380-do-not-assume-TLSv1-is-available-in-OpenS.patch
Blob History Raw
c69fad 
From 2716cd2fa55cc867656a3e797797f5a1386afd69 Mon Sep 17 00:00:00 2001
c69fad 
From: Alex Gaynor <alex.gaynor@gmail.com>
c69fad 
Date: Sun, 12 Aug 2018 15:48:24 -0400
c69fad 
Subject: [PATCH] Fixed #4380 -- do not assume TLSv1 is available in OpenSSL
c69fad 
 (#4389)
c69fad
c69fad 
* Fixed #4380 -- do not assume TLSv1 is available in OpenSSL
c69fad
c69fad 
Hallelujah! It's starting to become the case that some OpenSSLs are disabling it.
c69fad
c69fad 
* cover this file as well
c69fad 
---
c69fad 
 tests/hazmat/backends/test_openssl.py | 2 +-
c69fad 
 tests/hazmat/bindings/test_openssl.py | 9 ++++++---
c69fad 
 2 files changed, 7 insertions(+), 4 deletions(-)
c69fad
c69fad 
diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
c69fad 
index 31b34cd0..e77f5dc3 100644
c69fad 
--- a/tests/hazmat/backends/test_openssl.py
c69fad 
+++ b/tests/hazmat/backends/test_openssl.py
c69fad 
@@ -115,7 +115,7 @@ class TestOpenSSL(object):
c69fad 
         assert len(errors) == 10
c69fad
c69fad 
     def test_ssl_ciphers_registered(self):
c69fad 
-        meth = backend._lib.TLSv1_method()
c69fad 
+        meth = backend._lib.SSLv23_method()
c69fad 
         ctx = backend._lib.SSL_CTX_new(meth)
c69fad 
         assert ctx != backend._ffi.NULL
c69fad 
         backend._lib.SSL_CTX_free(ctx)
c69fad 
diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py
c69fad 
index 488f64e1..f317f07f 100644
c69fad 
--- a/tests/hazmat/bindings/test_openssl.py
c69fad 
+++ b/tests/hazmat/bindings/test_openssl.py
c69fad 
@@ -37,7 +37,8 @@ class TestOpenSSL(object):
c69fad 
         # Test that we're properly handling 32-bit unsigned on all platforms.
c69fad 
         b = Binding()
c69fad 
         assert b.lib.SSL_OP_ALL > 0
c69fad 
-        ctx = b.lib.SSL_CTX_new(b.lib.TLSv1_method())
c69fad 
+        ctx = b.lib.SSL_CTX_new(b.lib.SSLv23_method())
c69fad 
+        assert ctx != b.ffi.NULL
c69fad 
         ctx = b.ffi.gc(ctx, b.lib.SSL_CTX_free)
c69fad 
         current_options = b.lib.SSL_CTX_get_options(ctx)
c69fad 
         resp = b.lib.SSL_CTX_set_options(ctx, b.lib.SSL_OP_ALL)
c69fad 
@@ -49,7 +50,8 @@ class TestOpenSSL(object):
c69fad 
         # Test that we're properly handling 32-bit unsigned on all platforms.
c69fad 
         b = Binding()
c69fad 
         assert b.lib.SSL_OP_ALL > 0
c69fad 
-        ctx = b.lib.SSL_CTX_new(b.lib.TLSv1_method())
c69fad 
+        ctx = b.lib.SSL_CTX_new(b.lib.SSLv23_method())
c69fad 
+        assert ctx != b.ffi.NULL
c69fad 
         ctx = b.ffi.gc(ctx, b.lib.SSL_CTX_free)
c69fad 
         ssl = b.lib.SSL_new(ctx)
c69fad 
         ssl = b.ffi.gc(ssl, b.lib.SSL_free)
c69fad 
@@ -63,7 +65,8 @@ class TestOpenSSL(object):
c69fad 
         # Test that we're properly handling 32-bit unsigned on all platforms.
c69fad 
         b = Binding()
c69fad 
         assert b.lib.SSL_OP_ALL > 0
c69fad 
-        ctx = b.lib.SSL_CTX_new(b.lib.TLSv1_method())
c69fad 
+        ctx = b.lib.SSL_CTX_new(b.lib.SSLv23_method())
c69fad 
+        assert ctx != b.ffi.NULL
c69fad 
         ctx = b.ffi.gc(ctx, b.lib.SSL_CTX_free)
c69fad 
         ssl = b.lib.SSL_new(ctx)
c69fad 
         ssl = b.ffi.gc(ssl, b.lib.SSL_free)
c69fad 
--
c69fad 
2.17.1
c69fad

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation