Blame SOURCES/CVE-2019-11324.patch
|
 |
761e7f |
From 54e768a6dbe3cadeb456dea37bbeaf6e1e17e87c Mon Sep 17 00:00:00 2001
|
|
|
761e7f |
From: Lumir Balhar <lbalhar@redhat.com>
|
|
|
761e7f |
Date: Thu, 9 Jan 2020 10:47:27 +0100
|
|
|
761e7f |
Subject: [PATCH] CVE-2019-11324 Certification mishandle when error should be
|
|
|
761e7f |
thrown
|
|
|
761e7f |
|
|
|
761e7f |
---
|
|
|
761e7f |
util/ssl_.py | 2 +-
|
|
|
761e7f |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
761e7f |
|
|
|
761e7f |
diff --git a/util/ssl_.py b/util/ssl_.py
|
|
|
761e7f |
index 32fd9ed..f9f12ff 100644
|
|
|
761e7f |
--- a/util/ssl_.py
|
|
|
761e7f |
+++ b/util/ssl_.py
|
|
|
761e7f |
@@ -319,7 +319,7 @@ def ssl_wrap_socket(sock, keyfile=None, certfile=None, cert_reqs=None,
|
|
|
761e7f |
if e.errno == errno.ENOENT:
|
|
|
761e7f |
raise SSLError(e)
|
|
|
761e7f |
raise
|
|
|
761e7f |
- elif getattr(context, 'load_default_certs', None) is not None:
|
|
|
761e7f |
+ elif ssl_context is None and hasattr(context, 'load_default_certs'):
|
|
|
761e7f |
# try to load OS default certs; works well on Windows (require Python3.4+)
|
|
|
761e7f |
context.load_default_certs()
|
|
|
761e7f |
|
|
|
761e7f |
--
|
|
|
761e7f |
2.24.1
|
|
|
761e7f |
|