From 5fbc3ae3d5629081507b691a3549007cff1cffc6 Mon Sep 17 00:00:00 2001 From: Yamashita Yuu Date: Thu, 23 May 2013 12:07:19 +0900 Subject: [PATCH] add ssl patch for 3.1.3 and 3.2 (#22) --- .../Python-3.1.3/001_openssl_no_ssl2.patch | 75 +++++++++++++++++++ .../3.2/Python-3.2/001_openssl_no_ssl2.patch | 75 +++++++++++++++++++ 2 files changed, 150 insertions(+) create mode 100644 plugins/python-build/share/python-build/patches/3.1.3/Python-3.1.3/001_openssl_no_ssl2.patch create mode 100644 plugins/python-build/share/python-build/patches/3.2/Python-3.2/001_openssl_no_ssl2.patch diff --git a/plugins/python-build/share/python-build/patches/3.1.3/Python-3.1.3/001_openssl_no_ssl2.patch b/plugins/python-build/share/python-build/patches/3.1.3/Python-3.1.3/001_openssl_no_ssl2.patch new file mode 100644 index 00000000..997a6f68 --- /dev/null +++ b/plugins/python-build/share/python-build/patches/3.1.3/Python-3.1.3/001_openssl_no_ssl2.patch @@ -0,0 +1,75 @@ +diff -r -u ./Lib/ssl.py ../Python-3.1.3/Lib/ssl.py +--- ./Lib/ssl.py 2010-09-14 23:47:08.000000000 +0900 ++++ ../Python-3.1.3/Lib/ssl.py 2013-05-23 12:03:38.000000000 +0900 +@@ -60,8 +60,20 @@ + + from _ssl import SSLError + from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED +-from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, ++from _ssl import (PROTOCOL_SSLv3, PROTOCOL_SSLv23, + PROTOCOL_TLSv1) ++_PROTOCOL_NAMES = { ++ PROTOCOL_TLSv1: "TLSv1", ++ PROTOCOL_SSLv23: "SSLv23", ++ PROTOCOL_SSLv3: "SSLv3", ++} ++try: ++ from _ssl import PROTOCOL_SSLv2 ++ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 ++except ImportError: ++ _SSLv2_IF_EXISTS = None ++else: ++ _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" + from _ssl import RAND_status, RAND_egd, RAND_add + from _ssl import ( + SSL_ERROR_ZERO_RETURN, +@@ -427,13 +439,4 @@ + return DER_cert_to_PEM_cert(dercert) + + def get_protocol_name(protocol_code): +- if protocol_code == PROTOCOL_TLSv1: +- return "TLSv1" +- elif protocol_code == PROTOCOL_SSLv23: +- return "SSLv23" +- elif protocol_code == PROTOCOL_SSLv2: +- return "SSLv2" +- elif protocol_code == PROTOCOL_SSLv3: +- return "SSLv3" +- else: +- return "" ++ return _PROTOCOL_NAMES.get(protocol_code, '') +diff -r -u ./Modules/_ssl.c ../Python-3.1.3/Modules/_ssl.c +--- ./Modules/_ssl.c 2010-10-14 07:20:48.000000000 +0900 ++++ ../Python-3.1.3/Modules/_ssl.c 2013-05-23 12:04:31.000000000 +0900 +@@ -63,7 +63,9 @@ + }; + + enum py_ssl_version { ++#ifndef OPENSSL_NO_SSL2 + PY_SSL_VERSION_SSL2, ++#endif + PY_SSL_VERSION_SSL3, + PY_SSL_VERSION_SSL23, + PY_SSL_VERSION_TLS1 +@@ -306,8 +308,10 @@ + self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ + else if (proto_version == PY_SSL_VERSION_SSL3) + self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ ++#ifndef OPENSSL_NO_SSL2 + else if (proto_version == PY_SSL_VERSION_SSL2) + self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ ++#endif + else if (proto_version == PY_SSL_VERSION_SSL23) + self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */ + PySSL_END_ALLOW_THREADS +@@ -1785,8 +1789,10 @@ + PY_SSL_CERT_REQUIRED); + + /* protocol versions */ ++#ifndef OPENSSL_NO_SSL2 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", + PY_SSL_VERSION_SSL2); ++#endif + PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", + PY_SSL_VERSION_SSL3); + PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", diff --git a/plugins/python-build/share/python-build/patches/3.2/Python-3.2/001_openssl_no_ssl2.patch b/plugins/python-build/share/python-build/patches/3.2/Python-3.2/001_openssl_no_ssl2.patch new file mode 100644 index 00000000..a4c55eb3 --- /dev/null +++ b/plugins/python-build/share/python-build/patches/3.2/Python-3.2/001_openssl_no_ssl2.patch @@ -0,0 +1,75 @@ +diff -r -u ./Lib/ssl.py ../Python-3.2/Lib/ssl.py +--- ./Lib/ssl.py 2010-10-23 03:19:07.000000000 +0900 ++++ ../Python-3.2/Lib/ssl.py 2013-05-23 11:56:30.000000000 +0900 +@@ -62,8 +62,20 @@ + from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION + from _ssl import _SSLContext, SSLError + from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED +-from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, ++from _ssl import (PROTOCOL_SSLv3, PROTOCOL_SSLv23, + PROTOCOL_TLSv1) ++_PROTOCOL_NAMES = { ++ PROTOCOL_TLSv1: "TLSv1", ++ PROTOCOL_SSLv23: "SSLv23", ++ PROTOCOL_SSLv3: "SSLv3", ++} ++try: ++ from _ssl import PROTOCOL_SSLv2 ++ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 ++except ImportError: ++ _SSLv2_IF_EXISTS = None ++else: ++ _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" + from _ssl import OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1 + from _ssl import RAND_status, RAND_egd, RAND_add + from _ssl import ( +@@ -537,13 +549,4 @@ + return DER_cert_to_PEM_cert(dercert) + + def get_protocol_name(protocol_code): +- if protocol_code == PROTOCOL_TLSv1: +- return "TLSv1" +- elif protocol_code == PROTOCOL_SSLv23: +- return "SSLv23" +- elif protocol_code == PROTOCOL_SSLv2: +- return "SSLv2" +- elif protocol_code == PROTOCOL_SSLv3: +- return "SSLv3" +- else: +- return "" ++ return _PROTOCOL_NAMES.get(protocol_code, '') +diff -r -u ./Modules/_ssl.c ../Python-3.2/Modules/_ssl.c +--- ./Modules/_ssl.c 2011-01-29 20:31:20.000000000 +0900 ++++ ../Python-3.2/Modules/_ssl.c 2013-05-23 11:57:44.000000000 +0900 +@@ -63,7 +63,9 @@ + }; + + enum py_ssl_version { ++#ifndef OPENSSL_NO_SSL2 + PY_SSL_VERSION_SSL2, ++#endif + PY_SSL_VERSION_SSL3, + PY_SSL_VERSION_SSL23, + PY_SSL_VERSION_TLS1 +@@ -1450,8 +1452,10 @@ + ctx = SSL_CTX_new(TLSv1_method()); + else if (proto_version == PY_SSL_VERSION_SSL3) + ctx = SSL_CTX_new(SSLv3_method()); ++#ifndef OPENSSL_NO_SSL2 + else if (proto_version == PY_SSL_VERSION_SSL2) + ctx = SSL_CTX_new(SSLv2_method()); ++#endif + else if (proto_version == PY_SSL_VERSION_SSL23) + ctx = SSL_CTX_new(SSLv23_method()); + else +@@ -2110,8 +2114,10 @@ + PY_SSL_CERT_REQUIRED); + + /* protocol versions */ ++#ifndef OPENSSL_NO_SSL2 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", + PY_SSL_VERSION_SSL2); ++#endif + PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", + PY_SSL_VERSION_SSL3); + PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",