Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP3:GA
python-base.12554
python-2.7.9-sles-disable-verification-by-defau...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File python-2.7.9-sles-disable-verification-by-default.patch of Package python-base.12554
Index: Python-2.7.13/Lib/ssl.py =================================================================== --- Python-2.7.13.orig/Lib/ssl.py +++ Python-2.7.13/Lib/ssl.py @@ -502,14 +502,26 @@ _create_stdlib_context = _create_unverif # PEP 493: Verify HTTPS by default, but allow envvar to override that _https_verify_envvar = 'PYTHONHTTPSVERIFY' -def _get_https_context_factory(): +def _get_https_context_factory(default_enabled=True): + envvar_values = { '1': create_default_context, '0': _create_unverified_context } + envvar = default_enabled and '1' or '0' if not sys.flags.ignore_environment: - config_setting = os.environ.get(_https_verify_envvar) - if config_setting == '0': - return _create_unverified_context - return create_default_context + envvar = os.environ.get(_https_verify_envvar, envvar) -_create_default_https_context = _get_https_context_factory() + return envvar_values.get(envvar, create_default_context) + +try: + # load the TLS checks policy from separate package + import sle_tls_checks_policy as policy + if policy.get_policy: + _create_default_https_context = policy.get_policy() + else: + # empty policy file means use upstream config + _create_default_https_context = _get_https_context_factory(default_enabled=True) + +except ImportError: + # policy not present, disable verification for backwards compatibility + _create_default_https_context = _get_https_context_factory(default_enabled=False) # PEP 493: "private" API to configure HTTPS defaults without monkeypatching def _https_verify_certificates(enable=True): Index: Python-2.7.13/Lib/test/test_ssl.py =================================================================== --- Python-2.7.13.orig/Lib/test/test_ssl.py +++ Python-2.7.13/Lib/test/test_ssl.py @@ -1210,8 +1210,8 @@ class ContextTests(unittest.TestCase): # Uses a fresh SSL module to avoid affecting the real one local_ssl = support.import_fresh_module("ssl") # Certificate verification is enabled by default - self.assertIs(local_ssl._create_default_https_context, - local_ssl.create_default_context) + self.assertTrue(local_ssl._create_default_https_context is local_ssl.create_default_context + or local_ssl._create_default_https_context is ssl.create_default_context) # Turn default verification off local_ssl._https_verify_certificates(enable=False) self.assertIs(local_ssl._create_default_https_context,
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor