Hello community, here is the log from the commit of package python for openSUSE:Factory checked in at 2012-05-21 10:02:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python (Old) and /work/SRC/openSUSE:Factory/.python.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:Factory/python/python-base.changes 2012-04-18 12:35:13.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.python.new/python-base.changes 2012-05-21 10:02:19.000000000 +0200 @@ -1,0 +2,6 @@ +Thu May 17 17:49:31 UTC 2012 - [email protected] + +- Support directory-based certificate stores with the ca_certs parameter of SSL + functions [bnc#761501] + +------------------------------------------------------------------- python-doc.changes: same change --- /work/SRC/openSUSE:Factory/python/python.changes 2012-03-05 14:03:05.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.python.new/python.changes 2012-05-21 10:02:19.000000000 +0200 @@ -1,0 +2,11 @@ +Thu May 17 17:49:31 UTC 2012 - [email protected] + +- Support directory-based certificate stores with the ca_certs parameter of SSL + functions [bnc#761501] + +------------------------------------------------------------------- +Tue May 15 14:17:43 UTC 2012 - [email protected] + +- enabled some tests + +------------------------------------------------------------------- New: ---- python-2.7.3-ssl_ca_path.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-base.spec ++++++ --- /var/tmp/diff_new_pack.Elefxt/_old 2012-05-21 10:02:21.000000000 +0200 +++ /var/tmp/diff_new_pack.Elefxt/_new 2012-05-21 10:02:21.000000000 +0200 @@ -48,6 +48,8 @@ Patch15: python-2.7.2-disable-tests-in-test_io.patch Patch16: pypirc-secure.diff Patch17: remove-static-libpython.diff +# PATCH-FIX-OPENSUSE python-2.7.3-ssl_ca_path.patch [bnc#761501] -- Support directory-based certificate stores with the ca_certs parameter of SSL functions +Patch18: python-2.7.3-ssl_ca_path.patch # COMMON-PATCH-END %define python_version %(echo %{tarversion} | head -c 3) BuildRequires: automake @@ -133,6 +135,7 @@ %endif %patch16 -p1 %patch17 +%patch18 # COMMON-PREP-END # drop Autoconf version requirement ++++++ python-doc.spec ++++++ --- /var/tmp/diff_new_pack.Elefxt/_old 2012-05-21 10:02:21.000000000 +0200 +++ /var/tmp/diff_new_pack.Elefxt/_new 2012-05-21 10:02:21.000000000 +0200 @@ -44,6 +44,8 @@ Patch15: python-2.7.2-disable-tests-in-test_io.patch Patch16: pypirc-secure.diff Patch17: remove-static-libpython.diff +# PATCH-FIX-OPENSUSE python-2.7.3-ssl_ca_path.patch [bnc#761501] -- Support directory-based certificate stores with the ca_certs parameter of SSL functions +Patch18: python-2.7.3-ssl_ca_path.patch # COMMON-PATCH-END Provides: pyth_doc Provides: pyth_ps @@ -90,6 +92,7 @@ %endif %patch16 -p1 %patch17 +%patch18 # COMMON-PREP-END %build ++++++ python.spec ++++++ --- /var/tmp/diff_new_pack.Elefxt/_old 2012-05-21 10:02:21.000000000 +0200 +++ /var/tmp/diff_new_pack.Elefxt/_new 2012-05-21 10:02:21.000000000 +0200 @@ -52,6 +52,8 @@ Patch15: python-2.7.2-disable-tests-in-test_io.patch Patch16: pypirc-secure.diff Patch17: remove-static-libpython.diff +# PATCH-FIX-OPENSUSE python-2.7.3-ssl_ca_path.patch [bnc#761501] -- Support directory-based certificate stores with the ca_certs parameter of SSL functions +Patch18: python-2.7.3-ssl_ca_path.patch # COMMON-PATCH-END BuildRequires: automake BuildRequires: db-devel @@ -173,6 +175,7 @@ %endif %patch16 -p1 %patch17 +%patch18 # COMMON-PREP-END # drop Autoconf version requirement @@ -210,7 +213,7 @@ if test $(ulimit -v) = unlimited || test $(ulimit -v) -gt 10000000; then ulimit -v 10000000 || : fi -LIST="test_urllib test_ssl test_hashlib test_hmac test_urllib2_localnet test_unicodedata test_tarfile test_sqlite test_tcl test_anydbm test_dumbdbm test_gdbm test_whichdb test_tk test_ttk_textonly test_bsddb test_readline " +LIST="test_urllib test_ssl test_hashlib test_hmac test_urllib2_localnet test_unicodedata test_tarfile test_sqlite test_tcl test_dbm test_anydbm test_dumbdbm test_gdbm test_whichdb test_tk test_ttk_textonly test_bsddb test_bsddb3 test_readline" make test TESTOPTS="$LIST" TESTPYTHONOPTS="-R" %endif ++++++ python-2.7.3-ssl_ca_path.patch ++++++ Index: Modules/_ssl.c =================================================================== --- Modules/_ssl.c.orig +++ Modules/_ssl.c @@ -271,6 +271,7 @@ newPySSLObject(PySocketSockObject *Sock, char *errstr = NULL; int ret; int verification_mode; + struct stat stat_buf; self = PyObject_New(PySSLObject, &PySSL_Type); /* Create new object */ if (self == NULL) @@ -331,11 +332,23 @@ newPySSLObject(PySocketSockObject *Sock, "verification of other-side certificates."); goto fail; } else { - PySSL_BEGIN_ALLOW_THREADS - ret = SSL_CTX_load_verify_locations(self->ctx, - cacerts_file, - NULL); - PySSL_END_ALLOW_THREADS + /* If cacerts_file is a directory-based cert store, pass it as the + third parameter, CApath, instead + */ + if (stat(cacerts_file, &stat_buf) == 0 && S_ISDIR(stat_buf.st_mode)) { + PySSL_BEGIN_ALLOW_THREADS + ret = SSL_CTX_load_verify_locations(self->ctx, + NULL, + cacerts_file); + PySSL_END_ALLOW_THREADS + } else { + PySSL_BEGIN_ALLOW_THREADS + ret = SSL_CTX_load_verify_locations(self->ctx, + cacerts_file, + NULL); + PySSL_END_ALLOW_THREADS + } + if (ret != 1) { _setSSLError(NULL, 0, __FILE__, __LINE__); goto fail; -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
