[Python-modules-team] Bug#779030: python-eventlet: Fall back to old behavior if SSLContext() not available.

[Corey Bryant]

Package: python-eventlet
Version: 0.13.0-1
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu vivid ubuntu-patch

Dear Maintainer,

In Ubuntu, the attached patch was applied to achieve the following:

  * debian/patches/sslwrap.diff: Fall back to old behavior if SSLContext
    not available (LP: #1423675).

Thanks for considering the patch.

-- System Information:
Debian Release: jessie/sid
  APT prefers utopic-updates
  APT policy: (500, 'utopic-updates'), (500, 'utopic-security'), (500, 
'utopic'), (100, 'utopic-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-30-generic (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

=== modified file 'debian/patches/sslwrap.diff'
--- debian/patches/sslwrap.diff	2014-10-08 16:22:45 +0000
+++ debian/patches/sslwrap.diff	2015-02-20 14:48:24 +0000
@@ -1,8 +1,6 @@
-Index: b/eventlet/green/ssl.py
-===================================================================
 --- a/eventlet/green/ssl.py
 +++ b/eventlet/green/ssl.py
-@@ -238,14 +238,14 @@ class GreenSSLSocket(__ssl.SSLSocket):
+@@ -238,17 +238,30 @@
          if self._sslobj:
              raise ValueError("attempt to connect already-connected SSLSocket!")
          self._socket_connect(addr)
@@ -10,18 +8,33 @@
 -            self._sslobj = _ssl.sslwrap(self._sock, False, self.keyfile, self.certfile,
 -                                        self.cert_reqs, self.ssl_version,
 -                                        self.ca_certs, self.ciphers)
--        else:
++        try:
++            ctx = SSLContext(self.ssl_version)
++        except:
++            if has_ciphers:
++                self._sslobj = _ssl.sslwrap(self._sock, False, self.keyfile, self.certfile,
++                                            self.cert_reqs, self.ssl_version,
++                                            self.ca_certs, self.ciphers)
++            else:
++                self._sslobj = _ssl.sslwrap(self._sock, False, self.keyfile, self.certfile,
++                                            self.cert_reqs, self.ssl_version,
++                                            self.ca_certs)
+         else:
 -            self._sslobj = _ssl.sslwrap(self._sock, False, self.keyfile, self.certfile,
 -                                        self.cert_reqs, self.ssl_version,
 -                                        self.ca_certs)
-+        ctx = SSLContext(self.ssl_version)
-+        if self.keyfile or self.certfile:
-+            ctx.load_cert_chain(self.certfile, self.keyfile)
-+        if self.ca_certs:
-+            ctx.load_verify_locations(self.ca_certs)
-+        if has_ciphers and self.ciphers:
-+            ctx.set_ciphers(self.ciphers)
-+        self._sslobj = ctx._wrap_socket(self._sock, server_side=False)
++            if self.keyfile or self.certfile:
++                ctx.load_cert_chain(self.certfile, self.keyfile)
++            if self.ca_certs:
++                ctx.load_verify_locations(self.ca_certs)
++            if has_ciphers and self.ciphers:
++                ctx.set_ciphers(self.ciphers)
++            self._sslobj = ctx._wrap_socket(self._sock, server_side=False)
++
          if self.do_handshake_on_connect:
              self.do_handshake()
  
++
+     def accept(self):
+         """Accepts a new connection from a remote client, and returns
+         a tuple containing that new connection wrapped with a server-side

_______________________________________________
Python-modules-team mailing list
Python-modules-team@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/python-modules-team