Ticket #6337: disable-sslv2-6337.patch

File disable-sslv2-6337.patch, 3.8 KB (added by Hynek Schlawack, 7 years ago)
  • twisted/internet/_sslverify.py

    # Bazaar merge directive format 2 (Bazaar 0.90)
    # revision_id: hs@ox.cx-20130302164358-ok1or8rwl13y4oo7
    # target_branch: file:///Users/hynek/Projects/Twisted/trunk/
    # testament_sha1: 01591c377cc8595c40a782b9af315412b7004b91
    # timestamp: 2013-03-02 17:44:55 +0100
    # base_revision_id: svn-v4:bbbe8e31-12d6-0310-92fd-\
    #   ac37d47ddeeb:trunk:37359
    # 
    # Begin patch
    === modified file 'twisted/internet/_sslverify.py'
     
    742742
    743743    def _makeContext(self):
    744744        ctx = SSL.Context(self.method)
     745        # Disallow insecure SSLv2. Applies only for SSLv23_METHOD.
     746        ctx.set_options(SSL.OP_NO_SSLv2)
    745747
    746748        if self.certificate is not None and self.privateKey is not None:
    747749            ctx.use_certificate(self.certificate)
  • twisted/test/test_sslverify.py

    === modified file 'twisted/test/test_sslverify.py'
     
    539539                lambda result: self.assertEqual(result, WritingProtocol.byte))
    540540
    541541
     542    def test_SSLv2IsDisabledForSSLv23(self):
     543        """
     544        SSLv2 is insecure and should be disabled so when users use
     545        SSLv23_METHOD, they get at least SSLV3.  It does nothing if
     546        SSLv2_METHOD chosen explicitly.
     547        """
     548        opts = sslverify.OpenSSLCertificateOptions()
     549        ctx = opts.getContext()
     550        self.assertEqual(SSL.OP_NO_SSLv2, ctx.set_options(0) & SSL.OP_NO_SSLv2)
     551
     552
    542553
    543554if interfaces.IReactorSSL(reactor, None) is None:
    544555    OpenSSLOptions.skip = "Reactor does not support SSL, cannot run SSL tests"
  • twisted/topfiles/6337.bugfix

    === added file 'twisted/topfiles/6337.bugfix'
     
     1SSLv2 is disabled now if SSLv23_METHOD is chosen for CertificateOptions.